588 Part III: Deploying Application-Specific Solutions 5. In the Change Security Settings dialog box, click OK. 6. In the Trust Center dialog box, click OK. Enabling S/MIME in OWA To allow S/MIME usage in OWA, you must install the S/MIME Microsoft ActiveX control at the client computer. The S/MIME ActiveX control enables using S/MIME for both signing and encrypting e-mail messages. Important Only a local administrator or member of the local Power Users group can install the ActiveX control. Once the control is installed, all users can use it. In addition, the ActiveX control requires Microsoft Internet Explorer 6.0, Windows Internet Explorer 7.0 or later running on Windows 2000 or later. To install the S/MIME ActiveX control: 1. Log on to the computer as a member of the local Administrators or Power Users group. 2. Open Internet Explorer. 3. In Internet Explorer, open the URL http://ExchangeServer/exchange (where Exchange- Server is the DNS name of the computer running Exchange Server 2003 hosting the user’s mailbox). 4. When prompted, type the user name and password for accessing your mailbox. 5. In Outlook Web Access, in the Navigation Pane, click Options. 6. On the Options page, under E-Mail Security, click Download. 7. In the File Download dialog box, click Open. 8. If any security warnings appear, click Yes to install the ActiveX control. Sending Secure E-Mail Once you have enabled S/MIME in the e-mail package, the decision to send secure e-mail is made for every message sent by the e-mail participant. For example, Figure 22-6 shows a message window in Outlook 2007 that is enabled for both digital signing and e-mail encryption. By selecting the Digitally Sign button and the Encrypt button, the sender can decide whether to implement signing, encryption, or both encryption and signing for the outbound e-mail message. In addition, the user can select the defaults to enable within the e-mail client for S/MIME e-mail. Chapter 22: Secure E-Mail 589 Figure 22-6 Enabling digital signing and encryption in an Outlook 2007 e-mail message Note Although Figure 22-6 shows the Outlook 2007 client, similar buttons for enabling digital signing and encryption exist in Outlook 2003 and OWA. Important To send encrypted e-mail to a recipient, the sender must have access to the recipient’s public key. In an AD DS environment, the sender retrieves the certificate from the global catalog. The certificate is added to the userCertificate attribute of the user account during the enrollment process by selecting the Publish Certificate In Active Directory check box in the e-mail encryption certificate template. The userCertificate attribute is replicated to the global catalog. For nondomain members, the users can exchange encryption certificates by sending signed e-mail messages and then creating a contact object for the other user. The properties of the contact object include the signing and encryption certificates. Case Study: Adventure Works You manage the network for Adventure Works, a travel agency in New York that specializes in radical vacation trips. The organization implements the CA hierarchy shown in Figure 22-7. To provide increased trust of the certificates issued by the Adventure Works Issuing CA, Adventure Works has purchased a subordinate CA certificate from VeriSign. The VeriSign root CA certificate is included in the packaged list of trusted root CAs distributed by Microsoft with the Windows operating system, increasing the trust in the certificates issued by the Adventure Works Issuing CA. 590 Part III: Deploying Application-Specific Solutions Figure 22-7 The Adventure Works CA hierarchy Scenario Adventure Works implements Exchange Server 2003 in a single domain forest named adventure-works.com. The computer running Exchange Server, ADVEXCH01, provides e-mail services to all employees of Adventure Works and is also used to send and receive e-mail over the Internet. All client computers use Outlook 2007 to connect to the mail server All servers on the network are running Windows Server 2008 Enterprise, and the client computers are running Windows Vista. The latest service packs are installed and security updates are applied to all client computers on a weekly basis. Recently, the IT, human resources, and legal departments drafted security policies for the Adventure Works network. The following security policies are related to e-mail: ■ Any e-mail messages containing proposed or confirmed flight itineraries to customers must be signed to provide confidence to the customers that the contents are valid and did originate from the Adventure Works travel consultant. ■ Any e-mail messages containing customer confidential information, such as passport numbers, credit card numbers, and bank account information, must be encrypted. In addition, any e-mail messages containing classified data must be encrypted when sent to employees ■ The private keys associated with encryption certificates must be archived at the issuing CA to allow recovery of the private key in the event of computer failure, computer rebuild, profile deletion, or corruption of the private key. All key recovery must require the participation of at least two employees to prevent unauthorized access to a user’s encryption key. OU = VeriSign Trust Network OU = (c) 1998 VeriSign, Inc. - For authorized use only OU = Class 3 Public Primary Certification Authority - G2 O = VeriSign, Inc. C = US CA Type: Enterprise Subordinate CA CA Name: Adventure Works Issuing CA CA Computer Name: ADVCA01 CA Validity Period: 10 Years Chapter 22: Secure E-Mail 591 ■ The private keys associated with the signing certificate must never be archived to ensure that two users do not have access to the same signing certificate. ■ E-mail signing and encryption private keys must be protected by a password. The password must be typed each and every time the private key is accessed. In addition to enforcing the security policies defined for Adventure Works, the secure e-mail project must also meet the following design requirements: ■ Several of the agents participate in a job-sharing program. When an agent comes into the office, there is no guarantee that he or she will sit at the same computer, so e-mail certificates must be portable. ■ Some of the agents have laptop computers and connect to the mail server, ADVEXCH01, from remote locations. Secure access to their e-mail as well as the ability to use S/MIME for signing and encrypting e-mail must be provided. Case Study Questions 1. Based on the security policies related to e-mail usage, how many e-mail certificates must be distributed to each user? 2. What certificate(s) must be published to Active Directory Domain Services (AD DS) to enable the sending of encrypted e-mail between employees of Adventure Works? 3. Will the current CA infrastructure allow the e-mail signing and encryption certificates to be recognized by the customers of Adventure Works? 4. What method would you use to deploy the e-mail certificate(s) to the Adventure Works users? What certificate template settings are required to allow this method of enrollment? 5. One of the travel agents is able to open his encrypted e-mail only at one of the available agent computers. When he attempts to open his encrypted e-mail at the other computers, the attempt fails. What can you do to ensure that the travel agent can open the encrypted e-mail at any of the travel agent computers? 6. How do you propose to enforce the security policy that requires two or more people to be involved in the recovery? 7. How do you enforce the requirement that users must provide a password to access the private keys associated with the e-mail signing of any e-mail encryption certificates? 8. If you had the budget, how could you further increase the security of the e-mail signing and e-mail encryption certificates? 9. What must a travel agent do to allow a customer to send an encrypted e-mail message? 10. What solution can be used to allow remote travel agents to securely access their e-mail and use S/MIME to protect the e-mail messages without enabling an additional e-mail client? 11. One of the travel agents has forgotten the password used to protect the e-mail encryption certificate and can no longer read her encrypted e-mail. What must you do to allow the travel agent to access the encrypted e-mail? 592 Part III: Deploying Application-Specific Solutions 12. When performing the testing of your e-mail solution, you are told that customers are complaining that their e-mail applications are reporting that the digital signatures are failing. You look at the certificate and find the following URLs in the CDP extension: ❑ LDAP:///CN=Adventure Works Issuing CA,CN=ADVCA01,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=travelworks,DC=com ❑ http://advca01/certenroll/Adventure%%20Works%%20%%20Issuing%%20CA.crl What is causing the certificate validation to fail? What must you do to fix the problem? Best Practices ■ Issue separate certificates for e-mail signing and encryption. Using separate certificates allows your organization to archive the private keys of e-mail encryption certificates yet not archive the private keys for e-mail signing certificates. If you use a single certificate for both signing and encryption, there is a possibility of identity theft. Finally, implementing separate signing and encryption e-mail certificates allows an organization to restrict a user to performing only e-mail encryption or e-mail signing. If the organization wants to implement only e-mail signing, they can issue a certificate that enables only e-mail signing. ■ Use strong private key protection for e-mail signing and encryption certificates when using software-based CSPs. Strong private key protection provides additional security for certificates stored in a user’s profile. Every time the private key of the certificate is accessed, the user must provide a password. This strong private key protection prevents an administrator who resets the user’s password from gaining access to the e-mail certificate private keys. ■ Use smart card–based CSPs to provide the strongest private key protection and certificate roaming. Smart cards provide two-factor protection of the e-mail certificates and allow portability of the certificate and private keys between computers. ■ Provide key archival for e-mail encryption certificates. Key archival allows the user’s private key to be recovered in the event that the private key is deleted or corrupted. Retrieving the private key allows the user to gain access to e-mail previously encrypted with the public key of the key pair. ■ Use autoenrollment or scripted enrollment to distribute e-mail certificates to users. Automated enrollment ensures that each user obtains the required certificates for e-mail with minimal user actions. If you enable strong private key protection, the user will be prompted to provide the password used to protect the private key. ■ Ensure that AIA and CDP URLs are accessible from both the private network and the Internet. If you send signed e-mail or receive encrypted e-mail, you must ensure that at least one AIA and CDP URL are accessible from the private network or from the Internet to allow certificate validation to succeed. Chapter 22: Secure E-Mail 593 Additional Information ■ Microsoft Official Curriculum, Course 2821: “Designing and Managing a Windows Public Key Infrastructure” (http://www.microsoft.com/traincert/syllabi/2821afinal.asp) ■ “Key Archival and Recovery in Windows Server 2008” (http://www.microsoft.com/ downloads/details.aspx?FamilyID=b280e420-7cd8-4fd0-94a8-c91035b7b23b& displaylang=en) ■ “Exchange Server 2003 Message Security Guide” (http://www.microsoft.com/technet/ prodtechnol/exchange/2003/library/exmessec.mspx) ■ “TechNet Webcast: Message Security, Compliance, and Message Protection with Exchange Server 2007 (Level 200)” (http://msevents.microsoft.com/CUI/ WebCastEventDetails.aspx?culture=en-US&EventID=1032309159&CountryCode=US) ■ “Overview of Cryptography in Outlook 2003” (http://go.microsoft.com/ fwlink/?LinkId=17808) ■ “Administering Cryptography in Outlook 2007” (http://technet2.microsoft.com/Office/ en-us/library/40aeecab-c39f-4635-8b25-1adda35ca93c1033.mspx?mfr=true) ■ “Configuring and Troubleshooting Certificate Services Client–Credential Roaming” (http://www.microsoft.com/technet/security/guidance/cryptographyetc/ client-credential-roaming/terminology-assumptions.mspx) ■ “Quick Start Guide for S/MIME in Exchange Server 2003” (http://www.microsoft.com/ downloads/details.aspx?FamilyId=F2D49F68-9E36-414B-906B-13C7C075E1B1& displaylang=en) ■ RFC 2595—“Using TLS with IMAP, POP3, and ACAP” (http://www.ietf.org/rfc/ rfc2595.txt) ■ RFC 2633—“S/MIME Version 3 Message Specification” (http://www.ietf.org/rfc/ rfc2633.txt) ■ RFC 3207—“SMTP Service Extension for Secure SMTP over Transport Layer Security” (http://www.ietf.org/rfc/rfc320 7.txt) ■ RFC 4346—“The Transport Layer Security (TLS) Protocol Version 1.1” (http://www.ietf.org/rfc/rfc4346.txt) ■ 823568: “How To: Configure Exchange Server 2003 OWA to Use S/MIME” Note The last article in the above list can be accessed through the Microsoft Knowledge Base. Go to http://support.microso ft.com, and enter the article number in the Search The Knowledge Base text box. 595 Chapter 23 Virtual Private Networking Virtual private networking allows users to connect to corporate resources from off-site locations, such as a home office or hotel room. This chapter discusses the certificate deployment required to implement client-to-gateway virtual private network (VPN) solutions. Note It is also possible to deploy gateway-to-gateway VPN solutions that join two offices over a public network such as the Internet. The certificates required for these connections are similar to the client-to-gateway scenarios and are not discussed in this chapter. Resources for more information on deploying gateway-to-gateway solutions are listed in “Additional Information” later in this chapter. Certificate Deployment for VPN When planning certificate deployment for VPN solutions, the main criteria in determining certificate requirements are the tunneling protocol and the user authentication protocol used with the tunneling protocol. Point-to-Point Tunneling Protocol (PPTP) Point-to-Point Tunneling Protocol (PPTP) encapsulates the Point-to-Point Protocol (PPP) datagrams in a modified version of Generic Routing Encapsulation (GRE). (See Figure 23-1.) Figure 23-1 PPTP packet structure In addition to encapsulating the PPP data within a GRE header, PPTP also maintains a Transmission Control Protocol (TCP) connection between the client and the server where the client connects to TCP port 1723 at the VPN server for management of the tunnel. To protect the data transmitted in the PPTP packets, Microsoft Point-to Point Encryption (MPPE) is used to encrypt the PPTP data. PPTP does not require any certificates for the VPN client computer or the VPN server that the VPN client computer connects to. MPPE does not use certificates for the encryption of the data exchanged between the two computers. IP Header GRE Header PPP Header PPP Payload Encrypted with MPPE PPP Frame 596 Part III: Deploying Application-Specific Solutions VPN Authentication Options When a user connects to the network through a VPN connection, the user must provide his or her credential information to the VPN server to authenticate with the network. The following protocols are available for user authentication when you implement a VPN solution: ■ Password Authentication Protocol (PAP) Transmits user credentials to the remote access server as plaintext, offering no protection against interception of the user’s account and password. ■ Challenge Handshake Authentication Protocol (CHAP) Provides a stronger form of authentication by sending the password and a challenge to the server after passing the two items through the Message Digest 5 (MD5) hashing algorithm. When the authentication server receives the authentication attempt, the authenti- cation server retrieves the user’s password from Active Directory Domain Services (AD DS) and then performs the same MD5 hash against the challenge and password. If the results match, the user is authenticated. The use of the server’s challenge protects the authentication attempt against replay attacks. Warning CHAP authentication requires that the user’s password be stored in a reversibly encrypted format in AD DS. This weakens password security and requires stronger physical security of the domain controller. ■ Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) MS-CHAP differs from CHAP in that it creates the challenge response by passing the challenge and the user’s password through the Message Digest v4 (MD4) hashing algorithm. MS-CHAP then uses MPPE to encrypt all data transmitted between the remote access client and the remote access server. MS-CHAP does not require that the user’s password be stored in reversible encryption in AD DS. ■ Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAPv2) Requires the authentication of both the remote access client and the remote access server for a successful authentication attempt. In addition, MS-CHAPv2 imple- ments stronger data encryption keys and uses different encryption keys for sending data than the encryption keys used for receiving data. ■ Extensible Authentication Protocol (EAP) Provides extensions to PPP connection authentication. These extensions allow advanced authentication methods, such as two-factor authentication, Kerberos, one-time passwords, or certificates. One of the extensions that EAP can use is Transport Layer Security (TLS). EAP-TLS uses the handshake protocol in TLS. The client and server use digital certificates to authenticate each other. The client generates a pre-master secret key by encrypting a random number with the server’s public key and then sends the encrypted Chapter 23: Virtual Private Networking 597 pre-master secret key to the server. The server then decrypts the pre-master secret key by using its private key, and both the client and the server then use the pre-master secret key to generate the same session key. Although a VPN connection can use any of the authentication protocols listed here, it is recommended to use only MS-CHAPv2 or Extensible Authentication Protocol– Transport Layer Security (EAP-TLS) authentication when allowing VPN connectivity to your network. Only these authentication methods provide strong protection of the credentials and mutual authentication of both the remote client and the authentication server. PPTP requires certificates only if EAP-TLS authentication is enforced for VPN connections. When EAP-TLS authentication is required, two certificates are required: ■ User certificate Used at the VPN server to authenticate the user account. The certificate must: ❑ Be issued by a CA whose certificate is included in the NTAuth object in AD DS. ❑ Be issued by a CA that chains to a root CA certificate trusted by both the VPN client computers and the authenticating server. ❑ Include the Client Authentication Enhanced Key Usage (EKU) object identifier (OID). ❑ Pass all certificate validity checks, including a revocation check. ❑ Include the user principal name (UPN) of the user in the subject alternative name extension or be explicitly mapped to a user account in AD DS. Note Optionally, a custom application policy OID can be added to the user certificate to indicate that the certificate is used for the organization’s VPN solution. By including the custom application policy OID, an organization can implement a remote access policy profile that requires the custom application policy OID in the presented certificate. ■ Authenticating server certificate Used at the authenticating server. If the VPN server implements Windows authentication, the computer certificate must be installed at the VPN server. If the VPN server implements Remote Authentication Dial-In User Service (RADIUS) authentication, the computer certificate must be installed at the RADIUS server. The certificate must: ❑ Be issued by a CA that chains to a root CA certificate trusted by both the VPN client computers and the authenticating server. ❑ Include the Server Authentication application policy OID. [...]... (http://www .microsoft. com/downloads/details.aspx?FamilyID =93 fd20e7-e73a-43f 696 ec-7bcc7527709b&DisplayLang=en) ■ Microsoft L2TP/IPSec VPN Client for Windows 98 , Windows Millennium Edition, and Windows NT 4.0 Workstation” (http://www .microsoft. com /windows2 000 /server/ evaluation/news/bulletins/l2tpclient.asp) ■ Microsoft Internet Authentication Services Web Portal” (http://www .microsoft. com/ windowsserver2003/technologies/ias/default.mspx)... with Microsoft Windows Server 2003” (http://www .microsoft. com/mspress/books/55 19. asp) ■ “Virtual Private Networking with Windows Server 2003: Overview” (http://www .microsoft. com/windowsserver2003/techinfo/overview/vpnover.mspx) ■ “Virtual Private Networking with Windows Server 2003: Deploying Remote Access VPNs” (http://www .microsoft. com/technet/treeview/default.asp?url=/technet/prodtechnol/ windowsserver2003/deploy/confeat/vpndeplr.asp)... the VPN server If you implement Windows authentication, the RAS and IAS Server certificate must be issued to the VPN Server If you implement RADIUS authentication, the RAS and IAS Server certificate must be issued to the RADIUS server 602 Part III: Deploying Application-Specific Solutions The only modification required for the RAS and IAS Server certificate template is to assign the RAS and IAS Servers... configuration: ■ RADIUS server: A RAS and IAS Server certificate ■ VPN Server: An IPsec certificate and a Web Server certificate ■ VPN Client Computer: An IPsec or an IPsec (offline request) certificate ■ User: A custom version 2 certificate template with the Client Authentication and the Organization VPN User application policy OIDs Network Policy Server Configuration Network Policy Server (NPS) provides... Also, configure both primary and secondary RADIUS servers for all VPN devices so that VPN connectivity still succeeds if a single RADIUS server fails ■ If you use Windows Server 2008 NPS servers, you can deploy the RAS and IAS Server certificates by using autoenrollment This server certificate is required for EAP-TLS mutual authentication ■ The Web Server certificate allows you to provide a custom subject... capabilities Windows 98 , Windows Millennium Edition, and Windows NT 4.0 Professional clients must have the Microsoft L2TP/IPsec VPN Client for Windows 98 , Windows Millennium Edition, and Windows NT 4.0 Workstation installed Resources for more information on this add-on client are listed in “Additional Information” later in this chapter Caution It is possible to deploy L2TP/IPsec without using VPN server and. .. organization’s assigned OID arc Server Authentication For server authentication, it is recommended to deploy the default RAS and IAS Server certificate template This certificate template implements the required Server Authentication application policy OID and is intended for deployment at remote access and RADIUS servers Note Remember that the decision of where to deploy the RAS and IAS Server certificate depends... check box, and then click Next 5 On the Select Server Roles page, select the Network Policy And Access Services check box, and then click Next 6 On the Network Policy And Access Services page, click Next 7 On the Select Role Services page, click Network Policy Server, and then click Next 8 On the Confirm Installation Selections page, click Install 9 If prompted, insert the Windows Server 2008, Standard... IPsec certificates to all VPN servers and clients if deploying L2TP/IPsec Create a version 2 certificate template based on the IPsec certificate template to enable autoenrollment of the certificates to client computers running Windows Vista and Windows XP ■ RADIUS allows centralized administration of all remote access policy and collection of VPN connection activity logs Also, configure both primary and. .. network and at every VPN server You also require certificates for the authenticating server and the VPN user if you implement EAP-TLS authentication The same authentication certificates are required for L2TP/IPsec as for PPTP Secure Sockets Tunneling Protocol (SSTP) Secure Sockets Tunneling Protocol (SSTP) is a new tunneling protocol introduced in Windows Server 2008 and available only to Windows Vista . following certificates be deployed before you start the actual network configuration: ■ RADIUS server: A RAS and IAS Server certificate ■ VPN Server: An IPsec certificate and a Web Server certificate ■. introduced in Win- dows Server 2008 and available only to Windows Vista SP1 and Windows Server 2008 clients. SSTP was developed to allow VPN clients to connect to remote VPN servers through firewall,. VPN server. If you implement Windows authentication, the RAS and IAS Server certificate must be issued to the VPN Server. If you implement RADIUS authentication, the RAS and IAS Server certificate