Hardening E2k/W2k on the firewall
Here is a loaded question, but I would seriously like an answer. Is it possible to sufficiently harden Windows 2000 / Exchange 2000 to be a viable candidate at the firewall/DMZ level? We are currently looking at using Sun boxes at the firewall level to pass mail in and out of the DMZ to our Exchange infrastructure. I wanted to investigate whether it was possible to make the whole infrastructure Exchange and what risks are involved. Can someone point me to specific articles discussing this topic? TIA -- Matt Lathrum General Dynamics Decision Systems When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Hardening E2k/W2k on the firewall
You might like to check out this whitepaper as a starting point: http://www.microsoft.com/Exchange/techinfo/deployment/2000/E2KFrontBack. asp Good for HTTP, POP, IMAP, etc. But if you're looking at SMTP in a DMZ, a FE server is probably not the best idea - the IIS SMTP service would probably fit better here. Neil -Original Message- From: Lathrum Matt-P55173 [mailto:[EMAIL PROTECTED]] Posted At: 08 January 2002 16:45 Posted To: Sunbelt Exchange List Conversation: Hardening E2k/W2k on the firewall Subject: Hardening E2k/W2k on the firewall Here is a loaded question, but I would seriously like an answer. Is it possible to sufficiently harden Windows 2000 / Exchange 2000 to be a viable candidate at the firewall/DMZ level? We are currently looking at using Sun boxes at the firewall level to pass mail in and out of the DMZ to our Exchange infrastructure. I wanted to investigate whether it was possible to make the whole infrastructure Exchange and what risks are involved. Can someone point me to specific articles discussing this topic? TIA -- Matt Lathrum General Dynamics Decision Systems When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm ** This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands, or any of its subsidiary companies. If you have received this email in error, please contact our Support Desk immediately by telephone on 01202-36 or via email at [EMAIL PROTECTED] ** List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Hardening E2k/W2k on the firewall
I think that the SMTP virtual server would probably be safer, combined with Trend's anti-virus and anti-spam software. I don't want my AD accessible from the outside. Do you have any tips for hardening? Personally, I remember the SMTP virtual server as a clunky easy-to-hang service a year ago. I hope it has changed! -- Matt Lathrum General Dynamics Decision Systems When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. -Original Message- From: Neil Hobson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 08, 2002 9:55 AM To: MS-Exchange Admin Issues Subject:RE: Hardening E2k/W2k on the firewall You might like to check out this whitepaper as a starting point: http://www.microsoft.com/Exchange/techinfo/deployment/2000/E2KFrontBack. asp Good for HTTP, POP, IMAP, etc. But if you're looking at SMTP in a DMZ, a FE server is probably not the best idea - the IIS SMTP service would probably fit better here. Neil -Original Message- From: Lathrum Matt-P55173 [mailto:[EMAIL PROTECTED]] Posted At: 08 January 2002 16:45 Posted To: Sunbelt Exchange List Conversation: Hardening E2k/W2k on the firewall Subject: Hardening E2k/W2k on the firewall Here is a loaded question, but I would seriously like an answer. Is it possible to sufficiently harden Windows 2000 / Exchange 2000 to be a viable candidate at the firewall/DMZ level? We are currently looking at using Sun boxes at the firewall level to pass mail in and out of the DMZ to our Exchange infrastructure. I wanted to investigate whether it was possible to make the whole infrastructure Exchange and what risks are involved. Can someone point me to specific articles discussing this topic? TIA -- Matt Lathrum General Dynamics Decision Systems When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm ** This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands, or any of its subsidiary companies. If you have received this email in error, please contact our Support Desk immediately by telephone on 01202-36 or via email at [EMAIL PROTECTED] ** List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm