One obvious thing I forgot to mention. Static NAT does not distingish between ports or protocols. To prevent attacks against other ports/services on the Exchange box it would be best to filter the traffic and only permit SMTP to pass.
-- Bill Stackpole, CISSP
| [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED] 07/13/00 10:28 AM
|
To: <[EMAIL PROTECTED]> cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: static nat |
To date, there aren't any known vulnerabilities to the Exchange-SMTP gateway. That does not however, mitigate the other obvious problems with mail based attacked including using Exchange as a spam relay, active content attacks (ala ILOVEYOU), HTTP formatted mail attacks, virus infected attachments, flooding the server, DoS attacks, etc. Keep the big picture.
Bill Stackpole, CISSP
| "Yaniv Fine" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 07/13/00 08:48 AM | To: "Firewalls LIST \(E-mail\)" <[EMAIL PROTECTED]> cc: Subject: static nat |
Hi all
We are using check point FW-1 and thinking of installing Exchange server
with Static Nat
What are the risks we are taking in this scenario .
Should I thinks on a tighter security strategy but more expensive
Any pointers are welcome
~~~~~~~~~~~~~~~~~~~
Yaniv Fine
MIS Manager
Know-Net Group
~~~~~~~~~~~~~~~~~~~
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
