Solved

Windows 2008/Exchange Server 2010 Public Port Security

Posted on 2014-03-15
7
352 Views
Last Modified: 2014-04-03
Hi Experts,

I have hosted Microsoft Exchange 2010 in a dedicated server hosted outside form our company network. I'm planning to allow only RDP, OutLookanyware (SSL), POP3 SMTP, and IMAP to all the user access.

So can I close all ports listed on the Inbound except above port I required ?

What are best practices for these sort of set up ?

Thanks !
0
Comment
Question by:Shakthi777
7 Comments
 
LVL 6

Expert Comment

by:rick81
ID: 39931118
That's right only open the ports you need. You might need port 80 also
0
 
LVL 7

Assisted Solution

by:Sivaraj E
Sivaraj E earned 166 total points
ID: 39931135
Well enough but add port 80 as per Rick's reply above, also the default RDP port can be changed to something else, hence it is allowed to public network and people will have access to it, I mean your till your login screen so do not give them this chance as well.

Alternate : you can keep the RDP port 3389, but allow only your organization IP's to have access to the server.

Regards, Shiva
0
 

Author Comment

by:Shakthi777
ID: 39931526
Thanks for the comments, I have closed most of all inbound ports leaving only SSL, SMTP, POP, IMAP, RDP. Finally for some reason port 25 was not accessible after I blocked all the others.

How do I understand all these relevant ports only for operate the email server.  Any helpful resources would be highly appreciated.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 7

Expert Comment

by:Sivaraj E
ID: 39931644
Do you mean to check the ports what you allowed is working or not ? If so then it can be done through telnet.

Note : You may need to add this telnet feature on your windows features

Example : on you command prompt type

telnet mail.yourdomain.com 25  (SMTP)
telnet mail.yourdomain.com 110  (POP3)
telnet mail.yourdomain.com 80 (HTTP)

Regards, Shiva
0
 
LVL 5

Assisted Solution

by:arjunvyavahare
arjunvyavahare earned 167 total points
ID: 39932243
Hi,

Thats fine you have opened required ports but my suggestion is instead of opening these ports only open 443 (SSL) port so that there are less changes of attack on the server.

For remote administration purpose use VPN technology which is more secure.

Regards,
Arjun
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 167 total points
ID: 39932946
25 and 443 is all that I open to my servers.
I don't open port 80 and I never use POP/IMAP on the Exchange servers I look after.

RDP usually comes in either via an RDP Gateway or over a VPN, or use something like Teamviewer.

Simon.
0
 

Author Closing Comment

by:Shakthi777
ID: 39974542
thanks for the comments !
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
outlook 15 43
exchange, mailbox 4 19
Exchange 2013 sending anonymous spam 2 27
EXCHANGE 6 23
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video discusses moving either the default database or any database to a new volume.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now