CYA: Securing Exchange Server 2003 & Outlook Web Access
Description:A highly portable, easily digestible road-map to configuring, maintaining and troubleshooting essential Exchange Server 2003 features. The book is organized around the 11 `MMCs` (Microsoft Management Consoles) that contain the configuration menus for the essential features. The options within each menu are explained clearly, potential problems are identified up-front, and configurations are subsequently presented in the aptly named `By the Book` section for that MMC. Readers will also appreciate the `Reality Check` sidebars throughout, which present valuable cost/benefit analyses of situations where there is no single `right` answer.
* Walks the reader through step-by-step configurations to assure they have been thorough and responsible in their work
* Clearly identifies those features of Exchange Server 2003 that represent the highest risk factors for attacks, performance degradation and service failures
* CYA comes right out and says what most IT Professionals are already thinking
Its all there
Great book. You made it simple to read complex information.
Say what you want, screen shots do make a difference. I would rather see your step by step instructions in conjunction with written directives, then spend the time reading 10 pages trying to understand what you are trying to say. Meat and potatoes book. I love it.It was my one stop book for Exchange Security
Empowering Tidbits, Somewhat Incomplete
This book is stock full of potent tidbits that are darn hard to find anywhere; I know because I was scavenging the net, MS articles, several books, etc. for eons and I couldn't find any adequate material that can help me secure Exchange 2k3. Thus far, thanks to this book, I was able encrypt IMAP, POP, and OWA (Outlook Web Access) traffic. I am still working on the RPC over HTTP bit, but definitely a lot further along in the process thanks to this book.
Though despite my delight with the book, there are some short-comings that I would like to highlight:
- no coverage of client configuration
- no mention of secure ports used (non-obvious to us newbies)
- no mention how to get rid of pesky Un-trusted cert message in Outlook
- public folders no longer accessible after turning on SSL/TLS (IMAP only issue as POP cannot access folders in general)
- no mention of SPA for IMAP/POP and Exchange 2k3 setup (maybe not possible)
- works like a charm, but should mention that port 443 needs to be opened on the firewall if applicable (though this is a no-brainer)
RPC over HTTP configuration
- instructions not completely applicable to Exchange 2k3 SP1 as this portion is now integrated into Exchange UI, rather than IIS
- mention of configuring RPC ports for GC, DS, Store is for `multiserver Exchange environment` according to authors. However, MS's `Exchange Server 2003 RPC over HTTP Deployment Scenarios` has this as a requirement for single server setup.
- think the Exchange UI interface lies to me, as spammers having field day; couldn't readily discern how to open outbound up for a list of users, and open inbound to list of users. :-)
- What is Authenticated Users group. In practice, this seems to be everyone.
IMF spam filter
- book is outdated as IMF is now free for all to enjoy, not just SA members
I looked at the electronic support site for any updates, and there was nothing. The support site is abysmal, bad URLs, little author participation, no updates, etc.
Overall, great book, despite any faults, this book is so resourceful and accurate and doesn't have fluff that many computer books have these days.
My one wish there could be a another updated version (PDF book :) available to users that bought it. Hey, I can wish can't I!!
Very precise and informative
Well-written book which covers the important security aspects of the Exchange 2003 product. The book covers a wide area of security topics and is a `must have` if you're starting to look into Exchange & OWA security in general.
Now that I have a good insight into Exchange 2003 security (and my bag full of neat `reality checks`), I can move on to one of the more hardcore Exchange books :)
A few lines from the author of the book,,.
When I wrote CYA: Securing Exchange Server 2003 & Outlook Web Access the idea were to provide you with a relatively short, very concise, very pedagogy book that teaches you how to configure Exchange 2003 with security in mind. Though the book isn't intended to be a complete reference book on Exchange 2003 Security, as well as it won't teach you everything you need to know about this topic, it will provide you with the most important information.
Also note that CYA: Securing Exchange Server 2003 & Outlook Web Access isn't for true Exchange gurus, instead the book focuses on Exchange Admin's who are relatively newbie's when it comes to Exchange 2003 security.
If you want to read an excerpt from the book (chapter 5) or want to see some of the other stuff I've written, I recommend you give MSExchange.org a visit (click Author > Henrik Walther).