Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
exchange 2000 setup
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
exchange 2000 setup - 3.May2006 11:30:47 PM
|
|
|
zmobile
Posts: 9
Joined: 12.Oct.2004
From: US
Status: offline
|
I am just curious about something and hope someone could shed some light on the subject. I came across a system that was running exchange 2000 and ISA 2000 on wink2 domain. The exchange server had two NICs, one on the internal network and one connected to the dmz. Same with the ISA. The exchange server was also configured as a caching only DNS server with forwarders set to the ISP DNS servers along with the SMTP VS set to point to the ISP DNS servers. All clients and servers except the mail server go through the ISA for Internet connectivity.
The internal DNS never resolves outside the trusted network, Mail resolves through the forwarders set within DNS on this server and clients resolve via ISA connection.
What is the purpose of this? and is this normal setup? I was never shown this type of conffiguration before, so it kinds took me off gaurd. I always thought that the internal DC\DNS servers, say 2 of them, would have forwarders set. All other servers including the exchange server (sitting completely in the trusted network) would resolve to those servers internally and then externally through the forwarders specified within the DC\DNS servers. I know ISA is a differnet story, but I wanted to show the complete network connections.
Is this a security risk? it seems as though if the exchange (dmz) side of the house gets hacked then they have complete access to the internal network? just a thought? Wouldn't it be better to place an SMTP relay server in the dmz and create firewall rules between the relay and mail server?
Can someone help explain this setup to me...
|
|
|
|
|
RE: exchange 2000 setup - 10.May2006 11:00:22 AM
|
|
|
bipolarchucker
Posts: 49
Joined: 20.Jan.2006
From: Leeds, UK
Status: offline
|
Sounds like you're right, the attack surface is increased with the mail server being attached to the DMZ, it is effectively unprotected from direct attack, unless there's a perimeter firewall which it sounds like there is. Ideally you should bring the mail server right inside the internal network and use the ISA server to publish it. Attack surface is reduced by doing so.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
