From: Jason L. Ellison (infotek@datasync.com)
Date: Wed Apr 11 2007 - 12:12:54 EDT
On Wed, 11 Apr 2007, Wiedemann, Adrian wrote:
> ------=_NextPart_000_0009_01C77C1F.25A6FE80
> Content-Type: text/plain;
> charset="us-ascii"
> Content-Transfer-Encoding: 7bit
>
> Hi,
>
> > to forward ports on the PIX from the Internet to internal servers. I
> > have
> > explained that port forwarding is very risky but they don't seem to
> > understand. Are there any publications that can be used to show the
>
> It boils down to the Exchange-Server setup. If he is using a
> frontend-backend Exchange configuration and requests port 443 to be
> forwarded, I see no inherent security concerns about this. In general, I see
> no security implications about forwarding ports. I just depends on the
> servers, on which these ports are forwarded to.
>
> Regards, Adrian
>
> Ret
My concern would be a 0-day exploit for the service that is exposed. An
internal MS Exchange server responding to public internet traffic, seems
less secure than say... a postfix server in the DMZ and a MS Exchange
server on the internal network.at least in this situation you would need
two services to be exploitable (Postfix SMTP and MS Exchange) rather than
just MS Exchange.
Is this an over paranoid stance? What if the company falls under
"Executive Order on Critical Infrastructure Protection"?
-Jason Ellison
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:43 EDT