What is the purpose of messaging?

5.4.2 Apache Kafka

A messaging system is responsible for transferring data from one application to another so the applications can focus on data without getting bogged down on data transmission and sharing. Distributed messaging is based on the concept of reliable message queuing. Messages are queued asynchronously between client applications and messaging system. There are two types of messaging patterns. The first one is a point-to-point and the other one is “publish–subscribe” (pub-sub) messaging system. Most of the messaging systems follow the pub-sub pattern.

Instant Messaging

Instant messaging (IM) systems can be very useful. It allows immediate and convenient communication between two parties. If you use an externally administered system, then you don’t have to worry about managing the infrastructure. But along with the convenience and ease of IM come many potential threats. With IM, you have to worry about information flowing in clear text, Internet links in messages, file transfers, and social engineering.

Information sent via IM is generally sent in clear text. There are programs available that can be used to encrypt IM traffic, but these are usually separate add-ons. If someone is sending sensitive information via IM, that information is vulnerable to network sniffing.

You have to be very careful with IM systems because you never really know who is on the other end. IM systems allow you to post Internet links inside of messages. This can be very dangerous. The links you receive could direct you to malicious sites. Many e-mail systems can scan messages for dangerous links, but IM generally does not do this. IM clients may warn you about clicking links in messages, but they will not block them.

IM clients also allow file transfers. Usually, these are just pictures or something harmless. But that’s not always the case. Sometimes, these files are malicious executables. IM clients do not scan messages to see if these files are malicious or not, by default. It’s up to the users to use their best judgment.

Social engineering attacks are also common with instant messaging systems. Because of their relaxed and informal nature, IM systems often give people a false sense of familiarity and trust. You must still remember that you do not really know who is on the other side of the connection. If you send confidential information through an instant message, you need to be aware that you could be sending it to anyone.

There are several steps that can be taken to secure instant messenger usage. First, you can prevent the usage of external IM clients. Most public e-mail clients require users to log into a central authentication system. You can block users within your network from accessing this central authentication server. If you need IM within your organization, you can set up an internal IM system.

If preventing the use of external IM systems is not feasible, then you should do what you can to protect the users and client systems. You can use an add-on application to encrypt the content of your IM messages. This will help protect against network sneaking. IM encryption applications generally require the use of a shared key. The key is usually exchanged the first time communication occurs. Second, you should enable the file transfer protection settings in the IM client. Certain antivirus applications also have plug-ins for IM clients. You can use these to scan transferred files for malicious content. Finally, end-user education is essential. You can educate users not to click links in e-mail messages. You can also educate users on the dangers of instant messaging in an attempt to help prevent social engineering attacks.

6.3.8 Foreign connectors

Foreign connectors link Exchange to other messaging systems. In the past, installing foreign connectors was a necessary evil because different email systems used different protocols. Microsoft provided the Exchange Development Kit (EDK) to allow third parties and its own engineers to build connectors for email systems such as Lotus Notes, Novell GroupWise, Lotus cc:Mail, Fax, Short Message Service, and so on.

The growing acceptance of SMTP as the de facto standard for email exchange plus the addition of other Internet-driven standards such as iCal permits much better out of the box connectivity between email systems today and has eliminated the need to operate many bespoke gateways. Microsoft has removed support for gateways developed with the Exchange 2003 EDK, so if you use one of these gateways, you will have to get an updated version that can connect to the Exchange 2007 transport system. Microsoft has new versions of their interoperability and connectivity tools for major systems such as Lotus Notes and Novell GroupWise, and you can expect that the other software vendors who have provided tools in the past will upgrade their products to support Exchange 2007. Note that connectivity is just one part of the interoperability picture when you have to support multiple email systems. It's relatively easy to pass messages between the different systems, but achieving the finer details such as directory synchronization and support for messages that contain meeting requests takes more effort.

III.B.1. Text-based conversation

In MUDs, MOOs, and instant messaging systems, participants type their contributions in a small window on the computer screen. As soon as they finish, they send the burst of text to all others currently participating, or to a subset they designate, with the utterance tagged with their names. The MUDs and MOOs, in addition, allow people to describe other actions as well, e.g., “Gary enters the room;” “Judy smiles.” Participants in MOOs and MUDs also create descriptions of places and objects, sometimes giving the objects actions that are triggered when others act on them, e.g., “powers” that emerge when an object is “picked up.” Although these were invented to support fantasy games, today they are used both for education and productive meetings as well as game playing.

Descriptions of the activity in MOOs and MUDs center around the issue of identity. Since participants can describe themselves as they wish, including gender, they often experience reactions to their described selves different from their true selves. For example, those that describe themselves in terms of lower power status are reacted to in a more friendly way than those who describe themselves as powerful. Different MOO communities develop distinctly different cultures depending on their own developed rules of etiquette.

Chat systems have been used for serious purposes, such as the one in the Upper Atmospheric Research Collaboratory (UARC). Here, scientists chat while they collectively view shared displays of data from instruments around the world. As many as 15 scientists have been on at once, discussing the phenomena, with another 30 signed on but not directly conversing, called “lurkers.” When the content of the chat dialog is categorized, it turns out that nearly eight separate threads of conversations are carried on in parallel, many more than in a face-to-face meeting, with no more confusion about what is being talked about. Because the participants can scroll back through the previous dialog, they can keep track of the threads and keep up.

Less Secured/Reliable

All compute devices have important resources and store valuable data and/or programs. It is important to protect access to all of these compute resources and data through user recognition and user authentication. Appropriate gatekeeper procedures and mechanisms should be deployed to protect the underlying data, programs, and applications while enforcing appropriate privacy guidelines and protocols. Since mobile devices are mostly in transit, their security becomes increasingly more challenging since these devices may use wireless channels, public resources, or networks that can provide easy access to these mobile systems.

With the explosion in smartphone usage, a lot of personal information is now saved and stored on smartphones. Users employ smartphones for communication, planning, organizing, and accessing and processing financial transactions.

Hence smartphones and information systems supporting them carry increasingly more sensitive data, thereby introducing new security risks while posing serious privacy access and processing complexities.

Some of the sources of security risks are

Through messaging systems like SMS, MMS

Through connection channels like Wi-Fi networks, GSM

Through software/OS vulnerabilities to external attacks

Through malicious software and user ignorance about it.

Some of the mitigation options are

Use of encryption methods (Wired Equivalent Privacy: WEP, Wi-Fi Protected Access: WPA/WPA2) encryption

Using VPN or HTTPS to access Wi-Fi/Internet

Allow only known MAC addresses to join or connect to known MAC addresses only.

1.2.1 The happy prospect of a migration

I doubt that there is a single administrator of a messaging system in the world who can honestly say that they enjoy the process of moving an email system from one software version to another. Over the three generations of Exchange, we have experienced relatively easy migrations, such as upgrading servers from Exchange 5.0 to 5.5 or from Exchange 2000 to 2003. These migrations required careful planning to ensure no disruption for users, but the actual mechanics of the upgrade were simple and easy to perform because there was no change to the fundamentals of Exchange—the operating system, hardware, or internal architecture. On the other hand, some migrations have caused massive upheaval because of the degree of change in those same fundamentals. Upgrading an Exchange organization from 5.5 to 2000 was not easy because of the requirement to install the Active Directory, which required a change in the base platform from Windows NT to Windows 2000. Administrators had enough of a steep learning curve to understand how Active Directory worked, especially around security boundaries and replication, and when you heaped the massive change in the Exchange architecture that Microsoft introduced in Exchange 2000, you had a recipe for a many long hours of work to plan, deploy, and support the migration. From Microsoft's perspective, their decision to use the Active Directory as the basic directory service for Exchange 2000 and subsequent releases was a great move because it forced many companies to introduce a corporate directory service long before they might have wanted to do so. Any company that wanted to use Exchange had to deploy the Active Directory first. The long-term effect is that the Active Directory is an embedded part of the core IT for any company who uses Exchange.

In the most part, we have mastered Active Directory now. While Exchange 2007 does not require disruption of the kind seen when you introduce a new corporate directory that simply has to work before applications can function, it does include two huge changes. First, Exchange 2007 only runs on 64-bit Windows on x64 servers. Second, Microsoft has torn up the administrative model used in Exchange 2000 and 2003 in favor of a simplified GUI for the management console and a whole new focus on a highly programmable scripting language implemented through a UNIX-like command shell. Administrators therefore face the need to refresh their server hardware inventory completely for both Exchange and Windows while at the same time they need to learn a whole bag of new tricks to work with and manage Exchange 2007.

The server refresh is not straightforward because you should not simply replace 32-bit servers for 64-bit models on a one-for-one basis. Such an approach could be an incredible waste of money and negate many of the advantages of the new platform. Exchange 2007 is an opportunity to completely revamp the original Active Directory and other base Windows infrastructure components laid down to support Exchange 2000 and 2003 with the intention of simplifying the infrastructure through consolidation of servers into a much smaller set of domain controllers, global catalog servers, DHCP servers, and the like. Consolidation is possible because a 64-bit Windows server is able to handle much more work than its 32-bit counterparts are and additional cheap network capacity usually makes it possible to bring the work to a smaller set of servers than to distribute it around the network. For the same reason, the same kind of consolidation may be possible with Exchange 2007. In one way, the introduction of server roles prompts you to think about the number and function of servers to deploy for Exchange 2007. How many mailbox servers will you deploy? How many servers of the other roles will you need and should you run multi-role servers or single-role servers? For example, if you want to deploy CCR on MNS clusters, these servers will be single-role mailbox servers whereas you can use LCR on multi-role servers. How will you take advantage of the larger memory model to support more mailboxes? How can you exploit SANs better to support the data requirements for consolidated servers in a datacenter? Exchange 2007 requires more memory than ever before to compensate for a large reduction in I/O operations. This leads to a dramatically different I/O profile in terms of the demands that Exchange 2007 makes on storage subsystems. Large SANs will be able to support more servers and you can build servers around newer storage technologies that offer better performance and lower cost. There is quite a bit of work to do to figure out the most appropriate configuration for Exchange 2007 servers in any organization.

With so much upheaval caused by the transition to 64-bit servers, you should take the opportunity to have a long hard look at the server and storage infrastructure you use for Exchange 2003 and think about how you can consolidate to remove cost, complexity, and administrative overhead. You cannot upgrade an Exchange 2003 server to Exchange 2007 server, so you have to use the move mailbox function to get user data across to the new servers. With this in mind, there is an obvious opportunity to plan for a smaller number of mailbox servers that support larger user communities.

Another point that you should consider is whether the time is right for you to virtualize some of your Windows infrastructure, including domain controllers and Global Catalog servers. There is no doubt that virtual servers will gradually replace physical servers over time in order to maximize the use that we can get from increasingly powerful hardware. The capabilities of the virtual server software that is available today are incredible, even if it is not all from Microsoft. Virtual servers should definitely be on your agenda to support test servers at the very least, but it is now time to take a hard look at your Windows servers to figure out what you can deploy on virtual servers and what has to stay on physical servers.

Of course, server consolidation is not easy and you need to do a lot of planning to make sure that you deploy and populate new servers with data without causing disruption to users. The end goal is worthwhile because fewer servers are easier and cheaper to manage, so the lower operational costs may pay for some or all of the overall migration effort.

The impact of the change in the administrative model is harder to predict. Some administrators will take to the Exchange Management Shell with gusto and will become very comfortable with the 360+ new commands that Microsoft has made available to manage Exchange 2007 through PowerShell. Other administrators will be like lost lambs in a storm, wondering where their familiar graphical management console has gone and struggling with the syntax of the shell. To a large degree, the change is in terms of culture and philosophy as well as technology, and it will take people time to adjust.

To return to the original point—migrations are not easy and we face some big changes in Exchange 2007 that make the migration to this version more difficult to plan for. However, the good thing is that careful planning, attention to detail, and dedication to mastering the new technology will bring success, albeit at the expense of a lot of time and effort.

Summary

As a messaging administrator, you must remain aware of potential messaging system attacks. By understanding the characteristics of attacks that may be executed against your systems, you are better prepared to identify them and respond to them in a defensive manner.

One of the factors that helps to make your job easier is that Exchange Server has evolved over time to be installed defensively straight out of the box. Since by default you are more protected than ever before, attackers have had to become increasingly more creative in their attack approaches. We have discussed many common attacks that should be considered viable threats to your environment and the proper steps to be taken to help ensure the security of your messaging services infrastructure.

Understanding the mail flow architecture that occurs between disparate mail systems helps to ensure an understanding of the many different possible attacks that may be executed against a Microsoft Exchange deployment. By equipping yourself with the knowledge of how the mail service attacks function, you can better prepare yourself for preventing against attacks such as directory harvest attempts, mail relay, and SMTP Auth attacks.

Telephone Voice Messaging Operation

While conducting a PBX or other type of high-technology communications-related crime investigation, one should look at the security or protection policies that govern how such high technology is to be controlled. The following is an example of one such policy.

Unified Messaging Server role

The Unified Messaging Server role is new to the Exchange product line. This server role combines voice messaging, fax, and e-mail into one single unified inbox, making it possible to access all of this information from a host of client solutions: Outlook 2007, Outlook Web Access 2007, Windows Mobile 5.0, and so forth.

Unified Messaging gives your end-users features like the following:

Auto Attendant

An auto attendant is a set of voice prompts that gives external users access to the Exchange 2007 Unified Messaging system. An auto attendant lets the user use either the telephone keypad or speech inputs to navigate the menu structure, place a call to a user, or locate a user and then place a call to that user. An auto attendant gives the administrator the ability to:

Create a customizable set of menus for external users.

Define informational greetings, business hours greetings, and non-business hours greetings.

Define holiday schedules.

Describe how to search the organization's directory.

Describe how to connect to a user's extension so external callers can call a user by specifying their extension.

Describe how to search the organization's directory so external callers can search the organization's directory and call a specific user.

Enable external users to call the operator.