SBS 2008 security
Now that Forefront for Exchange will finally expire on my 2008 SBS on December 31, what can I use as a replacement anti-virus and spam filter?
I want to continue to rune the server for another 2 years or so.
I want to continue to rune the server for another 2 years or so.
Last Comment
Exchange Online Protection (EOP) is already widely used to protect millions of mailboxes across the globe, including every single mailbox on Office 365
https://products.office.com/en-us/exchange/microsoft-exchange-online-protection-email-filter-and-anti-spam-protection-email-security-email-spam
https://products.office.com/en-us/exchange/microsoft-exchange-online-protection-email-filter-and-anti-spam-protection-email-security-email-spam
In fact, most would plan for possible alternative scenarios:
- Exchange 2013 includes a basic built-in anti-malware engine to protect you from malicious code and all the Anti-SPAM agents available in Exchange 2010 are still present in Exchange 2013 transport architecture. These features are included in the standard Exchange 2013 server license.
The Exchange 2013 is considered since there is effort to change over to replacement still with FOPE switchover.
So taking an example: With 2013 version still remains fully compatible with Exchange 2010 Edge servers, that is you are running these ideally, you can keep FPE 2010 installed on the 2010 Edges until you complete your migration to Exchange 2013.
- Exchange 2013 includes a basic built-in anti-malware engine to protect you from malicious code and all the Anti-SPAM agents available in Exchange 2010 are still present in Exchange 2013 transport architecture. These features are included in the standard Exchange 2013 server license.
The Exchange 2013 is considered since there is effort to change over to replacement still with FOPE switchover.
So taking an example: With 2013 version still remains fully compatible with Exchange 2010 Edge servers, that is you are running these ideally, you can keep FPE 2010 installed on the 2010 Edges until you complete your migration to Exchange 2013.
When I talk to my customers about security for the server, I like to use the castle and moat analogy.
So I recommend a universal threat management (UTM ) hardware firewall instead of software on the server. Always easier to fight and defeat the enemy outside the castle than wait until it's inside. I use the Calyptix Access Enforcer with great success, but there is also SonicWall, Sophos, Fortigate, and others.
So I recommend a universal threat management (UTM ) hardware firewall instead of software on the server. Always easier to fight and defeat the enemy outside the castle than wait until it's inside. I use the Calyptix Access Enforcer with great success, but there is also SonicWall, Sophos, Fortigate, and others.
To add, the internal threat can be tougher to prevent entirely. Insider threats are tougher to prevent though it is more of deterrence hence data protection strategy is important e.g. safeguarding sensitive document sent out from email or mass email to unauthorised recipients (like not part of dept or project team sanctioned).
Data loss prevention and right management will help to make it tougher for insider attempting exfiltration. The Exchange 2013 support DLP. In order to make use of DLP features, you must have Exchange 2013 or Exchange Online configured with at least one sender mailbox. Data Loss Prevention is a premium feature that requires an Enterprise Client Access License (CAL).
So DLP is another reason for the move into 2013 too..
Data loss prevention and right management will help to make it tougher for insider attempting exfiltration. The Exchange 2013 support DLP. In order to make use of DLP features, you must have Exchange 2013 or Exchange Online configured with at least one sender mailbox. Data Loss Prevention is a premium feature that requires an Enterprise Client Access License (CAL).
So DLP is another reason for the move into 2013 too..
Everyone is suggesting Exchange 2013 as the solution however this is SBS 2008 and the server OS is Server 2008 and he's indicated he plans to keep this server for a couple more years so Exchange 2013 doesn't really seem to be a solution
Long term plan to shift over to exchange 2013 will be good otherwise better to offload tmg end of life to also maybe an application delivery controller that can serves as reverse proxy.
https://f5.com/resources/white-papers/post-tmg-securely-delivering-microsoft-applications
F5 Networks provides ADC products that support Exchange, specifically its BIG-IP Local Traffic Manager appliance solution, which enables pre-authentication via an Access Policy Manager module.
https://f5.com/resources/white-papers/post-tmg-securely-delivering-microsoft-applications
F5 Networks provides ADC products that support Exchange, specifically its BIG-IP Local Traffic Manager appliance solution, which enables pre-authentication via an Access Policy Manager module.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
https://technet.microsoft.com/en-us/library/jj871669(v=exchg.150).aspx
EOP is the replacement for FOPE.