Solved

Windows 2008/Exchange Server 2010 Public Port Security

Posted on 2014-03-15
7
355 Views
Last Modified: 2014-04-03
Hi Experts,

I have hosted Microsoft Exchange 2010 in a dedicated server hosted outside form our company network. I'm planning to allow only RDP, OutLookanyware (SSL), POP3 SMTP, and IMAP to all the user access.

So can I close all ports listed on the Inbound except above port I required ?

What are best practices for these sort of set up ?

Thanks !
0
Comment
Question by:Shakthi777
7 Comments
 
LVL 6

Expert Comment

by:rick81
ID: 39931118
That's right only open the ports you need. You might need port 80 also
0
 
LVL 7

Assisted Solution

by:Sivaraj E
Sivaraj E earned 166 total points
ID: 39931135
Well enough but add port 80 as per Rick's reply above, also the default RDP port can be changed to something else, hence it is allowed to public network and people will have access to it, I mean your till your login screen so do not give them this chance as well.

Alternate : you can keep the RDP port 3389, but allow only your organization IP's to have access to the server.

Regards, Shiva
0
 

Author Comment

by:Shakthi777
ID: 39931526
Thanks for the comments, I have closed most of all inbound ports leaving only SSL, SMTP, POP, IMAP, RDP. Finally for some reason port 25 was not accessible after I blocked all the others.

How do I understand all these relevant ports only for operate the email server.  Any helpful resources would be highly appreciated.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 7

Expert Comment

by:Sivaraj E
ID: 39931644
Do you mean to check the ports what you allowed is working or not ? If so then it can be done through telnet.

Note : You may need to add this telnet feature on your windows features

Example : on you command prompt type

telnet mail.yourdomain.com 25  (SMTP)
telnet mail.yourdomain.com 110  (POP3)
telnet mail.yourdomain.com 80 (HTTP)

Regards, Shiva
0
 
LVL 5

Assisted Solution

by:arjunvyavahare
arjunvyavahare earned 167 total points
ID: 39932243
Hi,

Thats fine you have opened required ports but my suggestion is instead of opening these ports only open 443 (SSL) port so that there are less changes of attack on the server.

For remote administration purpose use VPN technology which is more secure.

Regards,
Arjun
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 167 total points
ID: 39932946
25 and 443 is all that I open to my servers.
I don't open port 80 and I never use POP/IMAP on the Exchange servers I look after.

RDP usually comes in either via an RDP Gateway or over a VPN, or use something like Teamviewer.

Simon.
0
 

Author Closing Comment

by:Shakthi777
ID: 39974542
thanks for the comments !
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now