Re: Exchange Security and Administration: Small/Tiny Site

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Adding to what Michael suggested, put your Exchange Server behind a hardware firewall such as Cisco ASA or Sonicwall and its very secure since you are only opening two ports, 25 and 443. I have been running Exchange Servers for customers and clients for many years and yet to see one hacked behind a good firewall, good AV Software and running WUS weekly.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner

"Mark Olbert" <ChairmanMAO@xxxxxxxxxxxxxxxxx> wrote in message news:ts87649o128bsucdnj8rsarkjbg6t98edi@xxxxxxxxxx
I've been using Exchange for the last seven years to maintain calendars, contacts, etc. on my home LAN. However, I've never used it
to handle email, out of a fear that it was not "inherently" secure enough to expose it to the wilds of the internet without more
sysadmin experience than I have. Instead, I handle my email with postfix on a linux box, and restrict external access to the pop3
server to secure stunnel connections. On the Windows side, I currently run Exchange 2003 on a Server 2003 platform behind the
firewall.

I recently ordered the installation of the same environment for the startup company I work at, however, and was pretty impressed by
the ability of Exchange 2003 to interact with Outlook over http. This has caused me to want to rethink my "don't expose Exchange"
decision.

How hard is it to keep Exchange secure, in practice? I am diligent about applying patches and security fixes to all my Windows
software, and I don't mind investing time hardening systems. But I don't want to have to be in the trenches administering security
for Exchange on a weekly basis. Are there security risks related to Exchange's http connector? Advice, perspective and pointers to
resources would be appreciated.

On a more technical note, is setting up Exchange to use the http connector difficult? Does it require that all http traffic be
handled by the Windows Server Exchange is running on? Right now I run Apache httpd on my linux firewall/router to serve webpages,
and I'd like to continue doing that.

- Mark

.

Relevant Pages

  • Re: Exchange Disaster Recovery Server
    ... The backup server is setup also in the lab so I ... >>> The Microsoft Exchange Server computer is not available. ... >>> Microsoft Exchange Server Information Store ...
    (microsoft.public.exchange2000.admin)
  • Re: Unable to Receive Email from the internet
    ... Are you running this on Longhorn server? ... Test from outside your firewall: ... Exchange Server 2007: internet email without Edge ... looking at the firewall inbound rules on my LHS. ...
    (microsoft.public.exchange.setup)
  • Re: Mail sitting in E2k3->E2k7 (Routing Group Connctor) Queue?
    ... I also have similar problem when some of the users somehow still sending to the old Routing group connectors? ... Looking at the Headers and the Queue on the 2003 server, ... Exchange 2003 to Exchange 2007 will delay. ... Seems like I would also need a Routing Connector on the 2000 to bridge to ...
    (microsoft.public.exchange.connectivity)
  • Re: Open ports?
    ... You can't install Exchange without IIS. ... This server isn't going to be as secure as possible. ... >>> However, if this is your domain controller, putting a firewall between ...
    (microsoft.public.win2000.security)
  • Exchange 2003 SP1 periodicaly losses connection to active directory for about 30 minutes
    ... We have active directory in two servers but the mail server fails to ... the promotion of the server to active directory the exchange was up. ... After a Domain Controller is promoted to a Global Catalog, ...
    (microsoft.public.exchange.misc)