This articles list of steps that needs to be followed in the exchange server environment for hardening.
1. Basic security best practise like antivirus,secure password,correct privillage for the users,latest service packs and patches,stopping unnessary services,event logging,monitoring,basic firewall policies,good backup and restore plan,etc.
2. Full Knowledge of your infrastructure and network layouts.
3. Status of the ports that are open in the front end.
4. Aware of different types of attacks like data theft,tampering,forgery,Denial of services,Trojon horse,Virus,Spoofing,Mail-relaying,etc,.
5. Assigning proper administrative roles and delagation policy.
6. Enabling all possible logging like audit logs,security logs,SMTP, logs,http logs,etc.
7. Use of Security configuration wizard availbale server 2003 SP1.
8. Effective usage of exchnage security template based on server roles.
9. Updating the Exchange server with related updates,patches,hotfixes,service packs.
10. Maintaining strong firewall in the front end.
11. Strong SMTP settings.
12. Intelligent spam filter or other third party spam solution products.
13. Restricting the distribution list properties.
14. Securing the client.
15. ExBPA(Exchange Best Practice Analysis tool).