One word ANTIGEN
www.sybari.com Joseph Ambrose System and Network Manager The Conference Board P: 001-212-339-0443 F: 001-212-836-3802 E: [EMAIL PROTECTED] Visit our Award Winning Web Site: www.conference-board.org -----Original Message----- From: Ken Leyba [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 20, 2002 6:56 PM To: MS-Exchange Admin Issues Subject: RE: Stupid Firewall Tricks No, we have A/V. I'm looking at alternatives to IncoulateIT. ----- Ken Leyba Windows/Exchange System Administrator California State University Dominguez Hills > -----Original Message----- > From: Bob Falkenberg [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, March 20, 2002 3:54 PM > To: MS-Exchange Admin Issues > Subject: RE: Stupid Firewall Tricks > > > no anti-virus?????? egads... > > -----Original Message----- > From: Ken Leyba [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, March 20, 2002 3:49 PM > To: MS-Exchange Admin Issues > Subject: RE: Stupid Firewall Tricks > > > That's the rub. We have had no problems with on campus > users. All of our > Exchange problems have been viruses. I would have rather > spent the time and > money on a virus wall, content inspection or an alternative > A/V solution. > > ----- > Ken Leyba > Windows/Exchange System Administrator > California State University Dominguez Hills > > > > -----Original Message----- > > From: William Lefkovics [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, March 20, 2002 3:40 PM > > To: MS-Exchange Admin Issues > > Subject: RE: Stupid Firewall Tricks > > > > > > I have never worked for an .edu [1], but from my experience > > with people who > > have, they often have users that like to test the boundaries > > of security and > > go as far as their IT department allow. I hope your students > > are not as > > ambitious. > > > > It's great you'll be able to block, say, ftp to Exchange, but > > the other > > holes open up too many opportunities for fun. Move the > firewall from > > between the users and Exchange to between the internet and > the users. > > > > [1] Hi Jamie > > > > > > -----Original Message----- > > From: Ken Leyba [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, March 20, 2002 3:35 PM > > To: MS-Exchange Admin Issues > > Subject: RE: Stupid Firewall Tricks > > > > > > IT. > > > > ----- > > Ken Leyba > > Windows/Exchange System Administrator > > California State University Dominguez Hills > > > > > > > -----Original Message----- > > > From: William Lefkovics [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, March 20, 2002 3:34 PM > > > To: MS-Exchange Admin Issues > > > Subject: RE: Stupid Firewall Tricks > > > > > > > > > The more important firewall is between the internet and your > > > organisation. > > > > > > What is this guy a director of? > > > > > > > > > -----Original Message----- > > > From: Ken Leyba [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, March 20, 2002 3:32 PM > > > To: MS-Exchange Admin Issues > > > Subject: RE: Stupid Firewall Tricks > > > > > > > > > Yes, the clients will use POP/SMTP, IMAP and MAPI. That > > was my point > > > exactly, we'll have two Swiss Cheese firewalls. Unless the > > > Cisco PIX can do > > > some kind of magic firewall tricks that I don't know about. > > > > > > Ken > > > > > > ----- > > > Ken Leyba > > > Windows/Exchange System Administrator > > > California State University Dominguez Hills > > > > > > > > > > -----Original Message----- > > > > From: William Lefkovics [mailto:[EMAIL PROTECTED]] > > > > Sent: Wednesday, March 20, 2002 3:22 PM > > > > To: MS-Exchange Admin Issues > > > > Subject: RE: Stupid Firewall Tricks > > > > > > > > > > > > How are you intending these users access the exchange server? > > > > MAPI client > > > > like Outlook? > > > > > > > > The holes necessary for your users to communicate with > > > > Exchange are such > > > > that your firewall between the users and Exchange has been > > > > rendered useless. > > > > > > > > > > > > -----Original Message----- > > > > From: Ken Leyba [mailto:[EMAIL PROTECTED]] > > > > Sent: Wednesday, March 20, 2002 3:15 PM > > > > To: MS-Exchange Admin Issues > > > > Subject: Stupid Firewall Tricks > > > > > > > > > > > > Our director wants us to implement a firewall in front of > > > our Windows > > > > 2000/Exchange 5.5 servers. Here is what the scenario is: > > > > > > > > Internet <--> Users <--> Firewall <--> Exchange > > > > > > > > On the Exchange side we have the DC's, Exchange, IMC, OWA, > > > > etc. servers. On > > > > the public side we have the Windows 98/2000 clients, WINS > > > > server (which is a > > > > whole different issue) and Internet. There is a firewall > > before the > > > > Internet connection but it is basically useless since nothing > > > > is configured. > > > > On the private side we are to use NAT, since all the servers > > > > except the > > > > backup server will need to be accessed from the outside I > > > > really don't see > > > > what this is buying us. Basically we are putting a firewall > > > > in front of > > > > Exchange. We are currently testing the configuration but I > > > > think this may > > > > end up being a nightmare once we begin to change the Windows > > > > 2000 servers > > > > (i.e. Active Directory) IP addresses and DNS settings to > > the private > > > > addresses. > > > > > > > > I began by making registry hacks to force the RPC's through > > > > specific ports > > > > but our backbone admin figured out how to configure the PIX > > > > firewall without > > > > me having to make the changes. Now I'm reinstalling the test > > > > server to see > > > > that it's actually working. > > > > > > > > Can anyone give me any ammo as to why this is not the way to > > > > do things. I > > > > have tried to explain but I'm getting nowhere. I don't > > > know maybe I'm > > > > wrong. However it seems it would be safer to implement the > > > > firewall at the > > > > internet connection, we seem to be trying to protect > > > > ourselves from our > > > > users. There would be a lot of politics involved with the > > > > Internet firewall > > > > but it does seem like the way to go. > > > > > > > > Thx, > > > > Ken > > > > > > > > ----- > > > > Ken Leyba > > > > Windows/Exchange System Administrator > > > > California State University Dominguez Hills > > > > > > > > List Charter and FAQ at: > > > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > > > > > List Charter and FAQ at: > > > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > > > > > > > List Charter and FAQ at: > > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > > > List Charter and FAQ at: > > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > > > > List Charter and FAQ at: > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > List Charter and FAQ at: > > http://www.sunbelt-software.com/exchange_list_charter.htm > > > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
