Thanks Troy!
-------------------------- Chad Weatherford Shoe Carnival Systems Administrator 812-867-8314 812-204-0235 cell Sent via BlackBerry ----- Original Message ----- From: Troy Meyer <[email protected]> To: NT System Admin Issues <[email protected]> Sent: Fri Jul 17 18:50:45 2009 Subject: RE: Port 443 Question Seems to be topic of the day. Your risk is that you now have 443 open to the internet, pure and simple. Is that good/bad/ugly, that is for you to decide. It is my personal opinion that the server holding my mailbox databases is the holy grail. If that goes down for some reason every single user with mail on that server notices. And as such, I try to minimize risks that can take down entire mb server. When you bring up a FE or CAS you separate your holy grail from the internet and try to minimize the risk. If some attack on 443 (say a modified DDOS that your machine does����t know how to deal with) takes down a FE server you have limited functionality for phones and owa, if that were a mailbox server, you might have a whole office of people unable to utilize any exchange functionality. As previously stated by Carl, people understand the need for a BES server, they should also understand the need for a FE for activesync. It is the right way to do it. Have a good weekend -troy From: Weatherford, Chad [mailto:[email protected]] Sent: Friday, July 17, 2009 12:21 PM To: NT System Admin Issues Subject: Port 443 Question If port 443 were opened up to our internal exchange server so iPhon����s could send and receive email (testing phase; we do not have a front end OWA server or ISA server yet) what kind of risks are we opening ourselves up to? Thanks! Chad ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
