All, I'm sort of barging into the list here as I haven't really even have much of a chance to lurk yet, but I'm looking for an answer to a specific problem and hope I could get some definitive answers.
A client of ours had an MS Exchange 5.5 server. A few of the executives travel frequently and their previous IT support guy had setup their Firewall to pass traffic directly through to the Exchange server (port 135, plus the static ports as set in the registry). They liked this solution because they said it was much faster than VPN for accessing their email. We have supported this company for more than a year now, and they have since been upgraded to Exchange 2k. I tried to take this opportunity to force the executives to a VPN solution, as it made me nervous to open those ports on the firewall (especially 135), but they said the performance simply wasn't what they wanted, and the extra step of authenticating through the VPN first was too much trouble... (Comments not needed on that... I hear everyone's pain, but my hands are tied. I've tried... really.) That being said, they are generally a reasonable lot and would be willing to change if it was shown that there was a credible security risk. The problem is I cannot seem to locate any specific vulnerabilities which are opened by allowing traffic over ports 135, 1026 (for authentication) and the 3 preset static ports for the Exchange services. The other problem is that because the users are mobile and are using a number of different internet connections, I can't feasibly restrict incoming traffic on those ports to certain addresses or subnets. Can anyone offer some definitive "this is bad because" points, or offer what kind of information or risk there is in keeping port 135 open? Much appreciated. -Aaron _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
