Logo
programming4us
programming4us
programming4us
programming4us
 Home
programming4us
 XP
programming4us
 Windows Vista
programming4us
 Windows 7
programming4us
 Windows Azure
programming4us
 Windows Server
programming4us
 Windows Phone
 
Windows Server

Securing Exchange Server 2010 with ISA Server : Outlining the Inherent Threat in Exchange Server HTTP Traffic

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
3/28/2011 9:13:26 AM
The Internet provides somewhat of a catch-22 when it comes to its goal and purpose. On one hand, the Internet is designed to allow anywhere, anytime access to information, linking systems around the world together and providing for that information to be freely exchanged. On the other hand, this type of transparency comes with a great deal of risk because it effectively means that any one system can be exposed to every connected computer, either friendly or malicious, in the world.

Often, this inherent risk of compromising systems or information through their exposure to the Internet has led to locking down access to that information with firewalls. Of course, this limits the capabilities and usefulness of a free-information exchange system such as what web traffic provides. Many of the web servers need to be made available to anonymous access by the general public, which causes the dilemma, as organizations need to place that information online without putting the servers it is placed on at undue risk.

Fortunately, ISA Server 2006 provides for robust and capable tools to secure web traffic, making it available for remote access but also securing it against attack and exploit. To understand how it does this, it is first necessary to examine how web traffic can be exploited.

Understanding Web (HTTP) Exploits

It is an understatement to say that the computing world was not adequately prepared for the release of the Code Red worm. The Microsoft Internet Information Services (IIS) exploit that Code Red took advantage of was already known, and a patch was made available from Microsoft for several weeks before the release of the worm. In those days, however, less emphasis was placed on patching and updating systems on a regular basis because it was generally believed that it was best to wait for the bugs to get worked out of the patches first.

So, what happened is that a large number of websites were completely unprepared for the huge onslaught of exploits that occurred with the Code Red worm, which sent specially formatted HTTP requests to a web server to attempt to take control of a system. For example, the following URL lists the type of exploits that were performed:

http://webmail.companyabc.com/scripts/..%5c../winnt/system32/cmd.exe?/c+dir+c:\

This one in particular attempts to launch the command prompt on a web or OWA server. Through the proper manipulation, worms such as Code Red found the method for taking over web servers and using them as drones to attack other web servers.

These types of HTTP attacks were a wake-up call to the broader security community as it became apparent that packet-layer filtering firewalls that could simply open or close a port were worthless against the threat of an exploit that packages its traffic over a legitimately allowed port such as HTTP.

HTTP filtering and securing, fortunately, is something that ISA Server does extremely well, and offers a large number of customization options that allow administrators to have control over the traffic and security of the web server.

Securing Encrypted (Secure Sockets Layer) Web Traffic

As the World Wide Web was maturing, organizations realized that if they encrypted the HTTP packets that were transmitted between a website and a client, it would make it virtually unreadable to anyone who would potentially intercept those packets. This led to the adoption of Secure Sockets Layer (SSL) encryption for HTTP traffic.

Of course, encrypted packets also create somewhat of a dilemma from an intrusion detection and analysis perspective because it is impossible to read the content of the packet to determine what it is trying to do. Indeed, many HTTP exploits in the wild today can be transmitted over secure SSL-encrypted channels. This poses a dangerous situation for organizations that must secure the traffic against interception, but must also proactively monitor and secure their web servers against attack.

ISA Server 2006 is uniquely positioned to solve this problem, fortunately, because it includes the ability to perform end-to-end SSL bridging. By installing the SSL certificate from the OWA server on the ISA server itself, along with a copy of the private key, ISA is able to decrypt the traffic, scan it for exploits, and then reencrypt it before sending it to the Exchange server. Very few products on the marketplace do this type of end-to-end encryption of the packets, and, fortunately, ISA allows for this level of security.

Outlining ISA Server 2006 Messaging Security Mechanisms

As a backdrop to these developments, ISA Server 2006 was designed with messaging security in mind. A great degree of functionality was developed to address email access and communications, with particularly tight integration with Microsoft Exchange Server built in. To illustrate, ISA Server 2006 supports securing the following messaging protocols and access methods:

  • Simple Mail Transfer Protocol (SMTP)

  • Messaging Application Programming Interface (MAPI)

  • Post Office Protocol version 3 (POP3)

  • Internet Message Access Protocol version 4 (IMAP4)

  • Microsoft Exchange Outlook Web App (OWA) with or without forms-based authentication (FBA)

  • Exchange ActiveSync (EAS)

  • Exchange Autodiscover service

  • Exchange Server 2010 EWS

  • Outlook Anywhere (formerly RPC over HTTP)
Other -----------------
- Securing Exchange Server 2010 with ISA Server : Outlining the Need for ISA Server 2006 in Exchange Server Environments
- Governing the SharePoint 2010 Ecosystem : Governing Site Collections and Sites
- Governing the SharePoint 2010 Ecosystem : Governing the Farm
- Windows Server 2008 R2 : Installation of the Microsoft Hyper-V Role
- Windows Server 2008 R2 : Planning Your Implementation of Hyper-V
- Integration of Hypervisor Technology in Windows Server 2008
- Windows Server 2008 R2 : Understanding Microsoft’s Virtualization Strategy
- SharePoint 2010 PerformancePoint Services : Understanding and Working with KPIs (part 3) - Examining Data Mapping
- SharePoint 2010 PerformancePoint Services : Understanding and Working with KPIs (part 2) - Understanding Multiple Targets and Actuals
- SharePoint 2010 PerformancePoint Services : Understanding and Working with KPIs (part 1) - Creating an Analysis Services KPI
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
 Windows Vista
programming4us
 Windows 7
programming4us
 Windows Azure
programming4us
 Windows Server