Any open port is a potential security risk. This risk increases with the
amount you "open up" on your firewall. Personally, I would only ever allow
SMTP traffic to an (relay protected) exchange box inside a firewall.
Anything else and I would relay from a box sitting in the DMZ (for smtp, OWA
etc etc) thus meaning I only have to allow the RPC and stuff for exchange
between 2 specifically defined boxes from the DMZ to the internal network.
It will make your life easier if you open these ports right?? So it follows
that a hacker's life becomes easier too. If you choose the lazy route you
are likely to pay for it in other ways.

Regards

Dom.

-----Original Message-----
From: Atkinson, Daniel [mailto:[EMAIL PROTECTED]]
Sent: 12 December 2001 11:46
To: Exchange Discussions
Subject: RE: firewall problem


i'd like to open our exchange server through the firewall, but my boss
thinks this is a 'massive security risk'. i think if i open it just to
specified hosts, then that would be ok. what does anyone else think?

dan.

> -----Original Message-----
> From: Watkins V [mailto:[EMAIL PROTECTED]]
> Sent: 12 December 2001 11:16
> To: Exchange Discussions
> Subject: firewall problem
> 
> 
> Dear all,
> 
> I have several exchange servers which work fine through a 
> firewall except
> one, using the TechNet recommended ports for DS and IS of 
> 1300 and 1301
> respectively.  The one that doesn't work is one which is 
> running Win2K.  The
> others run NT4.  I have set the ports to 1300 and 1301 in the 
> registry as
> usual, but the server is ignoring this fact.  It is just 
> using random ports
> and so I am having to change the firewall ports instead!!!   
> The ports it
> uses change after every reboot, so obviously, this is troublesome.
> Anyone have a fix for this?
> We are using Exchange 5.5 sp4
> 
> thanks
> Vanessa Watkins
> Network Manager
> Royal Holloway
> 
> _________________________________________________________________
> List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
> Archives:               http://www.swynk.com/sitesearch/search.asp
> To unsubscribe:         mailto:[EMAIL PROTECTED]
> Exchange List admin:    [EMAIL PROTECTED]
> 

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

Reply via email to