IT tutorials
 
Applications Server
 

Securing an Exchange Server 2007 Environment : Securing Outlook 2007 (part 2) - Encrypting Communications Between Outlook and Exchange , Blocking Attachments

10/24/2014 3:24:04 AM
- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

Encrypting Communications Between Outlook and Exchange

As a MAPI client, Outlook 2007 uses RPCs to communicate with Exchange Server 2007. RPCs are interprocess communications (IPC) mechanisms that can either use or not use encryption during the transfer of information. By default, Outlook 2007 encrypts data between Outlook and the Exchange server. However, Outlook 2003 does not have this security feature enabled by default.

To enable this feature in Outlook 2003, perform the following steps:

1.
In Outlook 2003, select Tools, E-Mail Accounts.

2.
Select View or Change Existing E-Mail Accounts, and then click Next.

3.
Click Change and, on the next window, click More Settings.

4.
Select the Security tab. Under the Security section, click the Encrypt Data Between Microsoft Office Outlook and Microsoft Exchange Server check box.

5.
Click OK to close the window.

6.
Click Next and then click Finish when you are done.

Authenticating Users

By default, both Outlook 2003 and Outlook 2007 use the credentials of the user who is currently logged on to the local computer to access the Outlook profile and mailbox. Both applications are also configured to first utilize Kerberos for the authentication process and, if this fails, utilize NT LAN Manager (NTLM). Administrators have the option of setting Outlook to only use Kerberos if they want to implement stronger security methods. The Kerberos/NTLM or NTLM Only options exist for backward compatibility with older systems. When using Kerberos, the user’s credentials are encrypted when communicating with Active Directory for authentication.

To view or change the current authentication options in Outlook 2007, perform the following procedure:

1.
In Outlook 2007, select Tools, Account Settings.

2.
On the Account Settings page, select the email account, and click the Change icon.

3.
On the Change E-Mail Account page, click More Settings.

4.
Select the Security tab. Under Logon Network Security, select Kerberos Password Authentication from the drop-down box, and then click OK.

5.
On the Change E-Mail Account page, click Next to complete the process, click Finish, and then click Close.

User Identification

An additional level of security can be applied to users accessing email through the Outlook client. In the event of a user closing Outlook, but not locking their computer or logging off the network, it is possible for an unauthorized user to access the system, start Outlook, and access the user’s email.

It is possible to configure Outlook 2007 to require the user to input their username and password before accessing Outlook.

It should be noted that few organizations implement this security option, as most find that logging on and off the system properly provides adequate protection.

Blocking Attachments

A common and often effective way for viruses and malicious scripts to spread from user to user is through email. When a user receives a message with an attachment, simply opening the attachment can allow the virus to activate and, if proper security measures are not in place, the virus can do damage to the system or spread to other users.

To mitigate this threat, Microsoft has incorporated attachment blocking in Outlook and Outlook Web Access (OWA). By default, Outlook is configured to block attachments that contain file types that can run programs. Known as “executable” files, these blocked file types include those with .exe, .bat, .com, .vbs, and .js on the end of the filename.

It is important to note that this does not automatically protect you from being infected with a virus, as other file formats, including Microsoft Office files such as Word or Excel documents, can potentially contain viruses. However, implementing an antivirus solution on the client PC greatly reduces the possibility of such a file causing harm.

Users who are utilizing Outlook to send an attachment are notified when attaching an executable file that it is likely to be blocked by the recipient. An example of the warning message received is shown in Figure 2.

Figure 2. Outlook unsafe attachment warning.


If the user elects to send the message anyway, it might still be blocked on the receiving end.

Outlook does not provide any way for the end user to unblock these attachments. However, savvy users have found that, in many instances, they can rename the file to a nonexecutable extension (such as .txt) and send the file with instructions on how to rename the file back.

Note

File types can be categorized as Level 1 (the user cannot view the file) or Level 2 (the user can open the file only after saving it to disk). By default, Outlook classifies most executable file types as Level 1 and blocks the receipt of the file by users. There are no Level 2 file types by default. However, administrators can use Group Policy to manage how a file type is categorized. For example, if members of your organization regularly receive Visual Basic scripts (.vbs), you can change the categorization from Level 1 to Level 2 for that extension. Extreme caution should be used before changing this setting, as executable attachments are one of the most commonly used methods of distributing viruses.

 
Others
 
- Securing an Exchange Server 2007 Environment : Securing Outlook 2007 (part 1) - Outlook Anywhere
- Securing an Exchange Server 2007 Environment : Securing Your Windows Environment (part 3) - Keeping Up with Security Patches and Updates
- Securing an Exchange Server 2007 Environment : Securing Your Windows Environment (part 2) - Utilizing Security Templates
- Securing an Exchange Server 2007 Environment : Securing Your Windows Environment (part 1) - Windows Server 2003 Security Improvements , Windows Vista Security Improvements
- Securing an Exchange Server 2007 Environment : Client-Level Secured Messaging - Exchange Server 2007 Client-Level Security Enhancements
- Microsoft Exchange Server 2010 Requirements : Additional Requirements
- Microsoft Exchange Server 2010 Requirements : Software Requirements (part 2) - Windows Server Roles and Features
- Microsoft Exchange Server 2010 Requirements : Software Requirements (part 1) - Additional Software
- Microsoft Exchange Server 2010 Requirements : Getting the Right Server Hardware (part 3) - Disk Requirements
- Microsoft Exchange Server 2010 Requirements : Getting the Right Server Hardware (part 2) - Memory Recommendations, Network Requirements
 
25 Inspiring Game of Thrones Quotes
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS