Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 2008/Exchange Server 2010 Public Port Security

Posted on 2014-03-15
7
Medium Priority
?
373 Views
Last Modified: 2014-04-03
Hi Experts,

I have hosted Microsoft Exchange 2010 in a dedicated server hosted outside form our company network. I'm planning to allow only RDP, OutLookanyware (SSL), POP3 SMTP, and IMAP to all the user access.

So can I close all ports listed on the Inbound except above port I required ?

What are best practices for these sort of set up ?

Thanks !
0
Comment
Question by:Shakthi777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 6

Expert Comment

by:rick81
ID: 39931118
That's right only open the ports you need. You might need port 80 also
0
 
LVL 7

Assisted Solution

by:Sivaraj E
Sivaraj E earned 498 total points
ID: 39931135
Well enough but add port 80 as per Rick's reply above, also the default RDP port can be changed to something else, hence it is allowed to public network and people will have access to it, I mean your till your login screen so do not give them this chance as well.

Alternate : you can keep the RDP port 3389, but allow only your organization IP's to have access to the server.

Regards, Shiva
0
 

Author Comment

by:Shakthi777
ID: 39931526
Thanks for the comments, I have closed most of all inbound ports leaving only SSL, SMTP, POP, IMAP, RDP. Finally for some reason port 25 was not accessible after I blocked all the others.

How do I understand all these relevant ports only for operate the email server.  Any helpful resources would be highly appreciated.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 7

Expert Comment

by:Sivaraj E
ID: 39931644
Do you mean to check the ports what you allowed is working or not ? If so then it can be done through telnet.

Note : You may need to add this telnet feature on your windows features

Example : on you command prompt type

telnet mail.yourdomain.com 25  (SMTP)
telnet mail.yourdomain.com 110  (POP3)
telnet mail.yourdomain.com 80 (HTTP)

Regards, Shiva
0
 
LVL 5

Assisted Solution

by:Arjun Vyavahare
Arjun Vyavahare earned 501 total points
ID: 39932243
Hi,

Thats fine you have opened required ports but my suggestion is instead of opening these ports only open 443 (SSL) port so that there are less changes of attack on the server.

For remote administration purpose use VPN technology which is more secure.

Regards,
Arjun
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 501 total points
ID: 39932946
25 and 443 is all that I open to my servers.
I don't open port 80 and I never use POP/IMAP on the Exchange servers I look after.

RDP usually comes in either via an RDP Gateway or over a VPN, or use something like Teamviewer.

Simon.
0
 

Author Closing Comment

by:Shakthi777
ID: 39974542
thanks for the comments !
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question