Any open port is a potential security risk. This risk increases with the amount you "open up" on your firewall. Personally, I would only ever allow SMTP traffic to an (relay protected) exchange box inside a firewall. Anything else and I would relay from a box sitting in the DMZ (for smtp, OWA etc etc) thus meaning I only have to allow the RPC and stuff for exchange between 2 specifically defined boxes from the DMZ to the internal network. It will make your life easier if you open these ports right?? So it follows that a hacker's life becomes easier too. If you choose the lazy route you are likely to pay for it in other ways.
Regards Dom. -----Original Message----- From: Atkinson, Daniel [mailto:[EMAIL PROTECTED]] Sent: 12 December 2001 11:46 To: Exchange Discussions Subject: RE: firewall problem i'd like to open our exchange server through the firewall, but my boss thinks this is a 'massive security risk'. i think if i open it just to specified hosts, then that would be ok. what does anyone else think? dan. > -----Original Message----- > From: Watkins V [mailto:[EMAIL PROTECTED]] > Sent: 12 December 2001 11:16 > To: Exchange Discussions > Subject: firewall problem > > > Dear all, > > I have several exchange servers which work fine through a > firewall except > one, using the TechNet recommended ports for DS and IS of > 1300 and 1301 > respectively. The one that doesn't work is one which is > running Win2K. The > others run NT4. I have set the ports to 1300 and 1301 in the > registry as > usual, but the server is ignoring this fact. It is just > using random ports > and so I am having to change the firewall ports instead!!! > The ports it > uses change after every reboot, so obviously, this is troublesome. > Anyone have a fix for this? > We are using Exchange 5.5 sp4 > > thanks > Vanessa Watkins > Network Manager > Royal Holloway > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]