Re: Integrate intranet exchange with the outside world best practi

Hey there :)

Thanks for the response, let me see if I can comment.

Mail will be reconfigured to come to your Exchange server.
Users will have their POP3 stuff removed.
Anyone sending mail to you will do so and if your server or link is
offline they will automatically hold the messages for up to two days.
You should have no reason to be off-air for more than a day or so if
you are serious about connecting to the Internet.

I have done this in the past. I would much prefer a more robust system for a
number of reasons. I appreciate your comments but there is nothing about
configuring the terminating point of an MX record to be a dynamic IP
addressed box that I like.

I will ignore the idea that having a dynamic IP somehow means I am not
"serious" about connecting to the internet.

You are mistaken that you do not want to allow direct Internet access
to your Exchange server.

Certainly everyone is welcome to an opinion. My security paranoia is simply
higher than yours. There is no way I am going to allow arbitrary machines
direct connections to the main repository of business information. There is
no reason to do so - that is what the entire concept of "front line" servers
is for.

Handled properly there is no problem. Trust
me, get over that part and move on. Your users will appreciate it and
so will you because it will be far easier to control and manage.

I appreciate you taking the time to comment... but this particular security
requirement is not one I will be "getting over" any time soon :) As for the
management workload - I don't mind it. Security is much more important - and
cost effective - than the man hours.

Bottom line here is that you don't have a problem. All of your
requirements are as basic, normal and manageable with a day or so
consultancy.

While the suggestion of a consultancy is welcome (and common) there is good
reason to acquire the knowledge in house. We have a good admin / IT crew
associated with our organization we are just a bit unfamiliar with this
nuance of Exchange topology. We don't need someone to come in and do it for
us - we jsut need a pointer to some information so that we can make informed
implementation decisions ourselves.

Thanks for your time!

Ken
.

Relevant Pages

  • Re: IE6 vs IE& vs IE8 on SBS
    ... has IE6 or earlier installed, ... security problems with IE6 and earlier, ... have a compelling reason to put IE7 on the server. ...
    (microsoft.public.windows.server.sbs)
  • Re: dual NIC cards
    ... > The reason for the second NIC is for separate ftp traffic ... For security reasons some of our other groups ... I'm finding that our server ... >>> the same NIC card all the time and not try routing out ...
    (microsoft.public.win2000.networking)
  • Re: IE6 vs IE& vs IE8 on SBS
    ... When an app needs it or when MS updates a component that needs it then I'll upgrade. ... I just don't upgrade for no reason either. ... Please don't read that last line as dismissing the possible issues of using a browser from a server, I am not and do not advocate it. ... If true, this makes me wonder if there isn't some of the aforementioned security problems present in any OS that has IE6 or earlier installed, active or not. ...
    (microsoft.public.windows.server.sbs)
  • Re: IE6 vs IE& vs IE8 on SBS
    ... There is a lot going on in the security world so I am trying to strike a ... has IE6 or earlier installed, ... system, server or not, be "more secure" if the preloaded bits were IE7 bits ... have a compelling reason to put IE7 on the server. ...
    (microsoft.public.windows.server.sbs)
  • Re: IE6 vs IE& vs IE8 on SBS
    ... I agree with Cris and Russ, but I'll go as far as to say that you should have a compelling reason to put IE7 on the server. ... You really shouldn't be browsing from the server and you should only be installing trusted 3rd party apps, so IE6, even with all of its security woes, isn't a security hole on a server. ...
    (microsoft.public.windows.server.sbs)