Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Microsoft Exchange Server 2003 Security : Disabling Services and Protocol Logging

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
6/10/2011 5:22:17 PM

Services Used by Exchange Server 2003

Exchange Server 2003 comprises a number of processes, components, and services that communicate with each other on local and remote computers. Exchange servers must communicate with other Exchange servers, domain controllers, and several different types of client. Depending on the role an Exchange server plays and the clients it supports, some of these services are not necessary and may be disabled. Disabling a service increases security because the port that the service uses is no longer available for port-based attacks.

Security Alert

Disabling unused services increases security. If, however, any port is not used, you should preferably block it at the firewall as well as stop any service that uses it. Your firewall is your main method of protection. Where a server is in a DMZ, it may not always be possible to block a port, and in this case, it is particularly important to disable unused services.


When evaluating whether to disable a particular service, you need to consider what other services, processes, and components depend on it. Sometimes a service may not be essential to the core operation of an Exchange server, but disabling the service may reduce the functionality by disabling some useful peripheral services.

Role-Independent Services

The Exchange Server 2003 services that you require mainly depend on the role that your Exchange server provides in your environment. However, some Exchange services are required for Setup to run, for administration to be performed, and for routing and indexing to function, as well as interoperability with previous versions of the product.

Setup Reinstall and Upgrade

For Exchange Server 2003 Setup to run, you must install and enable, but not necessarily start, the following services:

  • NNTP

  • SMTP

  • World Wide Web Publishing Service

  • IIS Admin Service

Note

Exchange Server 2003 installs (but does not enable) its own IMAP4 and POP3 services during setup. It will not install on a Windows 2003 server unless the Windows POP3 service (if present) is uninstalled.


Exchange Server 2003 Setup disables a number of services by default. However, if these services are subsequently enabled, their current state is preserved during reinstalls or upgrades. These services are as follows:

  • NNTP

  • Microsoft Exchange IMAP4

  • Microsoft Exchange POP3

Administration

The following services are required to administer Exchange Server 2003:

  • Microsoft Exchange System Attendant

  • Microsoft Exchange Management

  • Windows Management Instrumentation

Routing

The following services are required to enable Exchange Server 2003 to route messages:

  • Microsoft Exchange Routing Engine

  • IIS Admin Service

  • SMTP

Compatibility

The following services are required to provide compatibility with earlier versions of Exchange:

  • Microsoft Exchange Event Service

  • Microsoft Exchange Site Replication Service

  • Exchange MTA Stacks (Exchange Server 5.5 compatibility only)

Additional Features

The following services provide additional features for Exchange Server 2003:

  • Microsoft Search

  • World Wide Web Publishing Service

Services on an Exchange Front-End Server

An Exchange front-end server accepts requests from clients and then forwards those requests to the appropriate back-end server for processing. Therefore, you can disable many of the Exchange services that are installed by default.

Tip

Do not try to memorize which services can or cannot be disabled on a back-end or a front-end Exchange server. Instead, read and understand the reasons why a service is or is not essential. Questions on this topic can often be answered by applying reasoning and common sense.


The following are required services on a front-end server:

  • Microsoft Exchange Routing Engine You require this service to enable Exchange routing functionality.

  • IPSEC Services This service provides end-to-end security between clients and servers on Transmission Control Protocol/Internet Protocol (TCP/IP) networks. You require this service if you want to configure an Internet Protocol security (IPSec) filter on OWA servers.

  • IIS Admin Service This service is dependent on the MSExchange routing engine. You require this service to allow Exchange routing functionality.

  • World Wide Web Publishing Service You require this service if you want client computers to communicate with OWA or Outlook Mobile Access front-end servers.

The following services can be disabled on a front-end server:

  • Microsoft Exchange IMAP4 You require this service only if the server is configured for IMAP4 clients.

  • Microsoft Exchange Information Store You require this service only if there are user mailboxes or public folders. It can therefore be disabled because front-end servers do not contain user data.

  • Microsoft Exchange POP3 You require this service only if the server is configured for POP3 clients.

  • NNTP You require this service only for installation and if newsgroup funtionality is specified.

The following services could optionally be disabled on a front-end server:

  • Microsoft Exchange System Attendant System Attendant can be disabled because it is required on a front-end server only if you plan to make configuration changes to Exchange Server. However, the justification for disabling this service is, at best, debatable. If you do decide to disable it, make sure that it is definitely not needed.

  • Microsoft Exchange Management This service allows you to specify, through the user interface (UI), which domain controller or global catalog server Exchange Server 2003 will use when accessing the directory. The service is also required for message tracking. You can disable this service without affecting the core funtionality of Exchange. However, you may need Message Tracking to audit Exchange functionality.

  • SMTP You need to enable the SMTP service only if you have configured your front-end server to receive SMTP mail, either as a gateway or as a front-end server for IMAP4 or POP3. If the server is an SMTP gateway, the Information Store and System Attendant services are also required. As with System Attendant, the advantages of disabling this service are debatable. In practice, it is unusual for the SMTP service to be disabled on any Exchange Server 2003 server.

  • Outlook Mobile Access This service provides mobile access to users. If you are not using Outlook Mobile Access, you can disable it globally. This makes the application inaccessible, and no requests can be made to the back-end server.

Note

ForestPrep disables Outlook Mobile Access by default.


If your front-end server is used to establish POP3, IMAP4, or SMTP connections, do not enable the World Wide Web Publishing Service, and enable the Microsoft Exchange POP3 or IMAP4 service, as appropriate. If you enable POP3, IMAP4, or SMTP, then you also need to enable the Exchange Information Store service (MSExchangeIS) and the Microsoft Exchange System Attendant service (MSExchangeSA).

Services on an Exchange Back-End Server

The function of an Exchange back-end server is to store user mailboxes. In a front-end and back-end configuration, you can disable several of the Exchange services that are installed by default.

The following are required services on a back-end server:

  • Microsoft Exchange Information Back-end servers contain user mailboxes and public folders. You require this service to enable the information store services.

  • Microsoft Exchange Management You require this service if you want to provide message tracking and to audit message flow.

  • Windows Management Instrumentation (WMI) You need to ensure this service is enabled. It is dependent on Microsoft Exchange Management.

  • Microsoft Exchange MTA Stacks You require this service if you need compatibility with previous versions of Exchange or if there are X.400 connectors.

  • Microsoft Exchange System Attendant You require this service if you want to perform Exchange administration and for Exchange maintenance to run

  • Microsoft Exchange Routing Engine You require this service if you want to coordinate message transfer between Exchange servers.

  • 1PSEC Services You require this service if you want to implement an IPSec policy on the back-end server.

  • IIS Admin Service The MSExchange routing engine requires this service.

  • NTLM Security Support Provider You need to ensure that this service is enabled. It is dependent on System Attendant.

  • Microsoft Exchange SMTP Exchange requires this service to transfer messages.

  • World Wide Web Publishing Service You require this service if you want to provide communication with OWA and Outlook Mobile Access front-end servers.

The following services can be disabled on a back-end server:

  • Microsoft Exchange IMAP4 You can disable this service unless you have configured a corresponding front-end server for IMAP4 access.

  • Microsoft Exchange POP3 You can disable this service unless you have configured a corresponding front-end server for POP3 access.

  • Microsoft Search You can disable this service unless you need to implement full-text indexing of mailbox or public folder stores.

  • Microsoft Exchange Event Service You can disable this service unless you require compatibility with previous versions of Exchange.

  • Microsoft Exchange Site Replication You can disable this service unless you require compatibility with previous versions of Exchange.

  • NNTP You can disable this service unless you require newsgroup functionality. The service is required for installation but does not need to be enabled.

Protocol Logging

Protocol logs track the commands that an Internet protocol virtual server receives from clients over a network, and you can also use them to track outgoing commands. By setting the configuration properties of the virtual server associated with each messaging transport protocol, you can audit client operations and protocol traffic. You can then take steps to protect your mail system if suspicious traffic is detected.

The Internet protocols (SMTP, HTTP, and NNTP) enable you to use logging to track the commands the virtual server receives from clients. For example, for each message, you can view the client IP address, client domain name, date and time of the message, and number of bytes sent.

When protocol logging is used with Windows 2000 event logs, the protocol log enables you to audit the use of the virtual server and identify problems.

Logging Formats

You can specify the logging format that Exchange uses for recording information. You can either use an ASCII-based format or you can create an Open Database Connectivity (ODBC) database. The ASCII logs can be read in a text editor but are generally loaded into a report-generating software tool. ODBC logging format is a record of a fixed set of data fields that can be read by ODBC-compliant database software, such as Microsoft Access or SQL Server.

Protocol logs are, by default, saved in the C:\WINNT\System32\LogFiles directory tree. For example, log files for the Default SMTP virtual server are stored in C:\WINNT\System32\LogFiles\SmtpSvc1.

The ASCII format options are as follows:

  • W3C Extended log file format

  • Microsoft IIS log file format

  • NCSA log file format

W3C Extended and NCSA formats will record data in a four-digit year format, while the Microsoft IIS format uses a two-digit year format and is provided for backward compatibility with earlier systems.

If you want to enable logging in an ODBC format, then you must specify the database you want to be logged to and set up the database to receive the logging data. You do not need to be a database programmer to administer Exchange, however. Fortunately, setting up an ODBC database is a relatively straightforward operation.

You create an ODBC-compliant database by using a database program such as Access or SQL Server. You need to create a table in the database that contains the fields listed in Table 1. In Access, varchar(255) is equivalent to a Text data type with a Field Size setting of 255.

Table 1. ODBC-Compliant Database Fields
Field nameData type
ClientHostvarchar(255)
Usernamevarchar(255)
LogTimedatetime
Servicevarchar(255)
Machinevarchar(255)
ServerIPvarchar(50)
ProcessingTimeinteger
BytesRecvdinteger
BytesSentinteger
ServiceStatusinteger
Win32Statusinteger
Operationvarchar(255)
Targetvarchar(255)
Parametersvarchar(255)

Practice: Enabling and Configuring Protocol Logging

The method you use to enable and configure protocol logging varies depending upon the virtual server you are configuring. HTTP servers, including the Exchange virtual server (that is, the Default HTTP virtual server), are configured using IIS Manager. SMTP and NNTP virtual servers are configured using Exchange System Manager.

Exercise 1: Enable Logging for SMTP and NNTP Virtual Servers

This procedure is performed on the Default SMTP virtual server on Server01. The same procedure can be used for any SMTP or NNTP virtual server.

To enable and configure protocol logging on the selected server, perform the following steps:

1.
Open Exchange System Manager.

2.
Navigate to Administrative Groups\First Administrative Group\Servers\Server01\ Protocols\SMTP, right-click Default SMTP Virtual Server, and then click Properties.

3.
On the General tab, select the Enable Logging check box.

4.
In the Active Log Format drop-down list, select the log file format, and then click Properties. The default log file format for SMTP is W3C Extended Log File Format (for NNTP, it is Microsoft IIS Log File Format).

5.
On the General tab of the Logging Properties dialog box, shown in Figure 1, under New Log Schedule, select one of the following options:

  • Hourly

  • Daily (this is the default)

  • Weekly

  • Monthly

  • Unlimited File Size (this appends data to the same log file)

  • When File Size Reaches (this creates a new log file when the size reaches the amount you specify in MB)

Figure 1. Scheduling logging and specifying the file location


6.
Under Log File Directory, specify the log file location.

7.
If you have selected the W3C Extended logging format, then you can select the Advanced tab and select the items you want to track. Although the names of these settings are based on WC3 conventions, they apply to specific SMTP values. For a full description of these extended properties, click Help in the Logging Properties dialog box.

8.
Click OK.

9.
Click OK again to close the Default SMTP virtual server Properties box.

Exercise 2: Enable and Configure Logging for the Exchange Virtual Server

The Exchange virtual server, or Default HTTP virtual server, implements the default Web site provided by IIS. You cannot manage this virtual server using Exchange System Manager. It must be administered from the IIS Manager console. In this console, the Exchange virtual server appears as Default Web Site. A similar procedure can be used to configure additional HTTP virtual servers.

To enable and configure protocol logging for the Exchange virtual server, perform the following steps:

1.
Start IIS Manager on Server01.

2.
Expand Server01\Web Sites, right-click Default Web Site, and then click Properties.

3.
On the Web Site tab, select the Enable Logging check box.

4.
In the Active Log Format drop-down list, select the log file format, and then click Properties. The default log format is W3C Extended Log File Format.

5.
In the Logging Properties dialog box, on the General tab, select the time interval to write to the log file, the log file size, the directory where the log file exists, and other parameters, depending on the type of format you selected.

6.
If you selected W3C Extended Log File Format in the Logging Properties dialog box, then you can access the Advanced tab and specify Extended Logging Options. For example, you can log the client’s IP address (c-ip) and the protocol command or method sent by the client (cs-method).

7.
Click OK. Click OK again to close the Default Web Site Properties box.

8.
Verify that you can also right-click HTTP_server1 on the IIS console and configure logging for that virtual server using the same procedure.
Other -----------------
- Microsoft Exchange Server 2003 Security : Configuring Administrative Permissions
- Microsoft Dynamics CRM 2011 : Sorting Records in a View
- Microsoft Dynamics CRM 2011 : Using Views to Work with Data Records
- Understanding the Microsoft Dynamics CRM User Interface
- Microsoft Exchange Server 2003 Security : Implementing Digital Signature and Encryption Capabilities
- Microsoft Exchange Server 2003 Security : Securing Mailboxes
- Sharepoint 2010 : How to Back Up a SQL Server 2008 Database (part 2)
- Sharepoint 2010 : How to Back Up a SQL Server 2008 Database (part 1)
- Windows Server 2008 : Administering Security in an Enterprise-Level Infrastructure - OCSP Components
- Introduction to Microsoft Dynamics CRM (part 3) - Logging On to Microsoft Dynamics CRM via Mobile Express
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server