Re: Making sure OWA is secure

  • From: Danny <nocmonkey@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 12 Oct 2004 14:07:40 -0400

On Tue, 12 Oct 2004 12:28:22 -0400, Mulnick, Al <al.mulnick@xxxxxxxxxx> wrote:
> Danny, do you have a server with only 443TCP access on the internet?

No -- it's IPSec VPN or nothing from the Internet into my network.
But, if you had a dedicated OWA (front-end) server with SSL based OWA,
what other essential ports would you need open for an external
(Internet) interface?

> What was your thinking for this type of setup and what does it provide your
> company?

Obviously if your OWA/Exchange server was not dedicated to the role
and also received and delivered email via SMTP, then you would open up
port 25, but, in my case, I never allow Microsoft services respond
directly to TCP/IP traffic from the Internet. For example, I have a
Postfix based MTA setup as the SMTP gateway for all incoming and
outgoing email traffic. If I did have an OWA server, I would have an
intrusion prevention and intrusion detection firewall (can be had for
less than $1000 for small to medium business) in-front of it.

> As long as we're viewing that as recommendation?

Lettah was very brief with his/her question, so I was very brief with
my answer. Lets call them a list of tips. When I have more information
about requirements, budget, environment, personnel responsible after
implementing, etc., then I will make more of a recommendation based on
my experience and research.


Other related posts: