Avatar of DesertDawg
DesertDawgFlag for United States of America asked on

SBS 2008 security

Now that Forefront for Exchange will finally expire on my 2008 SBS on December 31, what can I use as a replacement anti-virus and spam filter?

I want to continue to rune the server for another 2 years or so.
Microsoft Forefront ISA ServerSBSExchangeAntiSpam

Avatar of undefined
Last Comment
btan

8/22/2022 - Mon
Scott C

Exchange Online Protection (EOP).

https://technet.microsoft.com/en-us/library/jj871669(v=exchg.150).aspx

EOP is the replacement for FOPE.
Luis Moura

Exchange Online Protection (EOP) is already widely used to protect millions of mailboxes across the globe, including every single mailbox on Office 365

https://products.office.com/en-us/exchange/microsoft-exchange-online-protection-email-filter-and-anti-spam-protection-email-security-email-spam
btan

In fact, most would plan for possible alternative scenarios:
- Exchange 2013 includes a basic built-in anti-malware engine to protect you from malicious code and all the Anti-SPAM agents available in Exchange 2010 are still present in Exchange 2013 transport architecture. These features are included in the standard Exchange 2013 server license.

The Exchange 2013 is considered since there is effort to change over to replacement still with FOPE switchover.

So taking an example: With 2013 version still remains fully compatible with Exchange 2010 Edge servers, that is you are running these ideally, you can keep FPE 2010 installed on the 2010 Edges until you complete your migration to Exchange 2013.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Cris Hanna

When I talk to my customers about security for the server, I like to use the castle and moat analogy.

So I recommend a universal threat management  (UTM ) hardware firewall instead of software on the server.  Always easier to fight and defeat the enemy outside the castle than wait until it's inside.  I use the Calyptix Access Enforcer with great success, but there is also SonicWall, Sophos, Fortigate, and others.
btan

To add, the internal threat can be tougher to prevent entirely. Insider threats are tougher to prevent though it is more of deterrence hence data protection strategy is important e.g. safeguarding sensitive document sent out from email or mass email to unauthorised recipients  (like not part of dept or project team sanctioned).

Data loss prevention and right management will help to make it tougher for insider attempting exfiltration. The Exchange 2013 support DLP. In order to make use of DLP features, you must have Exchange 2013 or Exchange Online configured with at least one sender mailbox. Data Loss Prevention is a premium feature that requires an Enterprise Client Access License (CAL).

So DLP is another reason for the move into 2013 too..
Cris Hanna

Everyone is suggesting Exchange 2013 as the solution however this is SBS 2008 and the server OS is Server 2008 and he's indicated he plans to keep this server for a couple more years so  Exchange 2013 doesn't really seem to be a solution
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
btan

Long term plan to shift over to exchange 2013 will be good otherwise better to offload tmg end of life to also maybe an application delivery controller that can serves as reverse proxy.

https://f5.com/resources/white-papers/post-tmg-securely-delivering-microsoft-applications

F5 Networks provides ADC products that support Exchange, specifically its BIG-IP Local Traffic Manager appliance solution, which enables pre-authentication via an Access Policy Manager module.
SOLUTION
Cris Hanna

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.