Solved

Windows 2008/Exchange Server 2010 Public Port Security

Posted on 2014-03-15
7
370 Views
Last Modified: 2014-04-03
Hi Experts,

I have hosted Microsoft Exchange 2010 in a dedicated server hosted outside form our company network. I'm planning to allow only RDP, OutLookanyware (SSL), POP3 SMTP, and IMAP to all the user access.

So can I close all ports listed on the Inbound except above port I required ?

What are best practices for these sort of set up ?

Thanks !
0
Comment
Question by:Shakthi777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 6

Expert Comment

by:rick81
ID: 39931118
That's right only open the ports you need. You might need port 80 also
0
 
LVL 7

Assisted Solution

by:Sivaraj E
Sivaraj E earned 166 total points
ID: 39931135
Well enough but add port 80 as per Rick's reply above, also the default RDP port can be changed to something else, hence it is allowed to public network and people will have access to it, I mean your till your login screen so do not give them this chance as well.

Alternate : you can keep the RDP port 3389, but allow only your organization IP's to have access to the server.

Regards, Shiva
0
 

Author Comment

by:Shakthi777
ID: 39931526
Thanks for the comments, I have closed most of all inbound ports leaving only SSL, SMTP, POP, IMAP, RDP. Finally for some reason port 25 was not accessible after I blocked all the others.

How do I understand all these relevant ports only for operate the email server.  Any helpful resources would be highly appreciated.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 7

Expert Comment

by:Sivaraj E
ID: 39931644
Do you mean to check the ports what you allowed is working or not ? If so then it can be done through telnet.

Note : You may need to add this telnet feature on your windows features

Example : on you command prompt type

telnet mail.yourdomain.com 25  (SMTP)
telnet mail.yourdomain.com 110  (POP3)
telnet mail.yourdomain.com 80 (HTTP)

Regards, Shiva
0
 
LVL 5

Assisted Solution

by:Arjun Vyavahare
Arjun Vyavahare earned 167 total points
ID: 39932243
Hi,

Thats fine you have opened required ports but my suggestion is instead of opening these ports only open 443 (SSL) port so that there are less changes of attack on the server.

For remote administration purpose use VPN technology which is more secure.

Regards,
Arjun
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 167 total points
ID: 39932946
25 and 443 is all that I open to my servers.
I don't open port 80 and I never use POP/IMAP on the Exchange servers I look after.

RDP usually comes in either via an RDP Gateway or over a VPN, or use something like Teamviewer.

Simon.
0
 

Author Closing Comment

by:Shakthi777
ID: 39974542
thanks for the comments !
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question