Security Basics mailing list archives
Re: Hardening Windows 2003 Server and Exchange Server
From: kevinlh () hotmail com
Date: 16 Aug 2005 20:42:13 -0000
You should understand what security measures are available, and understand that any single product (in this case Microsoft) does not create a secure operating environment. While it is possible to secure most systems against a cursory invasion attempt, it becomes more difficult if you do not accept a layered approach. I will not harsh on any particular vendor, but a firewall in my opinion should be dedicated to network protection. A server OS such as Microsoft, Linux, BSD, Solaris, etc.. are all multi-function systems. Sure they can protect a network, but often with specialized configurations. Broaden your horizons, and seek out hardware devices for your security needs. Several excellent ones are: Juniper/Netscreen (ASIC), Cisco PIX (yes, it's a UNIX), Nokia (BSD). They have already done the work for you. Also, a good practice is to separate your private systems through the use of perimeter networks (DMZ). Use smart hosts for smtp, reverse proxies for http, and wireless access points on these perimiter networks (use VPN to communicate with your private network). You will sleep better at night knowing you have a distributed architecture with varying levels of access. Another step is to check out the wealth of knowledge at www.nist.gov. Especially the Common Criteria recommendations for Microsoft and other product vendors. THere are also suggestions for EAL4 configurations if you want to follow government standards. If you want some MORE reading, check out RFC2196, ISO17799, BS7799, and the FDIC Technology Guide Booklet (sp?). These references along with the knowledge at NIST, and you are on your way to an understanding of security best practices. Always remember that cheap security is very expensive.
Current thread:
- Hardening Windows 2003 Server and Exchange Server Kalpin Erlangga Silaen (Aug 10)
- Re: Hardening Windows 2003 Server and Exchange Server Sagiko (Aug 15)
- <Possible follow-ups>
- RE: Hardening Windows 2003 Server and Exchange Server Bundschuh, Anthony D. (Aug 12)
- RE: Hardening Windows 2003 Server and Exchange Server Depp, Dennis M. (Aug 12)
- RE: Hardening Windows 2003 Server and Exchange Server Martinez Azair Francisco (Aug 16)
- Re: Hardening Windows 2003 Server and Exchange Server kevinlh (Aug 16)