I've been out of messaging for a while, but I'm not sure I'd say Exchange doesn't go in a DMZ. The Edge Transport role is support in the DMZ for 2007/2010.
In this scenario it may make more sense to use an appliance like Barracuda or IronMail. Christopher Bodnar Technical Support III, Distributed Systems Service Delivery - Intel Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected] The Guardian Life Insurance Company of America www.guardianlife.com From: Kurt Buff <[email protected]> To: "NT System Admin Issues" <[email protected]> Date: 01/27/2012 10:20 AM Subject: Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ DLP is way more than just restricting access to removable devices. http://code.google.com/p/opendlp/ VPN access restrictions such as you mentioned are a good thing. There are open source two factor auth solutions. Exchange doesn't go in a DMZ On Fri, Jan 27, 2012 at 06:46, [email protected] <[email protected]> wrote: > > > Ok, so we have had a NCUA IT audit and some of the recommendations are as > follows: > > > > Data Loss Prevention (DLP) > > The Credit Union should have the the ability to use USB storage devices, > DVD, and CD drives turned off unless required. With some for of alerting if > a user is trying to use those devices without permission. > > > > Security Information and Event Management (SIEM) system > > The Credit Union should have a SIEM system in place to consolidate logs from > all devices and applications, encrypt those logs, have real time alerting, > and compliance reporting. > > > > VPN access > > The Credit Union should have Network Access Controls such as scanning the > connecting machine for correct configuration prior to allowing access to the > network, some kind of multi factor token or device, and a more detailed > access list on the VPN client area of the firewall. > > > > DMZ > > The Credit Union should move the Microsoft Exchange server into a DMZ of the > firewall or industry best practice for proxing email traffic into and out of > the DMZ to protect the Credit Union's internal network if a breach occurs on > the email system. > > > > With all of this being said, can you get me some vendor information about > about each of these areas. It can be freeware, it can be appliances, it can > be anything that is easily managable. > > And Management is looking for a quick turn around on this so whitepapers and > recommendations first. > > > > This is what I sent my software vendors. Did I ask the right questions? > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image/jpeg>>
