Hi Everyone, Lately I've been noticing a number of attempts to hack one of our Exchange Servers. Our network is behind a Pix firewall and I've closed all unnecessary ports and have it fairly tightly locked down. However I have Port 80, 25 and 110 open for Exchange. My main concern is IIS. I am considering the possibility of disabling IIS and OWA on the Exchange server to minimize attacks. I have all the latest NT4 security patches (that I know of) but the hackers are still attempting to do mischief. There are two things I'd like to know: -
1. Is there a means of making IIS bullet proof with a patch or 3rd party tool? 2. Is it possible to install the OWA component on a server that is running IIS but not Exchange? The reason I ask this is because we have a web server that's running IIS. I thought it may reduce the risk of attack if I remove IIS from the Exchange server and use our web server for OWA? I know this is probably a dumb question but I thought I'd ask it anyway. I've checked out the FAQ but couldn't find anything on this particular scenario. The Exchange server in question is running Exchange 5.5 and Nt4 (SP6). The web server is running W2K (SP2). I'd greatly appreciate feedback re this. Regards Tony Tony McCarthy Systems Engineer OSI Software Ltd Auckland New Zealand Ph:64 09 522 5909 Fax:64 09 522 5901 Mob: 021 703035 _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]