Government Security
Network Security Resources

Jump to content


Example Risk Assessment Of Exchange 2007 With Ms Tam

- - - - - server
  • Please log in to reply
No replies to this topic

#1 bspirovski



  • Sergeant Major
  • 118 posts

Posted 05 November 2009 - 01:47 PM

Previously, we discussed the process of risk assessment assisted with Microsoft Threat Analysis and Modeling. While that post was purely theoretical, we are following up with a sample risk assessment of an IT service - Exchange 2007 infrastructure.

The Assessment is based on the prototype design of Microsoft Exchange Infrastructure, and all Exchange roles are treated as separate component/server. An Active Directory domain controller is added to the infrastructure since Exchange is integrated with it. Also, we added a Mailbox database role, just as an example that we can dissect the roles to the depth that we need.

The elements
The analysis contains the following components. Add them to the appropriate container within the MS TAM
User roles
  • Exchange Admins - all administrators of the infrastructure
  • Exchange Users - users of all Exchange services
  • Exchange OWA Users - users of Online Web Access (webmail users)
  • External mail users - users of other mail servers on the internet
Components with Service Roles
  • Mailbox Server with Mailbox Server Service Role
  • Hub Transport Server with Hub Transport Service Role
  • Edge Transport Server with Edge Transport Service Role
  • Client Access Server with Client Access Service Role
  • Mailbox Database with Mailbox Database Service Role
  • AD Domain Controller with Domain Controller Service Role
Full story

Bozidar Spirovski

Also tagged with one or more of these keywords: server