Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   
Is your Exchange 2000 Server Secure?
Page 1 | Page 2 | Page 3 | Page 4

Firewall

It is incredibly important to provide some protocol separation between your Exchange server and the Internet. In the event that you are connecting to branch offices or remote offices that are connecting to the Internet without a good firewall, then you may also need to separate your servers from those remote offices.

At a minimum, we are trying to protect our server from UDP and TCP attacks. Packet filtering and blocking is the bottom-line requirement. There are several acceptable ways of protecting your network and allowing access to the Exchange servers, but we will start with the most sophisticated method that allows application filtering and monitoring. 

Microsoft ISA Server - Within your DMZ, you can place an ISA server. This box will provide firewall and proxy cache access for your clients. This server can do some incredible things with application publishing including the ability to "proxy" MAPI requests to the Internet without exposing your Exchange 2000 server. It also provides a mechanism for content scanning in order to accept mail and scan it for attachments or keywords. It can then send the mail to your Exchange Server in your private network.

Exchange 2000 Front End Server -  Exchange 2000 now supports a server configuration that allows clients to access their mailboxes and Exchange content through a central server. This server acts as a relay for the client. When a FE server is placed in your DMZ or otherwise accessed by a POP, IMAP or HTTP client the request is relayed to the appropriate backend server automatically.

Refer to Technet or the support pages for specific setup guides.

Firewall Appliance or Server - Just about any firewall will allow packet and port filtering in order to protect your network and Exchange environment. While this is a good start for protecting your servers, it falls short of complete protection since you have to open ports to allow access to the data in your private network. For example, port 25 must be opened to allow for SMTP traffic, port 80 for HTTP.

By the time you open the necessary ports for HTTP, POP, IMAP, SMTP access you have opened many of the well-known ports and have invited outsiders to attempt hacks into your systems.

 

Is your Exchange 2000 Server Secure?
Page 1 | Page 2 | Page 3 | Page 4

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008