At the end of the day either way (single or dual homed), when your box is compromised (hacked), your stuffed.
I would never rely on windows firewall or any "generic" server firewall for that matter Dual homed just complicates things and provides not additional security, from what I understand of your topology NATing also provides no additional security IMNSHO -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Sent: Tuesday, 19 February 2008 14:46 To: Exchange Discussions Subject: RE: Dual-homed Exchange 2007 Edge Server Our security setup is in a design and testing stage at the moment. The current proposal is to use two NICs on the Edge box, one NIC faces Internet directly the second NIC faces internal production network. The Edge server is locked down with Security Configuration Wizard and Windows firewall. I personally don't feel comfortable when a Windows box faces the Internet directly. I would rather place the server behind a router with NATed port 25 or a firewall and separate it from production with another firewall. No need for two NICs and potential issues with routing. Regards, Alex _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] .com Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ********************************************************************** Have you clicked on yet? www.nrc.govt.nz ********************************************************************** NORTHLAND REGIONAL COUNCIL This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] ********************************************************************** _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
