Home > Articles

  • Print
  • + Share This
This chapter is from the book

Securing and Maintaining an Exchange Server 2013 Implementation

One of the greatest advantages of Exchange Server 2013 is its emphasis on security. Along with Windows Server, Exchange Server 2013 was developed during and after the Microsoft Trustworthy Computing initiative, which effectively put a greater emphasis on security over new features in the products. In Exchange Server 2013, this means that the OS and the application were designed with services “Secure by Default.”

With Secure by Default, all nonessential functionality in Exchange Server must be turned on if needed. This is a complete change from earlier Microsoft practice, which had all services, add-ons, and options turned on and running at all times, presenting much larger security vulnerabilities than was necessary. Designing security effectively becomes much easier in Exchange Server 2013 because it now becomes necessary only to identify components to turn on, as opposed to identifying everything that needs to be turned off.

Patching the Operating System Using Windows Software Update Services

Although Windows Server presents a much smaller target for hackers, viruses, and exploits by virtue of the Secure by Default concept, it is still important to keep the OS up to date against critical security patches and updates. Currently, two approaches can be used to automate the installation of server patches. The first method involves configuring the Windows Server Automatic Updates client to download patches from Microsoft and install them on a schedule. The second option is to set up an internal server to coordinate patch distribution and management. The solution that Microsoft supplies for this functionality is known as Windows Software Update Services (WSUS).

WSUS enables a centralized server to hold copies of OS patches for distribution to clients on a preset schedule. WSUS can be used to automate the distribution of patches to Exchange Server 2013 servers, so that the OS components will remain secure between service packs. WSUS might not be necessary in smaller environments, but can be considered in medium-sized to large organizations that want greater control over their patch management strategy.

  • + Share This
  • 🔖 Save To Your Account