List price: $39.95
Buy now for $26.37
Used & New from $22.90
Book Description
Coverage includes: Exchange 2000 Administrative Rights, Mailbox Rights, Denial of Service and Exchange, Types of File Vulnerabilities, Vulnerability of Transmitted Data, Message Authenticity, Event Service and Event Sinks, Message Relay via SMTP, Preventing Exchange Security Problems, The W2K/IIS Platform Must Be Solid, Dedicate Servers to Specific Functions, Disable Unnecessary Services, Tightening Mailbox Security, Enabling SSL for Internet or Remote Clients, Locking Down an IIS/OWA Server, Imposing Limits, Protecting Critical Files, Network Analysis Risk Reduction, Denying Client Access, Stopping Viruses, Exchange 2000 and Firewalls, SMTP Security, Auditing for Possible Security Breaches, Windows 2000 Event Auditing, Exchange 2000 Event Auditing, Logging Internet Client Access, Securing MAPI Clients, Enabling Message Encryption (S/MIME).
Download Description
CYA comes out and says what most IT Professionals are already thinking, and on that point alone it will quickly capture the attention of its target audience. These are books with a clear message that will be heard above the noise level of the typical computer book shelf. And while the message may be a bit edgy, the content is Syngress-tested and rock solid.
Its all there
2005-02-18
Great book. You made it simple to read complex information.
Say what you want, screen shots do make a difference. I would rather see your step by step instructions in conjunction with written directives, then spend the time reading 10 pages trying to understand what you are trying to say. Meat and potatoes book. I love it.It was my one stop book for Exchange Security
Thanks Guys.
Empowering Tidbits, Somewhat Incomplete
2004-12-01
This book is stock full of potent tidbits that are darn hard to find anywhere; I know because I was scavenging the net, MS articles, several books, etc. for eons and I couldn't find any adequate material that can help me secure Exchange 2k3. Thus far, thanks to this book, I was able encrypt IMAP, POP, and OWA (Outlook Web Access) traffic. I am still working on the RPC over HTTP bit, but definitely a lot further along in the process thanks to this book.
Though despite my delight with the book, there are some short-comings that I would like to highlight:
IMAP/POP configuration
----------------------
- no coverage of client configuration
- no mention of secure ports used (non-obvious to us newbies)
- no mention how to get rid of pesky Un-trusted cert message in Outlook
- public folders no longer accessible after turning on SSL/TLS (IMAP only issue as POP cannot access folders in general)
- no mention of SPA for IMAP/POP and Exchange 2k3 setup (maybe not possible)
OWA configuration
-----------------
- works like a charm, but should mention that port 443 needs to be opened on the firewall if applicable (though this is a no-brainer)
RPC over HTTP configuration
---------------------------
- instructions not completely applicable to Exchange 2k3 SP1 as this portion is now integrated into Exchange UI, rather than IIS
- mention of configuring RPC ports for GC, DS, Store is for "multiserver Exchange environment" according to authors. However, MS's "Exchange Server 2003 RPC over HTTP Deployment Scenarios" has this as a requirement for single server setup.
Relay security
--------------
- think the Exchange UI interface lies to me, as spammers having field day; couldn't readily discern how to open outbound up for a list of users, and open inbound to list of users. :-)
- What is Authenticated Users group. In practice, this seems to be everyone.
IMF spam filter
---------------
- book is outdated as IMF is now free for all to enjoy, not just SA members
I looked at the electronic support site for any updates, and there was nothing. The support site is abysmal, bad URLs, little author participation, no updates, etc.
Overall, great book, despite any faults, this book is so resourceful and accurate and doesn't have fluff that many computer books have these days.
My one wish there could be a another updated version (PDF book :) available to users that bought it. Hey, I can wish can't I!!
Very precise and informative
2004-08-25
Well-written book which covers the important security aspects of the Exchange 2003 product. The book covers a wide area of security topics and is a "must have" if you're starting to look into Exchange & OWA security in general.
Now that I have a good insight into Exchange 2003 security (and my bag full of neat "reality checks"), I can move on to one of the more hardcore Exchange books :)
A few lines from the author of the book...
2004-07-11
When I wrote CYA: Securing Exchange Server 2003 & Outlook Web Access the idea were to provide you with a relatively short, very concise, very pedagogy book that teaches you how to configure Exchange 2003 with security in mind. Though the book isn't intended to be a complete reference book on Exchange 2003 Security, as well as it won't teach you everything you need to know about this topic, it will provide you with the most important information.
Also note that CYA: Securing Exchange Server 2003 & Outlook Web Access isn't for true Exchange gurus, instead the book focuses on Exchange Admin's who are relatively newbie's when it comes to Exchange 2003 security.
If you want to read an excerpt from the book (chapter 5) or want to see some of the other stuff I've written, I recommend you give MSExchange.org a visit (click Author > Henrik Walther).
