Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: E-Mail gateway on IIS.

from [Timothy Whisnant] Network Security [Permanent Link]
Subject: RE: E-Mail gateway on IIS.
Date: Mon, 13 Jun 2005 11:12:25 -0400 
I would recommend using separate servers for email and web publishing (if
the company budget is there). If the webserver is compromised, then email
services are still available (vice-versa).

Since I'm guessing that the webserver is visible to the public, it is highly
open to attack. It is a matter of the traffic that is allowed to pass to
each machine (I'm hoping that it is firewalled in some way). Since you would
have more ports open for these services (http, maybe ssl and various email),
you are allowing more avenues of attack. If you only allow certain traffic
to reach these machines, then you are reducing the list of vulnerabilities.

However, if you are comfortable with your deployment of the email server/web
server, lock down ports/services on the machine, audit the event logs and
let it go. Time will tell.

Sincerely,

Timothy Whisnant

E-mail:   timothywhisnant_AT_mcbs.com

-----Original Message-----
From: Jitendra Kalyankar [mailto:jitendra.kalyankar@gmail.com] 
Sent: Monday, June 13, 2005 7:27 AM
To: focus-ms@securityfocus.com
Subject: E-Mail gateway on IIS.


MS Gurus - 

I have on question about the e-mail gateway. I am working with this company
where company has webserver as well as E-Mail gateway on the same server.
Let me know if this will create any security risks. In other words is it
recommanded that you need to have seperate webserver and e-mail gateway
servers.

Any inputs on this are highly appreciated.

-- 
Thanks,
Jitendra Kalyankar

---------------------------------------------------------------------------
---------------------------------------------------------------------------

[This e-mail message and any attached files are confidential and are intended 
solely for the use of the addressee(s) named above. This communication may 
contain material protected by attorney-client, work product, or other 
privileges. If you are not the intended recipient or person responsible for 
delivering this confidential communication to the intended recipient, you have 
received this communication in error, and any review, use, dissemination, 
forwarding, printing, copying, or other distribution of this e-mail message and 
any attached files is strictly prohibited. If you have received this 
confidential communication in error, please notify the sender immediately by 
reply e-mail message and permanently delete the original message. If you are 
unable to reach a recipient at this email domain (mcbs.com or brownrad.com) 
please contact a member of the Computer Support team by calling MCBS, LLC. at 
(706)-737-4575 or (800)-774-4575 or emailing support@mcbs.com.]

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RunAs, Mario Platt
Next by Date:  RE: DHCP database, Beauford, Jason
Previous by Thread:  RE: E-Mail gateway on IIS., Burton Strauss
Next by Thread:  RE: E-Mail gateway on IIS., Meni Milstein
Indexes:  [Date] [Thread] [Top] [All Lists]