S 4.161 Secure installation of Exchange systems

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

Secure installation of all components is always a basic requirement for smooth and secure system operation. As for every complex client-server system, the installation of Exchange servers and Outlook clients also requires planning and testing. The installation should be performed based on the project planning of Exchange and Outlook and the defined security policy (see S 2.247 Planning the use of Exchange and Outlook). Since Exchange systems very strongly integrate into the Windows environment, specifically into the Active Directory, the corresponding specific security policies must be taken into consideration.

The systems Exchange/Outlook is to be installed on must be secured appropriately. The installation can only be considered complete once the Exchange/Outlook systems have been transferred to a secure state. This ensures that only authorised administrators will be able to access the Exchange system in the subsequent configuration phase.

Furthermore, the aspects described in S 4.356 Secure installation of Groupware systems must be taken into consideration.

Implementing the Microsoft notes for the installation

The Microsoft Exchange installation instructions generally contain numerous references to Microsoft notes. These notes contain important information for installation or troubleshooting problems during installation. In general, the Microsoft notes provided in the documentation themselves refer to further documents, which means that a significant amount of information may accumulate. The notes must be read prior to the installation. In general, it is enough to initially read the notes specified in the installation documentation and then implement another iteration step. In many cases, the references explicitly specify additional information stating whether the information must be read in all cases or only needs to be read under certain conditions. It is urgently recommended to actually read all relevant information since it is easy to install the system incorrectly otherwise.

It is possible for sub-functions of a Microsoft Exchange system to operate incorrectly, especially in cases where the installation has been completed but errors occurred during the installation. This can also affect the security of the system, and you should always try to finish installation without errors. Error messages can only be ignored when this is stated explicitly in the installation instructions or in a Microsoft note.

Printing and attaching the Microsoft notes to the system documentation upon completion is recommended (see S 2.480 Use of the Exchange and Outlook documentations).

Current Microsoft Exchange security guidelines must be taken into consideration.

Security guidelines are available for an increasing number of Microsoft products. Although the quality of the security recommendations differs, it still makes sense to use the guidelines for the Microsoft components to be installed. The security guidelines are updated regularly, which means it is a good idea to take newer guides available for the systems already installed into account as well.

Secure installation of a Microsoft Exchange 2010 infrastructure is described in Microsoft Technet in "Deploying Exchange 2010: Exchange 2010 Help". Installation recommendations for secure application of Microsoft Outlook 2010 can be found in "Deploy Office 2010".

Review questions:

• Were all components required for operating the Exchange system installed?
• Were all relevant Microsoft notes for Microsoft Exchange installation implemented?