Lesson 12 Flashcards
(32 cards)
Protection technology
Anti-malware, security permissions, local firewall
Security requirements
AD DS
Internal client
External Client
Protection technology
Anti-malware, anti-spam, security permissions, local firewall
Security requirements
Exchange Server 2013
Protection technology
Firewall, reverse proxy, SMTP Gateway, anti-malware, anti-spam
Security requirements
Perimeter network
To provide secure client access from the Internet:
Protect Implement Implement Create Enable Require Require Enforce Consider
Protect Client Access server with a firewall
Implement an application layer firewall or reverse proxy
Implement a VPN solution
Create and configure a server certificate
Enable only required client access methods
Require secure authentication
Require SSL for all virtual directories
Enforce remote client security
Consider installing antivirus software
Restrictions to message flow can include:
___________ For example, you can configure some distribution groups in your organizations to receive email only from authenticated users
.
Message delivery restrictions
Restrictions to message flow can include:
____________For example, you can set restrictions on which users can send email to each other and on message flow based on message
contents.
Transport rules
Restrictions to message flow can include:
____________. You can assign moderators permissions to review all messages that are sent to the recipient object by either changing the distribution group properties or creating a transport rule.
Message moderation
Restrictions to message flow can include:
____________. Used to detect content that is not compliant with organizational security and compliance policies.
Data Loss Prevention (DLP)
Anti-virus solutions for Exchange Server2013 include:
Use the built-in anti-malware features. Configured by default
on the ___________ role.
Use a hosted, ______ solution or ________ solution.
Use a third-party corporate _________ solution.
Deploy an anti-virus solution in the ___________. Many
organizations deploy a___________ solution that also has anti-virus and anti-spam software installed. This could also include an ________ role.
Mailbox server
cloud-based, hybrid
anti-virus
perimeter network, SMTP gateway, Edge server
Anti-malware on mailbox servers
Recall that _____ servers in Exchange 2013 act as a stateless proxy for all inbound and outbound external SMTP traffic, a ____ does not inspect message content and does not queue any messages locally.
On the other hand, the _______ service, which runs on all
_______ servers, is almost identical to the ________ server role in previous versions of Exchange. It handles SMTP mail flow for the organization, performs message categorization, content inspection and does queue messages locally.
For these reasons,anti-malware (and anti-spam) agents in Exchange 2013 run on ____ servers.
CAS, CAS
Hub Transport, Mailbox, Hub Transport
Mailbox
Exchange anti-malware protection features in a Mailbox role include:
Options for ___, ___, or, ____
Download ___ and ___ updates
Scanning is performed during ____ or ____ , but not for messages that are already _________.
Enable, disable, or bypass
engine and definition
send or receive. held in storage.
Actions when malware is detected:
Delete ____________
Delete all __________ and use ______ alert text
Delete all ________ and use _________ alert text
Notify the _______ and the ___________
entire message
attachments, default
attachments. custom
administrator, sender
When you implement an antivirus solution, you should:
Implement multiple layers of antivirus such as:
Exchange on ____________
Exchange Online _____________
Antivirus installed on ________ or ______
Antivirus installed on the ______________
premise anti-malware protection
Protection
firewall or SMTP gateway server
client computers
When you implement an antivirus solution, you should:
Maintain regular ___________
Regularly monitor ________________
Regularly read about ____________
antivirus updates
anti-malware reports
latest Internet security threats
SPAM-FILTERING FEATURES IN EXCHANGE EDGE ROLE 12
Feature: Connection Filtering
Filters messages based on: ______
Feature: Sender Filtering
Filters messages based on: ______
The IP address of the sending SMTP server
The Sender in the MAIL FROM: SMTP header
SPAM-FILTERING FEATURES IN EXCHANGE EDGE ROLE 12
Feature: Recipient Filtering
Filters messages based on: ______
Feature: Sender ID
Filters messages based on: ______
The Recipients in the RCPT TO: SMTP header
The IP address of the sending server from which the message was received
SPAM-FILTERING FEATURES IN EXCHANGE EDGE ROLE 12
Feature: Content Filtering
Filters messages based on: ______
Feature: Sender Reputation
Filters messages based on: ______
Feature: Attachment Filtering
Filters messages based on: ______
The message contents
Several characteristics of the sender, accumulated over a period of time
Attachment file name, file name extension, or file MIME content type
CONNECTION FILTERING-1
When the SMTP session is initiated, the Edge Transport server
applies connection filtering using the following criteria:
Connection filtering examines the ___ ___ list.
If an IP address is on the _____, the server does not ______________ and _____ the message.
administrator-defined IP Allow
IP Allow list, apply any other filtering, accepts
CONNECTION FILTERING-2
Next, connection filtering examines the local _____________
If the connection filtering agent finds the IP address of an offending server on the local ______, the server ______, and other filters are _____.
Connection filtering then examines the ________ of any _______ Providers (eg,spamhaus) that you have configured. If the agent finds the sending server’s IP address on an ___, the server ______, and other filters are _____.
IP Block list
IP Block list, rejects the message automatically, not applied
real-time block list (RBL), IP Block List, RBL, rejects the message, not applied.
HOW EXCHANGE APPLIES SPAM FILTERS
Next, the Edge Transport server compares the sender’s email address with the list of senders configured in ___________. If the SMTP address is a blocked recipient or domain, the server rejects the connection, and no other filters are applied
sender filtering
HOW EXCHANGE APPLIES SPAM FILTERS
The Edge Transport server then examines the recipient against the Recipient Block list configured in ___________. If the intended recipient matches a filtered email address, the Edge Transport server rejects the message for that particular recipient.
recipient filtering
The _______ is an industry standard that verifies the Internet domain from which each email message originates, based on the sender’s server IP address.
The ______ provides protection against email domain spoofing and phishing schemes.
By using the _______, email senders can register all email servers that send email from their SMTP domain, and then recipients can filter email from that domain that does not come from the specified servers.
Sender ID Framework
To enable Sender ID filtering, each email sender must create a _____________
record and add it to their domain’s DNS records.
The ___ record is a single text (TXT) record in the DNS database that identifies each domain’s
email servers. SPF records can use several formats, including the following examples:
cisa.com. IN TXT “v=spf1 mx -all”
This record specifies that any server that has an MX record for the cisa.com domain can send e-mail for the domain
.
Sender Policy Framework (SPF)
SPF
This record indicates that a server with the IP address 142.232.199.50 can send mail for the cisa.com domain.
cisa.com IN TXT “v=spf1 ip4:142.232.199.50 -all”
