Solved

Windows 2008/Exchange Server 2010 Public Port Security

Posted on 2014-03-15
7
367 Views
Last Modified: 2014-04-03
Hi Experts,

I have hosted Microsoft Exchange 2010 in a dedicated server hosted outside form our company network. I'm planning to allow only RDP, OutLookanyware (SSL), POP3 SMTP, and IMAP to all the user access.

So can I close all ports listed on the Inbound except above port I required ?

What are best practices for these sort of set up ?

Thanks !
0
Comment
Question by:Shakthi777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 6

Expert Comment

by:rick81
ID: 39931118
That's right only open the ports you need. You might need port 80 also
0
 
LVL 7

Assisted Solution

by:Sivaraj E
Sivaraj E earned 166 total points
ID: 39931135
Well enough but add port 80 as per Rick's reply above, also the default RDP port can be changed to something else, hence it is allowed to public network and people will have access to it, I mean your till your login screen so do not give them this chance as well.

Alternate : you can keep the RDP port 3389, but allow only your organization IP's to have access to the server.

Regards, Shiva
0
 

Author Comment

by:Shakthi777
ID: 39931526
Thanks for the comments, I have closed most of all inbound ports leaving only SSL, SMTP, POP, IMAP, RDP. Finally for some reason port 25 was not accessible after I blocked all the others.

How do I understand all these relevant ports only for operate the email server.  Any helpful resources would be highly appreciated.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 7

Expert Comment

by:Sivaraj E
ID: 39931644
Do you mean to check the ports what you allowed is working or not ? If so then it can be done through telnet.

Note : You may need to add this telnet feature on your windows features

Example : on you command prompt type

telnet mail.yourdomain.com 25  (SMTP)
telnet mail.yourdomain.com 110  (POP3)
telnet mail.yourdomain.com 80 (HTTP)

Regards, Shiva
0
 
LVL 5

Assisted Solution

by:Arjun Vyavahare
Arjun Vyavahare earned 167 total points
ID: 39932243
Hi,

Thats fine you have opened required ports but my suggestion is instead of opening these ports only open 443 (SSL) port so that there are less changes of attack on the server.

For remote administration purpose use VPN technology which is more secure.

Regards,
Arjun
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 167 total points
ID: 39932946
25 and 443 is all that I open to my servers.
I don't open port 80 and I never use POP/IMAP on the Exchange servers I look after.

RDP usually comes in either via an RDP Gateway or over a VPN, or use something like Teamviewer.

Simon.
0
 

Author Closing Comment

by:Shakthi777
ID: 39974542
thanks for the comments !
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question