RE: Securing SBS from the Internet

Hi Sir,

Thank you for posting in SBS newsgroup.

According to your description, I understand that you want secure your SBS
2003 server from internal and internet.
If this is not your concern, please don't hesitate to let me know.

Based on your condition is too complex, I suggest you try to contact
Product Support Services (PSS) or Advisory Service team via telephone for
further assistance.

To obtain the phone numbers for specific technology request please take a
look at the web site listed below.
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS

If you are outside the US please see http://support.microsoft.com for
regional support phone numbers.

Additional, I'm glad to provide these following informations for your
reference.

1. For OWA, it is by default securely published by SBS 2003 using SSL. If
you chooses to "Allow access to the entire Web Site from the Internet" when
running CEICW, the Outlook Web Access virtual Directories will
automatically require SSL.

2. For POP3, you can enable POP3 require SSL based on KB 319273.

319273 HOW TO: Help Secure Post Office Protocol Client Access in Exchange
2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;319273

3. For SMTP, you can enable SMTP require SSL based on KB Q319267.

Q319267 How to secure Simple Mail Transfer Protocol client message delivery
in Exchange 2000 Server
http://support.microsoft.com/default.aspx?scid=kb;en-us;319267

4. Otherwise, I suggest you install ISA to control network traffic and
securely publish Exchange server.

Q287646 HOW TO: Configure Exchange 2000 or Exchange 2003 Behind an ISA
Server Computer
http://support.microsoft.com/default.aspx?scid=kb;en-us;287646

Q311237 XADM: How to Publish an Exchange Server Computer with ISA Server
http://support.microsoft.com/default.aspx?scid=kb;en-us;311237

I hope this helps. If you have any questions or concerns, please do not
hesitate to let me know.
I am always happy to be of further assistance.

Best regards,

Nathan Liu (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
>Thread-Topic: Securing SBS from the Internet
>thread-index: AcVciyTyH5m/82/iRFOzLmS/BEh/uQ==
>X-WBNR-Posting-Host: 66.155.138.45
>From: "=?Utf-8?B?V29ya3dpdGhjaXNjbw==?="
<Workwithcisco@xxxxxxxxxxxxxxxxxxxxxxxxx>
>Subject: Securing SBS from the Internet
>Date: Thu, 19 May 2005 08:55:14 -0700
>Lines: 13
>Message-ID: <0B947FBB-081D-477F-BC8C-6883C7DFAFFB@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:119878
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>I will soon be deploying SBS 2K3 as an exchange server. We will be
accessing
>it internally only, Except for OWA. How can I secure this server for just
>SMTP, POP3 and OWA at the server without monkeying up the internal
interface.
>It will have apublic on one interface and a private on the other. We
already
>have a VPN router that accepts PPTP connections and that is how we will be
>connecting to it outside our network. It will be located in our COLO and
>available on our 10.0.0.0 255.0.0.0 network with restrictions at the
switch
>it is connected to. It will only require internet access for updates from
the
>windows site, and only be accessed through Terminal Services for
maintenance.
>What can I do to protect it from interanl attacks as well from an infected
>customer network without hampering our ability to access from any of their
>locations? We will be putting on a anti-spam & Anti-Virus package,
probably
>from Trend Micro. Any other suggestions?
>

.

Relevant Pages

  • RE: Help with Internet and Email wizard
    ... Thank you for posting in the SBS newsgroup. ... On SBS Server, run the CEICW, go through "Connection Type" page, on ... Since we don't want to set up an external internet access, ... We can select Option one "Create a new Web server certificate" to ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... Set the 'external' interface of SBS to get it's IP via DHCP from the router ... If the ws does not get an IP from DHCP check the event log on the server, ... They can go one day with out internet, ...
    (microsoft.public.windows.server.sbs)
  • Re: ICMP error when trying to access OWA on SBS 2003 Premium
    ... The Default Web Site is set to listen on the internal IP of the SBS server ... OWA publish rule or IIS manually. ... entire Web site from the Internet" is selected. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 IIS BASED SERVICES FAIL INTERMITTENTLY
    ... If I read your post correctly, you have a switch where the SBS ... Run DHCP server on your SBS, and set all client machine nics to dynamic. ... Once you have your nics configured, run the Connect to the Internet wizard, ... QUESTION1 - what is REFUSING CONNECTIONS? ...
    (microsoft.public.windows.server.sbs)
  • RE: Best way to handle SBS 2003 users who are permanently remote
    ... SBS remote users acces internal resource of the SBS network. ... Internet Connection Wizard -> Configure Remote Access), ... VPN server and when remote users VPN to the SBS network, ...
    (microsoft.public.windows.server.sbs)