> That being said, they are generally a reasonable lot and would be > willing to change if it was shown that there was a credible security > risk. The problem is I cannot seem to locate any specific > vulnerabilities which are opened by allowing traffic over ports 135, > 1026 (for authentication) and the 3 preset static ports for the Exchange > services.
You shouldn't have to. If you do, the lot isn't as reasonable or knowledgeable as you give them credit for. Do you lock all the doors and windows on your house, except one? Do you install a doggie door large enough for humans to fit thorugh? Of course not. The point is, common sense dictates that you add as much trust as you can to any network you build or maintain. If there's a way to do something without opening a port, or making your network more vulnerable, you do it. There are ways to do what the execs want without opening these gaping holes. That part is obvious. What does your security policy say about doing things haphazzardly and opening unnecessary ports? If you don't have one, then that's the first problem. Without one, you can't expect the execs to abide by (or be aware of) common sense security procedures. Once the execs agree their assets are worthy of the protection set forth by your security policy, it should be an easy matter to say "We're doing things this way because it offers 99% functionality and does not violate our corporate security policy." Later, -Mike -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." --Benjamin Franklin _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
