Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: E-Mail gateway on IIS.

from [Meni Milstein] Network Security [Permanent Link]
Subject: RE: E-Mail gateway on IIS.
Date: Mon, 13 Jun 2005 20:03:34 +0300 


You are looking at it from two perspectives. (or at least - you should be).

One machine is one point of attack - meaning if the machine is successfully
attacked then both services are down... as Burton implies.

Two different machines are more costly to maintain and if you say that you
run both sevrices on the same machine I assume that they have the same OS...
which means that securing them would just about be the same Job (aside from
securing the actual protocols themselves...)

I would go with two separate machines if I had the budjet... always cooler
to have at least 50% of services running in case a of a real attack. But I
see no real issue that can arise from running the services on one machine.
Of course - this machine should be strong enough to support both services.
If your mail GW scans outgoing mails for viruses, then  I guess, depending
on the size of your org, the server may need to handle loads... in which
case you should consider seperating the services. 

In terms of security - I see no problem.

Good luck.

Meni Milstein
http://www.lcs-guides.com



-----Original Message-----
From: Burton Strauss [mailto:BStrauss3@comcast.net] 
Sent: Monday, June 13, 2005 6:38 PM
To: 'Jitendra Kalyankar'; focus-ms@securityfocus.com
Subject: RE: E-Mail gateway on IIS.

Two separate boxes are two separate points of attack.  One box is a single
point, slightly more attractive to the bad guy.

Two boxes mean both require the same OS patches and basic OS security
(hardening).

Either way, each service needs to be secured individually.

It might be less disruptive to be able to reboot separately, or it may be
easier to only need one reboot.

Probably can go both ways depending on your personal preference.


-----Burton



-----Original Message-----
From: Jitendra Kalyankar [mailto:jitendra.kalyankar@gmail.com] 
Sent: Monday, June 13, 2005 6:27 AM
To: focus-ms@securityfocus.com
Subject: E-Mail gateway on IIS.

MS Gurus - 

I have on question about the e-mail gateway. I am working with this company
where company has webserver as well as E-Mail gateway on the same server.
Let me know if this will create any security risks. In other words is it
recommanded that you need to have seperate webserver and e-mail gateway
servers.

Any inputs on this are highly appreciated.

--
Thanks,
Jitendra Kalyankar

---------------------------------------------------------------------------
---------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Scripted Software removal (Encrypting Credentials), Matt Ostiguy
Next by Date:  RE: DHCP database, Laura A. Robinson
Previous by Thread:  RE: E-Mail gateway on IIS., Timothy Whisnant
Next by Thread:  RE: E-Mail gateway on IIS., Beauford, Jason
Indexes:  [Date] [Thread] [Top] [All Lists]