Re: Security

From: Colin T (ColinT_at_discussions.microsoft.com)
Date: 12/17/04 

Date: Fri, 17 Dec 2004 14:31:03 -0800

Hi Susan,

Thanks for your reply.
So you're a big POP3 fan then ? Err... or am I wrong ? :)
I see your point on a a few things but surely not the PIX ? I know that ISA
is good but will never be on the level of Cisco (wait for the backlash on
that one !:))
Less than 15 minute pull I can live with.
I'm not sure I want spam sent directly to my server, I'd rather filter it
with 3rd party filter such as Mail Washer Pro, or can SBS deal with that, if
so, how ? How is RWW 'less exposed' ?
I know Cisco PIX firewalls need patching but after having to patch them once
in 2 years, I'm very impressed :) How often does Windows need patching ? Only
joking !:). OK, so after reading that my client's data is extremely
sensetive, how do I open ports to allow e-mail to come directly to my server
but still maintain security ? Many thanks for your reply.
Merry Christmas !

"Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:

> Pro POP = no ports open
> Pro SMTP - can't use Exchange IMF filter
>
> POP - password is sent to ISP in clear text.. if the mailbox password is
> the same as your domain password.. you are shipping over the web
>
> POP - gunky email can clog up box
>
> POP - have to buy third party program if you want a <15 minute pull
>
> SMTP is an issue if you use stupid passwords... DON'T DO THAT.
>
> I would argue that Remote web workplace has IMHO the ability to be
> "less" exposed than an VPN. If you are opening VPN, you are already
> opening a risk factor just as large as SMTP. You have a port open there.
>
> You do realize that CISCO pix firewalls need maintenance and patching,
> right? I personally would sandwich the Cisco and have two nics and keep
> the ISA to ensure egress filtering...but that's just me :-)
>
>
>
>
> Colin T wrote:
> > Hi all,
> >
> > I haven't as yet set up an SBS box but intend to do so soon. I have read
> > many of this newsgroups postings and have picked up numerous tips which will
> > no doubt help me when I come to start using SBS 2003. I still have
> > reservations about opening/forwarding ports to allow the SBS box receive SMTP
> > mail as opposed to using the POP3 connector. Can anyone shed any light on the
> > pro's and con's of using SMTP as opposed to the POP3 connector ? My first
> > choice would be the POP3 connector simply because I would not have to open
> > any ports. I intend to install my SBS machine with 1 NIC and use a Cisco PIX
> > Firewall for perimeter security and will use this device to enable any VPN's
> > required. My intended topology will be :
> >
> > Internet -> DSL Router -> Cisco PIX -> Switch ->SBS Box & Clients
> >
> > OWA will not be required by my client and neither will RWW. My client who
> > needs SBS has extremely confidential medical data and this is my reason for
> > not wanting to open up any ports. Incidentally, my client only has 5 mail
> > addresses to collect. Any comments welcomed :) TIA.
> >
> > Regards Colin.
>