how can I sercure an exchange server from a brute force attack via iis ntlm

how can i secure a exchange server from a brute force attack from IIS NTLM ?
LVL 3
brikeyesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rakeshmiglaniCommented:

http://www.microsoft.com/technet/community/columns/5min/5min-301.mspx
5-minute Security Advisor - Configuring Outlook Web Access

http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/exmessec.mspx
Exchange Server 2003 Message Security Guide

TechNet Webcast: Secure Access to Microsoft Exchange from the Internet—Level 300
http://www.microsoft.com/usa/webcasts/ondemand/2380.asp

XCCC: Front-End Server Considerations
http://support.microsoft.com/default.aspx?scid=kb;en-us;274219

Exchange Server Front-end/Back-end Terminology and Implementation
http://support.microsoft.com/default.aspx?scid=kb;en-us;246739

XADM: Setting Permissions on Virtual Directories in a Front-End and Back-End Deployment
http://support.microsoft.com/default.aspx?scid=kb;en-us;328757

XADM: White Paper - Using Microsoft Exchange 2000 Front-End Servers
http://support.microsoft.com/default.aspx?scid=kb;en-us;326276

Exchange Server 2003 Deployment Guide
http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/depguide.mspx

Publishing Outlook Web Access (OWA) Sites using ISA Server 2004 Firewalls
http://www.isaserver.org/articles/2004owapub.html

RSA - Outlook Web Access Solution Brief
http://rsasecurity.agora.com/rsasecured/guides/solutions/MSOWA_LOGO_Brief_11_24_02.pdf
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SembeeCommented:
Disconnect it from the Internet.

The point is - if someone is determined enough to get in, they will. If they can't brute force, then they will use another mechanism, social engineering for example.

Simon.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.