SecureIT-inc
asked on
Security Suggestions (Cost Effective) Short Term and Long Term
Hey gents and ladies,
I have a question, we seem to have our situation under control provided we keep up on "freezing" and deleting all messages in exhchange 2000 - server 2003(although TONS of connectors keep appearing daily). Question is being the IT manager , what do you guys think are some suggestions besides upgrading to exchange to make our network more secure and do a better job at spam filtering/ids protection etc.. We MUST remain PCI compliant due to the credit card capabilities(Huge part of our business). Our setup is old , we run server 2000 - SonicFirewall Pro 2040 , Linksys Business Series SRW224G4P switch , Linksys SRW2008 switch. Backup = Sonicwall CDP 2440i. - I was looking into GFI's antispam system and also Barracudda's products for antispam. We use Postinini for some spam filtering. But we need more security/spam filtering as it seems to be still creating tons of useless connectors. I hope I covered my bases if Im missing something please let me know - again thanks!
I have a question, we seem to have our situation under control provided we keep up on "freezing" and deleting all messages in exhchange 2000 - server 2003(although TONS of connectors keep appearing daily). Question is being the IT manager , what do you guys think are some suggestions besides upgrading to exchange to make our network more secure and do a better job at spam filtering/ids protection etc.. We MUST remain PCI compliant due to the credit card capabilities(Huge part of our business). Our setup is old , we run server 2000 - SonicFirewall Pro 2040 , Linksys Business Series SRW224G4P switch , Linksys SRW2008 switch. Backup = Sonicwall CDP 2440i. - I was looking into GFI's antispam system and also Barracudda's products for antispam. We use Postinini for some spam filtering. But we need more security/spam filtering as it seems to be still creating tons of useless connectors. I hope I covered my bases if Im missing something please let me know - again thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
outsource to gmail, that way they will clean all the email for you, plus if your loose internet connection, server dies, etc. your email will be at google
Exchange 2000 Standard edition hit its end-of-life in January 2011 - as a result you're in the situation where you'll need to soon be either upgrading or moving off to a new mail server.
Windows 2000 is already at end of life and no further updates can be expected. This increases the likelihood of a breach as operating system faults are no longer being patched.
Exchange 2007 or Exchange 2010 both have anti-spam capabilities built in which are far superior to those in Exchange 2000, however the Barracuda (providing it's updated and managed) or Postini to keep it from reaching your internet connection.
I'd further restrict mail sending to Postini by only allowing the IP address of the mail server a route to Postini's servers, and only allow incoming mail from Postini's servers to port 25.
When Exchange is freezing and deleting messages, are the queues moving at all, i.e. are the queues getting overloaded? This can be the result of an infected desktop on the network as well.
Windows 2000 is already at end of life and no further updates can be expected. This increases the likelihood of a breach as operating system faults are no longer being patched.
Exchange 2007 or Exchange 2010 both have anti-spam capabilities built in which are far superior to those in Exchange 2000, however the Barracuda (providing it's updated and managed) or Postini to keep it from reaching your internet connection.
I'd further restrict mail sending to Postini by only allowing the IP address of the mail server a route to Postini's servers, and only allow incoming mail from Postini's servers to port 25.
When Exchange is freezing and deleting messages, are the queues moving at all, i.e. are the queues getting overloaded? This can be the result of an infected desktop on the network as well.
ASKER
Hello guys, first of all again I appreciate you taking valued time to answer my questions. Your hitting the nail on the head with queues getting overloaded. I just walked in the server room a second ago and were at 148 smtp connectors (spam related). If theres a way to eliminate this completely id be as well as my boss be forever grateful. I do realize that server 2000 is no longer being managed. Boss has asked me for a short term solution and a long term solution, and from a business stand point. Cost being a huge factor. When I hit delete (No NDR) on the SMTP connector queue the connectors are listed still (which is annoying - ive tried to freeze and then delete messages (no ndr) and they do not remove. For instance.. one example "Outbound SMTP - eboa.ru (STMP Connector - Remote Delivery ) Frozen. Yet it still remains even with a zero message size and zero ammount of messages. Currently we subscribe to Postini which seems to be working well , although since joining this company I was left with poor documentation on exactly how things are set up and what services are being used. We use Sophos for AV on all machines and SonicWall firewall products. My thought was to use one of GFI's products or a product from the Barracuda line , Cost being a key factor. I dont think the boss is quite ready to migrate from Exchange 03 to a later version, which we both are aware of the better spam handling capabilities as well as ongoing patches/support. So Short Term product suggestions and Long Term suggestions? (Obviously upgrade Exchange to a newer version for later upgrade) but what else can you specifically recommend if you don't mind me asking?
Thanks and if im leaving out some crucial data please re ask and I apologize ahead of time - the networks been a cluster f since day one.
Regards
SecureIT Inc
Thanks and if im leaving out some crucial data please re ask and I apologize ahead of time - the networks been a cluster f since day one.
Regards
SecureIT Inc
I had more connections than that on a bad day.
I'd suggest to read https://secure.wikimedia.org/wikipedia/en/wiki/Anti-spam_techniques
Greylisting alone kills 50% of spam attempts (or viruses), enforcing SMTP compliance is almost as effective.
I also do DNSBL, all in abomination made from exim mailer and iptables.
My config files do not exceed 10KB alltogether (say 5 pages in word) so you can give linux a try
Having both will make user with exchange spam buttons feel better.
I'd suggest to read https://secure.wikimedia.org/wikipedia/en/wiki/Anti-spam_techniques
Greylisting alone kills 50% of spam attempts (or viruses), enforcing SMTP compliance is almost as effective.
I also do DNSBL, all in abomination made from exim mailer and iptables.
My config files do not exceed 10KB alltogether (say 5 pages in word) so you can give linux a try
Having both will make user with exchange spam buttons feel better.
ASKER
So boss has announced a 1500$ budget , this is to include a solution. He wants to be able to block all spam going to our domain says joe@ourdomain.com , bob@ourdomain.com even though Joe/Bob do not exist. Postini works well for exisiting mailboxes but he would like a solution that can prevent I guess you could call it "domain" level spam blocking - so any email hitting our domain will be blocked if not on Postini's list of legitimate email addresses. I hope this makes sense. Again we are running server 2000 and exchange 2003 - we can't have much if any downtime.Mentioned to the boss about having google handle it and he wants everything hosted by us. Thanks again for your comments.
You can resign yesterday.
ASKER
lol Resign? What do you mean?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Guy runs open relay and compalins.
Exchange on internet is a hopeless setup.
Exchange on internet is a hopeless setup.
I'd suggest a split between answers 35472856 and 35467297, but OP's been given the impossible task up upgrading for US$1500 - not gonna happen.
I agree, MidnightOne, but asker also could tune a bit down his attitude, because he has the security hole not people trying to teach him to throw money correctly at the problem....
I'm not seeing the attitude you're talking about, at least not from OP - his boss, who wants it solved NOW for no money, definitely! But not OP.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.