As with any network, Office Communications Server should be secured against unauthorized access or use from within and from outside the infrastructure. Intruders use a number of methods to compromise a system, including the following ones:
Trojan horses Sending harmful programs or files into a network, where they are launched
SPIM Unsolicited, commercial instant messaging, or spam over IM
Sniffing/Snooping Unauthorized interception of communications or data
Man-in-the-middle (MITM) attack All communications intercepted by an attacker before they arrive at the intended recipient; attacker then forwards fake communications.
The following sections discuss in more detail some of the security features that are used to help make the Office Communications Server deployment more secure.
Office Communications Server uses DNS-SRV resolution to locate the Access Edge Server of another federated partner for IM conversations. For a secure connection to take place, the name of the DNS-SRV domain must match the server name on the certificate issued by a public certification authority (located in the trusted root store in Windows Server 2003). This organization-to-organization federation using DNS-SRV resolution to identify the Access Edge Server for each partner is called enhanced federation. Network administrators can limit enhanced federation to specified external domains or extend it to any and all domains.
For additional security, you can establish a policy to disable federation for all users who do not require it.
Remote user access allows users to securely access corporate resources by establishing an encrypted tunnel across the Internet. However, remote-access connectivity is a common point of entry for such threats as worms, viruses, spyware, hacking, data theft, and application abuse. As a result, remote access can lead to the following network threats:
Allows remote users to bring malware into the main office network, causing virus outbreaks that infect other users and network servers.
Enables theft of sensitive information, such as downloaded customer data.
Enables hackers to hijack remote-access sessions, providing hackers access to the network as if they were legitimate users.
The best way possible to avoid such threats is to establish a policy to disable remote user access to all users who do not require it.
Access control lists (ACLs) contain access control entries (ACEs) that grant individual (or group) access rights to such things as programs, processes, files, and contact data. In Office Communications Server, you can use Active Directory to change the ACLs on each domain rather than having to weed through dozens of lists spread across multiple domains. Thus, tracking and auditing is simplified because you can roll back an action by group membership, delete a group or certain members of the group, or perform a simple query for auditing purposes.
Privacy settings help ensure that public cloud watchers from MSN, AOL, and Yahoo! cannot see secure information about an Office Communications Server user, unless he or she elects to grant access to them. Items such as text notes, calendar free/busy information, or mobile phone numbers can now be displayed to users outside the enterprise. For standard federation (with other enterprises), basic status information is available by default. Enhanced presence attributes, such as phone numbers and calendar information, are not available by default.
However, because each user has the ability to make administrative decisions about user information, anything or anyone that has the user's credentials can modify the user's settings. So exercise caution over what personal information is shared. Office Communications Server 2007 uses containers and categories to manage this information, which in turn is controlled by ACLs.
Similar to SPAM for e-mail, Spam over Instant Messaging (SPIM) is an attack on instant messaging. With SPIM, the user is vulnerable to IM worms and unsolicited IM advertisements. In addition, a URL can be linked to a phishing Web site. A phishing Web site is typically hosted to lure a user into typing in information (such as credit card information), with the information going to a malicious user instead of a valid Web site.
In addition, users can potentially transfer dangerous file types, such as executables, that when run on one's system can cause irreparable damage.
Office Communications Server ships with Intelligent Instant Message Filter (IM Filter) and installs it by default. IM Filter helps prevent such things as Trojan horses and SPIM because it blocks messages that contain spurious URLs or attempts by intruders to initiate file transfers.
Office Communicator and Office Communicator Servers use certificates to establish TLS and MTLS, as previously described. The use of M/TLS is very important to the integrity and confidentiality of the messages sent between clients and servers. Use of M/TLS greatly reduces the potential that an attacker will be able to intercept messages or establish a man in the middle attack by inserting himself between server and server or server and client.
By inserting in the middle of the authenticated channel established by M/TLS, the integrity of the message is broken because the certificates used to establish the M/TLS communication cannot be spoofed or faked. In addition, if the mutual authentication has taken place, a re-authentication will need to happen, causing an immediate failure as the attacker tries to use a false, stolen, or duplicate certificate that cannot be verified by the server or client.
Spoofing is mitigated by use of certificates to create M/TLS authentication. Because the certificates must be created and verified by trusted Certificate Authorities and bound to fully qualified domain names that are managed in DNS, spoofing a server or client is very difficult if not impossible.