Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: publications concerning port forwarding

from [Wiedemann, Adrian] Network Security [Permanent Link]
Subject: RE: publications concerning port forwarding
Date: Wed, 11 Apr 2007 19:50:43 +0200 
Hi,


  My concern would be a 0-day exploit for the service that is exposed.> An
internal MS Exchange server responding to public internet traffic,
seems
less secure than say... a postfix server in the DMZ and a MS Exchange
server on the internal network.at least in this situation you would
need
two services to be exploitable (Postfix SMTP and MS Exchange) rather
than
just MS Exchange.


Ok, two things. First, Preventing against a 0day is always hard - regardless
of the system. Second, what do you define as internal? Is the MS Exchange is
only used internally  (no RPC-over-HTTPS, no OWA, etc.), then a port forward
is not necessary. If not, the MS Exchange is not internal, and some more
work has to be done than just using an exim as a SMTP proxy and forwarding
the ports.

If there is only a single MS Exchange Server used, then - I have to agree -
exposing this server (holding the mailbox-storage) to the internet is nuts.
But If this is the scenario, major faults happened when the MS Exchange
infrastructure was planned. 


  Is this an over paranoid stance?  What if the company falls under
"Executive Order on Critical Infrastructure Protection"?


The risk hast to be evaluated - and proper arrangements have to be done.
Just having the ports forwarded without an essential reason is not an
option. 

Regards, Adrian

ret

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  答复: [SPAM] - Re: Boot floppy - Sending mail server found on relays.ordb.org, Cony.Zhou
Next by Date:  RE: Nessus-Nmap command line, Kevin Reiter
Previous by Thread:  RE: publications concerning port forwarding, Jason L. Ellison
Next by Thread:  RE: publications concerning port forwarding, Wiedemann, Adrian
Indexes:  [Date] [Thread] [Top] [All Lists]