http://rr.sans.org/email/corp_email.php
_____________________________________ Daniel Duncan Supervisor, Corporate Web Infrastructure Arch Wireless Holdings, Inc. [EMAIL PROTECTED] 601 . 977 . 1504 -----Original Message----- From: Robert Buel [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 16, 2002 3:38 PM To: 'Hunt, Jim'; [EMAIL PROTECTED] Subject: RE: Security Suggestion (Exchange 2000) & access to files Jim: I would put the Exchange server on the LAN, address translate it, and allow only smtp and pop. The OWA external services can be provided by the existing web server which will use an smtp referral to the internal box. In this way, you don't let web traffic into your internal LAN. BB -----Original Message----- From: Hunt, Jim [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 15, 2002 7:25 AM To: [EMAIL PROTECTED] Subject: Security Suggestion (Exchange 2000) & access to files Here is the scenario I am facing this summer. Please let me know which you would do and why. The firewall is a Cisco PIX 515R with a 3 interfaces (LAN, Internet, and DMZ). A new Microsoft Exchange 2000 Server is being implemented. This server will be dedicated to doing nothing but running Microsoft Exchange 2000 and providing internal access from the LAN via Outlook. It will NOT be a domain controller. Outside access is needed to the mail system to send and receive e-mail. Outlook Web Access (OWA) is also needed to provide users internally and externally access to their e-mail. What is the best scenario to install the system? I see these as the better possible options. (There are more but I didn't think they had merit or I have the money ($$$) to do them.) 1.) Place the unit internally (LAN) with one internal IP and do NAT at the firewall for both the SMTP gateway and OWA. Would (should) I use 1 IP external (Internet) IP for the SMTP Gateway and another IP for OWA? 2.) The unit could be internal (LAN) with 2 NICs; one NIC to the LAN and one NIC to the DMZ for Internet access. IP routing would not be enabled. 3.) There is a web server in the DMZ. A 2 Microsoft Exchange Server set up could be done using the web serer in the DMZ as the SMTP gateway and the OWA Server. (There isn't money ($$$) for a dedicated server in the DMZ for Microsoft Exchange and a Microsoft Exchange inside the LAN too.) (Again, IP routing would not be enabled on the web server. We would need to address the access back to the LAN using it as well.) These seem like the best 3 options. What is everyone's thought? Please only provide productive answers and don't bash Microsoft Exchange or suggest another product. It just isn't possible. (Been there, done that, and lost the fight so now I have to move on and implement.) Jim Hunt Microsoft Certified Systems Engineer Northwestern School Corporation
smime.p7s
Description: application/pkcs7-signature
