SSL Certificates for Exchange Server 2. Exchange Server 2. SSL certificates to secure protocols such as HTTP, SMTP, POP and IMAP. Because of the secure by default requirements, when an Exchange 2. When you first install Exchange Server 2016 it is preconfigured with default URLs for the various HTTPS services such as OWA Outlook on the web, ActiveSync mobile. SSL certificates that are enabled for those protocols. Here is an example of the self signed certificates installed on a new Exchange 2. PS C Get Exchange. Certificate Select Subject,Is. Self. Signed,Services ft auto. Subject Is. Self. Signed Services. CNMicrosoft Exchange Server Auth Certificate True SMTP. CNE1. 5MB1 True IMAP, POP, IIS, SMTP. CNWMSvc E1. 5MB1 True NonePSC Get Exchange. CertificateSelect Subject,Is. Self. Signed,Servicesft auto. Subject Is. Self. Signed Services CNMicrosoft Exchange Server Auth Certificate True SMTPCNE1. MB1 True. IMAP,POP,IIS,SMTPCNWMSvc E1. MB1 True None. Although this means that services such as Outlook Web App, Outlook Anywhere, and Activesync are secure right from the moment the Exchange server is installed, the use of self signed SSL certificates in Exchange Server 2. SSL certificates for the server. SANUC Certificates for Exchange Server 2. Exchange 2. 01. 3 uses a type of SSL certificate that is known as a Subject Alternate Name SAN certificate. In some cases this will be called a Unified Communications UC certificate by providers such as Digicert. A SAN certificate is an SSL certificate that has multiple server or domain names on the one certificate. This means that you can use a single certificate to secure one or more Exchange 2. URLs you plan to use for your Exchange environment, instead of having to provision a single named SSL certificate for each of the different names. Planning for Exchange 2. SSL Certificates. There are three requirements for an SSL certificate to work correctly in your Exchange 2. Certificate Validity Period. The certificate validity period is the period of time between when the certificate was issued and when it expires. Every SSL certificate will have an expiry date, and this will vary depending on how the certificate has been provisioned. The default, self signed certificate that Exchange 2. A certificate issued from a private certificate authority may be valid for several years as well. A certificate that has been acquired from a commercial certificate authority such as Digicert will usually be valid for one year. Trusted Certificate Authority. For a client to trust the SSL certificate that a server is using the certificate must be issued by a certificate authority that the client already trusts. If youre using a private certificate authority to issue SSL certificates to your Exchange 2. CA is an enterprise CA in your AD forest, then that CA will already be trusted by clients that are members of domains in that AD forest. Non domain members will not trust the CA unless the root certificate is imported into their trusted CA list. The major commercial certificate authorities are already trusted by the operating systems running on most computers or mobile devices, so when you acquire your certificate from one of those CAs it will be trusted by connecting clients as well. These trust issues mean that although you can use a private CA to issue your SSL certificates, it tends to be easier and less administrative effort to use a commercial CA. Note this trust issue only applies to the certificates installed on a dedicated Client Access server. The Mailbox server can use self signed certificates because it does not accept direct client connections. In a multi role server the trust issue still applies. Correct ServerDomain Names. The final requirement is that the server or domain name that the client is connecting to must match one of the names on the SSL certificate. For example, if the clients use the URL https mail. Outlook Web App, then the SSL certificate on the Exchange server must include the name mail. Depending on the role and configuration of the server it may need several names to be included on the SSL certificate. The minimum recommended names are the Client Access namespace when a single, unified namespace is used and the Autodiscover namespace. For example, an Exchange 2. OWA, Outlook Anywhere, Activesync external URL names, eg mail. Autodiscover name for the primary SMTP namespace, eg autodiscover. Microsofts published best practices on SSL certificates for Exchange recommend not including the server FQDN in the certificate. For more information on how to configure Exchange servers so that the server FQDN is not required on the certificate please refer to this article. In an Exchange 2. If youre using an internal DNS namespace that you dont own or is not valid eg,. How to Deal with SSL Requirements for Exchange when Certificate Authorities Wont Issue You a Certificate. How Many SSL Certificates to Configure For ease of administration, as well as for lower costs, it is recommended to provision as few certificates as possible. Because the SSL certificate can include as many names as you need up to about 5. SANUC certificates are priced, it is often less costly to use a single SAN certificate for multiple Exchange Server 2. Also consider that the trust issues when using a private CA to issue the SSL certificates for Exchange 2. It may be possible in your environment to use a private CA to issue the SSL certificates for the non internet facing servers, as they may only be seeing direct connections from domain members. The best number of certificates to configure is something for you to determine in the planning for your unique environment, but generally speaking fewer certificates is less costly and more manageable. Next Steps. After planning your Exchange Server 2. SSL certificate requirements the next steps are Generate a Certificate Request for Exchange 2. Submit the certificate request to your chosen CA to acquire the SSL certificate. I recommend Digicert for their competitive pricing, good support, flexible licensing, and free re issues if you happen to make an error. Or if youre using a private CA refer to these steps. Complete the pending certificate request. Exportimport an SSL certificate to multiple Exchange 2. Assign the SSL certificate to services in Exchange 2. Mc. Afee Internet Security Review Rating. Mc. Afee packs such a boatload of features into its standalone antivirus product, you might think theres not much left to distinguish its security suite. Indeed, while the added features in Mc. Afee Internet Security are welcome additions, they dont add value for everyone. Password management is a universal need, but not every user requires parental control, or spam filtering. And these components havent significantly grown or evolved since last year. Unless this combination of components perfectly fits your needs, youre better off sticking with Mc. Afee Anti. Virus Plus. All of the products in Mc. Afees security lineup include protection for every Windows, Android, mac. OS, and i. OS device in your household. Thats a lot of protection for 8. Bitdefender Internet Security and Kaspersky give you five licenses for that price, and Norton lets you have 1. Even if you dont use more than 1. Earlier this year Mc. Afees designers abandoned the blocky old user interface for a completely new look, in shades of white, gray, and pale blue. The new interface is entirely HTML based, making it very flexible. A menu across the top lets you select pages for Home, PC Security, Identity, Privacy, and Account. The True Key password manager shows up on the Home and Identity pages. Antispam also appears on the Identity page, and parental control comes under Privacy. Other than that, it looks the same as the standalone antivirus. Shared Antivirus Features. Every feature jammed into Mc. Afee Anti. Virus Plus also comes as part of Mc. Afee Internet Security, naturally. Please read my lengthy review of the antivirus for full details on those shared features. I will simply summarize my findings here. Lab Test Results Chart. Malware Protection Results Chart. Phishing Protection Results Chart. Three of the four independent antivirus testing labs I follow include Mc. Afee in their testing. Its scores cover a wide range, from total failure in a test that many products fail to average to top notch. Its aggregate score, 7. Bitdefender and Kaspersky Internet Security, tested by all four labs, earned 9. Mc. Afee took excellent scores in all of my hands on tests, however. Its 9. 5 point score for malware blocking is the best among regular antivirus products tested using my current sample set. Tested using my previous set of samples, Webroot Secure. Anywhere Internet Security Plus and Comodo managed a perfect 1. I also test how well each product handles malware downloads from the web, using a fresh daily collection of malicious URLs. I give equal credit for steering the browser away from a dangerous site and for eliminating the malware during download. Few products have done better than Mc. Afees 9. 4 percent protection. Trend Micro Internet Security and Avira eked out 9. Norton is at the top with 9. My phishing protection test puts each product up against long time antiphishing champ Symantec Norton Security Premium, using the very newest fraudulent URLs. Few products can beat Norton. A surprising number cant even beat the protection built into Chrome, Firefox, and Internet Explorer. Mc. Afee tied Norton and whomped the browsersit did very well. Other Shared Features. As noted, Mc. Afee packs a heap of features into the standalone antivirus, features that many other vendors would reserve for a full security suite. Ill briefly list them here, but for a full understanding, you should read my review of the antivirus. The firewall component both protects against outside attack and keeps programs from misusing your network connection. By default, it handles program control internally, which is much better than entrusting that task to the untutored user. For texting, I enabled its Intrusion Protection module and attacked the test system using vulnerabilities generated by the CORE Impact penetration tool. The attacks didnt penetrate the fully patched test system, but Mc. Afees firewall didnt actively defend against them. It mostly stood up to my direct attack test, though I managed to disable half of its Windows services. A vulnerability scanner seeks out missing security patches for Windows and popular programs and, when possible, automates the update process. You can use the Shredder to securely delete sensitive files beyond the possibility of forensic recovery. And the Quick. Clean tool eliminates junk files and traces of your browsing and computer usage history. On the My Network page, you can view all devices on the network. The list flags devices that have Mc. Afee protection, and you can set up a trust relationship between Windows installations that allows you to remotely check security status and adjust configuration. The Protect more devices feature, accessed from the Home page, lets you send an email or text with a link to install protection on any Windows, Mac, i. OS, or Android device you own. Theres also an option to find all devices on your network that dont have Mc. Afee protection. In testing, I didnt manage to see that feature in action, but its not all that necessary. Just email yourself the installation link, and open the email on each device. Protection for non Windows devices is the same whether youre subscribed for the antivirus or the full suite. On a Mac, it installs Mc. Afee Anti. Virus Plus for Mac. This simple antivirus currently lacks protection against malicious and fraudulent URLs due to a Safari update back in March its not clear when that will be fixed. The Android edition is a full featured security suite, with antivirus, antitheft, call and text blocking, and more. Those using i. OS dont get as muchsecure storage for photos, backup for contacts, and the ability to locate a lost device. If you had to pay for each license, installing on i. OS would be a waste. With no limit on devices, however, you might as well do so. See How We Test Security Software. Poor Parental Control. Mc. Afees parental control component hasnt improved since my last review. In some ways, it has gotten worse. My theory is that all development efforts moved to the newly revamped Mc. Afee Family Safety. Ill review that product when time permits. According to my contacts at the company, there are no plans to replace the suites parental control with Family Safety, which is too bad. Parental control isnt part of the default installation, which makes sense, given that nonparents dont need it, and some parents dont want it. The first time you try to use it, you go through a simple install process and set a configuration password, so the kids cant turn it off. When you go to configure protection, youll find that its quite limited. For each childs Windows account, you can choose content categories for blocking and set a schedule for Internet use. You can also view a report of activity for each child or all children. As with previous versions, setting up parental control for a childs account that has Administrator privileges triggers a big warning. And yet, many parents do give older children Administrator accounts, to avoid constantly having to jump and supply an admin password any time the child wants to install a new game. Most other parental control systems dont have this limitation. To configure the content filter, you first choose one of five age ranges. Doing so pre configures which of the 2. Rather than the usual list with checkboxes, Mc. Afee displays a list of blocked categories and another list of allowed categories, with arrow buttons to move items back and forth between the lists. Most are what youd expect, but Id sure like to see a site that gets blocked for Historical Revisionism. Theres an option to block search links to sites containing inappropriate images or language, but what it really does is attempt to force Safe Search in the search engines. This attempt fails when the engine defaults to a secure HTTPS connection, as Google does. The content filter does handle websites that use HTTPS, which means your kid wont sleaze past the filter using a secure anonymizing proxy. I couldnt uncouple the content filter using the three word network command that foiled parental control in a few less advanced products. But your lustful teen doesnt need to disable the filter to view adult content, and your precocious tot may encounter some shocking pages by accident, because the filter just doesnt work properly. I tried a few dozen truly raunchy sites and found that two thirds of them slipped right past the content filter. Like many parental control systems, Mc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |