|
Posted by Jason Edwards on February 5, 2005, 8:32 pm
If you were Registered and logged in, you could reply and use other advanced thread options > I recently installed SBS 2000, including ISA 2000 and Exchange 2000, on
> a clients server and I'm a little concerned about the fact that,
> according to programs such as "Shields Up" (I do not want to instigate
> a flame war about the merits of Shields Up however), a number of ports
> are wide open.
> The client does run a mail server and uses Outlook Web
> access so I presume that certain ports need to be open for their mail
> to function properly.
>
> My question is: how can I provide the maximum protection for my client
> and still leave their mail server, etc... functional? I've installed
> all the patches for ISA and Exchange. The ports that show as "open" on
> "Shields Up" are 80; 110; 25; and 443.
When I run shields up from my current location I find 25, 80 and 443 open
(but not 110 because I don't need it). It's been like that for four years
without problems.
> I know what these ports are
> for. Can I, or do I need to, mask them from the internet?
That would make it difficult to use outlook web acces (you do use SSL for
OWA, don't you?)
It would also make it difficult to receive incoming email.
It is likely that 110 does not need to be open to the Internet.
> All of
> these ports were open by default after installing SBS 2000.
>
> I know Microsoft is part of the problem when it comes to security but
> could the default configuration of ISA be dangerous?
I would run some more sophisticated tests against that box.
http://www.hackerwhacker.com/
would be a good start.
I don't recommend running Windows 2000 directly on the Internet.
Get an external firewall box and port forward 25,80,443 to your Windows 2000
box.
Jason
>
> Any help would be greatly appreciated.
>
> Kevin G
>
| 
XML site map