Isn’t the
DMZ as secure as the LAN with the exception that certain ports are open for the
various services on the servers in the DMZ? I guess I just don’t see the difference other than that and
the fact that the LAN is “unknown” to the DMZ. But like I said, I know jack about this stuff, which is why I’m
asking. Leaving it on the LAN
actually sounds easier to me anyway, I just want to understand why it is more
secure. Seems like a bad idea leaving
an “exposed” computer on your LAN—I thought that was the whole point of a DMZ. -----Original Message----- Exchange just doesn't belong on a
DMZ. What purpose would it serve there? For every single purpose
anyone could think of, there is a better solution that keeps Exchange inside
the firewall, more secure and less prone to hacker attacks. Ben Winzenz, MCSE Network/Systems Administrator Peregrine Systems -----Original Message----- This may sound ignorant, and if it
does, then I guess it really is ignorant, but here goes anyway. Why is placing an Exchange server on
the DMZ bad? We are getting a PIX soon and are going to be changing a lot
of things here. Our reseller just informed me the price of the PIX 515
dropped big time too but that it is also being replaced by a faster one...the
515E for the same price. -----Original Message----- That was the intent of what I was thinking
- something to tide him over. But he also didn't say whether this was
multihomed, or sitting in the DMZ (Gosh I hope not!), or what. Without
more specifics, we are trying to hit baseballs with straws. Ben Winzenz, MCSE Network/Systems Administrator Peregrine Systems -----Original Message----- I was thinking the same thing. Heck, even
Zonealarm or something just to hold you over. -----Original Message----- You can turn off
unused/unwanted protocols under the Site, Configuration, Protocols, properties
for each protocol. This should render the ports inactive and unable to
accept connections on them. You can also do the same on a per server
basis under the Server, Protocols, properties for each protocol. This
will cover the Exchange protocols only though. I really think that if
you are wanting to filter that many ports, you should look at a firewall.
Heck, even if it is a software firewall to start with. It would be better
than nothing. Ben Winzenz, MCSE Network/Systems
Administrator Peregrine Systems -----Original
Message----- Why no SSL? -----Original
Message----- Thanks
for the reply. Not for
relay, but we do not have any firewall as yet, and i would like to close
unecessary ports. Its a fresh installtion NT server PDC, Exchange 5.5. So all
the ports are open. I just want 25, 110, 80 to be open. I tried
that on TCP/IP security and nobody could connect to mail server .... -----
Original Message ----- From: Martin Blackstone Sent: Thursday, February 21,
2002 11:02 PM Subject: RE:
Securing Exchange Server So are you
saying someone used you as a relay or hacked your box or what? Are you behind
a FW? What ports are open to the Exch server? -----Original Message----- Hello, I have
tried many times but failed to secure Our Exchange Server. We have a Exchnage
server for only Server
has NT4, IIS4, DNS. How Do
I use TCP IP security tab to configure security so that all the unnecessary
ports are closed, we only use exchnage for POP3 and SMTP. The
last time I tried I got Max user limit .... on SMTP List Charter
and FAQ at: List Charter
and FAQ at: List Charter and FAQ at: List Charter and FAQ at: List Charter and FAQ at: List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm |
Title: Message
- Re: Securing Exchange Server Manish Govindji
- RE: Securing Exchange Server Ben Winzenz
- RE: Securing Exchange Server Martin Blackstone
- RE: Securing Exchange Server Allen Crawford
- Re: Securing Exchange Server Manish Govindji
- RE: Securing Exchange Server Martin Blackstone
- RE: Securing Exchange Server Clark, Steve
- RE: Securing Exchange Server Allen Crawford
- RE: Securing Exchange Server Ben Winzenz
- RE: Securing Exchange Server Ben Winzenz
- RE: Securing Exchange Server Allen Crawford
- RE: Securing Exchange Server Jim Holmgren