[c-nsp] Securing Exchange 2003

James O'Farrell James.O'Farrell at valuelink.co.uk
Fri Jul 22 12:08:18 EDT 2005


No problem. 

Couple of final things; make sure you have Windows XP patch Q331320
installed on the clients or it may not work; and do try it without the
reghack first I have a feeling It may not be necessary with your setup
as there is no firewall between the Exchange server and GC therefore no
need to lock the RPC service to one port.



-----Original Message-----
From: Paul Stewart [mailto:pstewart at nexicomgroup.net] 
Sent: 22 July 2005 17:00
To: James O'Farrell; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Securing Exchange 2003

Thanks... Citrix is a nice option I'll look into possibly...

Our setup is even simpler actually... The DC is the Exchange server so
just need to protect the box from outside only.... It would be ideal for
a DMZ type setup but not applicable in this setup...

So reghack for RPC service ports, and permit 25,80,443 and we're in
business... That sounds simple enough..;)

Take care,

Paul
 

-----Original Message-----
From: James O'Farrell [mailto:James.O'Farrell at valuelink.co.uk] 
Sent: Friday, July 22, 2005 11:53 AM
To: Paul Stewart; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Securing Exchange 2003

In that case it is should not be too much of a hassle

I assume a setup of 

Client --- Internet ---  FW  --- Exchange ---  FW  --- Internal(DC/AD)
				 1				2

At 1;
Your chosen delivery method probably smtp(TCP 25) And HTTP(TCP
80)/HTTPS(TCP 443) for RCP over HTTP/s

At 2;
LDAP to DC TCP 389 and UDP389
LDAP to GC TCP 3268
Kerberos TCP 88 and UDP 88
DNS TCP 53 and UDP 53


That should do the trick.
There may be an issue with RPC in which case you may need to open (try
without first) RPC port endpoint mapper TCP 135 And RPC service ports
1024-65535 (it would be a good idea to reghack this to a single port for
security reasons)

I hope that helps, I have never set this up on a single server before,
good luck... 

As for Citrix I have not thought of that.

JOF


	

-----Original Message-----
From: Paul Stewart [mailto:pstewart at nexicomgroup.net]
Sent: 22 July 2005 16:34
To: James O'Farrell; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Securing Exchange 2003

Nope... Just one single server.... It only services about 60-70
accounts... 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of James O'Farrell
Sent: Friday, July 22, 2005 11:24 AM
To: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Securing Exchange 2003

Are you using a Front-end/Back-end setup?

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Steve Wright
Sent: 22 July 2005 16:17
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Securing Exchange 2003


> Do you want to offer a full blown Exchange/outlook service or are you 
> happy with outlook web access?

I'd be interested to see what people setup for the full shebang with
exchange, either on a PIX or router.

If anyone would care to share, it would be very much appreciated!

Thanks,

S



This message has been scanned for viruses by MailController -
www.MailController.altohiway.com
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



ValueLink is a specialist service provider of financial data to the
major UK and International centres. Our clients require reliable,
accurate data with maximum coverage on a fixed time delayed basis. We
work closely with each of our clients to provide a service which meets
their specific requirements and maximises efficiency of their process. 

For further information visit our website @ www.valuelink.co.uk

CONFIDENTIALITY: The information in this e-mail and any attachment is
confidential. It is intended only for the named recipient(s). If you are
not a named recipient, please notify the sender immediately and do not
read, use, copy or disseminate this information.

ValueLink Information Services Ltd accepts no liability whatsoever for
any direct or consequential loss arising from the use, or reliance on,
this e-mail or it's contents.



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/







More information about the cisco-nsp mailing list