Re: Hi

• From: "Devin McBride" <devin@xxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Mon, 2 May 2005 14:32:04 -0700

Perhaps I missed some of the emails as I dont see any arabic country bashing.  
I'm sure people from every country been ignorant at one point or another when 
it comes to security practice, including myself...

On to the discussion!

Danny pointed out a few very good ideas to start with:
1) Get a firewall; yesterday. If you want a personal recommendation,
email me off-list.
2) Read the documentation provided by the firewall vendor.
3) Implement the firewall in the most secure configuration possibly
without limiting essential functionality.
4) In future, do not email Microsoft Exchange mailing lists with
questions about which hacking tools are recommended to damage your
server.

On top of this, perhaps a firewall is (for some odd reason) out of the question 
for the moment.  I cant think of any good reasons why spending $500-2000 for a 
good firewall would be an issue for a 40 person company, but I'll play along...

1) harden your server - lots you can do here but the basics are dont run any 
services you dont use...turn them all off
2) look into some sort of IDS system - if you cant afford a firewall, I'm not 
sure what good this will do you
3) You also have a number of different tools to test your server if you like 
including Nessus, NetRecon, Nmap, SAFEsuite, SATAN (Security Administrator's 
Tool for Analyzing Networks), SAINT (Security Administrator's Integrated 
Network Tool), Tiger Tools TigerSuite  .... take a look at satan or saint 
possibly as I believe they both detect issues, explain the problem and its 
impact, as well as how to fix it

I do have to agree with John on this however as I dont think anyone should be 
jumping onto a production server without some sort of solid background in the 
matter and thorough research before.

Just to clarify, you are also running terminal services on this server box?  

FYI, giving us the ip would not matter...someone who actually wants to hack 
your server can easily find it using widely available ip scanning tools...

DM


-----Original Message-----
From: William Lefkovics [mailto:william@xxxxxxxxxxxxxxxxx]
Sent: Mon 5/2/2005 11:22 AM
To: [ExchangeList]
Subject: [exchangelist] Re: Hi
 
http://www.MSExchange.org/

>>It is unfortunately prevalent that people from certain parts of the world
think they can just jump into Exchange without the above. 
 
I think country of origin has little bearing on this common practice.
 


  _____  

From: Jason Lehrhoff [mailto:JLehrhoff@xxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Monday, May 02, 2005 10:04 AM
To: [ExchangeList]
Subject: [exchangelist] Re: Hi


http://www.MSExchange.org/


Makes a good point..

 

-Jason

  _____  

From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Monday, May 02, 2005 11:57 AM
To: [ExchangeList]
Subject: [exchangelist] Re: Hi

 

http://www.MSExchange.org/

The problem is that Exchange is an enterprise class server that runs on top
of Windows Server software.

 

As such, BEFORE you can start playing with Exchange, you need to have a good
solid fundamental understanding and know-how of Windows Server operating
system, general networking, basics of how e-mail work, basic understanding
of DNS, basic understanding of the SMTP protocol and last but not least, the
will and desire to search and learn.

 

It is unfortunately prevalent that people from certain parts of the world
think they can just jump into Exchange without the above. Now, whether the
root of that problem is people trying to do things they have no knowledge of
or based cheapskate employers pressing employees to do things they do not
know how to do, or could it even be people volunteering that they could do
this but they really do not have the proper knowledge, or is it a
combination of all of those?

 

That is why I jump on people.

 

Now, back to the post in question, if you go and re-read it I do not find a
question in there.

 

John T

eServices For You

 

-----Original Message-----
From: soso bobo [mailto:soso20052006_4@xxxxxxxxx] 
Sent: Monday, May 02, 2005 7:28 AM
To: [ExchangeList]
Subject: [exchangelist] Re: Hi

 

http://www.MSExchange.org/ 

dear All,

 

May i ask you only one question :-

 

why if some one from arabic country asking small questions about any thing,
i found that all of the people start fiteing with him as if he did something
wrong ?

 

 

this questions which we are see here its from someone who doesnot have any
background at all, and if i was in his Place and asking like this questions
, i will find alot of people try to kill me and BUT some comments which is
give no answer.

 

i had a problem with my Exchange server , and i was asking for any
recommendation, while i was discussing some advanced solutions, and i found
alot of people try to make fun on me.

 

 

can i know why this happen with us , arabic people, espicially from jhon ?

 

i need clear answer for that ? Please , either if the Arabic People have
some Problem with them or there is something else / ?

 

is any supervisor for this mailing list to answer me ? please



Danny <nocmonkey@xxxxxxxxx> wrote:

http://www.MSExchange.org/

On 5/2/05, Skak wrote:
> http://www.MSExchange.org/
> 
> I have Exchange 2000 standard edition installed on win2000 Advance.We have
> a small organization with 40 users.Our Exchange real ip address is exposed
> to Internet that means I can use my server through Remote desktop
> connection software from all over the world.My problem lies here suppose a
> hacker gets my real ip address how can he damage my server using different
> hacking tools and please do not forget to write the names of tools which
> can damage my server.
> 
> Please dont hesitate to ask question except real ip :)

1) Get a firewall; yesterday. If you want a personal recommendation,
email me off-list.
2) Read the documentation provided by the firewall vendor.
3) Implement the firewall in the most secure configuration possibly
without limiting essential functionality.
4) In future, do not email Microsoft Exchange mailing lists with
questions about which hacking tools are recommended to damage your
server.

...D




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as: 
devin@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts:

• » Hi
• » RE: Hi
• » Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » RE: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Re: Hi
• » Hi
• » RE: Hi
• » RE: Hi
• » RE: Hi
• » RE: Hi
• » RE: Hi
• » RE: Hi
• » RE: Hi

1. Home
2. exchangelist
3. Archive
4. 05-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---