We help IT Professionals succeed at work.

SBS 2008 security

209 Views
Last Modified: 2016-07-26
Now that Forefront for Exchange will finally expire on my 2008 SBS on December 31, what can I use as a replacement anti-virus and spam filter?

I want to continue to rune the server for another 2 years or so.
Comment
Watch Question

Scott CSenior Engineer
CERTIFIED EXPERT

Commented:
Exchange Online Protection (EOP).

https://technet.microsoft.com/en-us/library/jj871669(v=exchg.150).aspx

EOP is the replacement for FOPE.
Exchange Online Protection (EOP) is already widely used to protect millions of mailboxes across the globe, including every single mailbox on Office 365

https://products.office.com/en-us/exchange/microsoft-exchange-online-protection-email-filter-and-anti-spam-protection-email-security-email-spam
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
In fact, most would plan for possible alternative scenarios:
- Exchange 2013 includes a basic built-in anti-malware engine to protect you from malicious code and all the Anti-SPAM agents available in Exchange 2010 are still present in Exchange 2013 transport architecture. These features are included in the standard Exchange 2013 server license.

The Exchange 2013 is considered since there is effort to change over to replacement still with FOPE switchover.

So taking an example: With 2013 version still remains fully compatible with Exchange 2010 Edge servers, that is you are running these ideally, you can keep FPE 2010 installed on the 2010 Edges until you complete your migration to Exchange 2013.
Cris HannaSr IT Support Engineer
CERTIFIED EXPERT

Commented:
When I talk to my customers about security for the server, I like to use the castle and moat analogy.

So I recommend a universal threat management  (UTM ) hardware firewall instead of software on the server.  Always easier to fight and defeat the enemy outside the castle than wait until it's inside.  I use the Calyptix Access Enforcer with great success, but there is also SonicWall, Sophos, Fortigate, and others.
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
To add, the internal threat can be tougher to prevent entirely. Insider threats are tougher to prevent though it is more of deterrence hence data protection strategy is important e.g. safeguarding sensitive document sent out from email or mass email to unauthorised recipients  (like not part of dept or project team sanctioned).

Data loss prevention and right management will help to make it tougher for insider attempting exfiltration. The Exchange 2013 support DLP. In order to make use of DLP features, you must have Exchange 2013 or Exchange Online configured with at least one sender mailbox. Data Loss Prevention is a premium feature that requires an Enterprise Client Access License (CAL).

So DLP is another reason for the move into 2013 too..
Cris HannaSr IT Support Engineer
CERTIFIED EXPERT

Commented:
Everyone is suggesting Exchange 2013 as the solution however this is SBS 2008 and the server OS is Server 2008 and he's indicated he plans to keep this server for a couple more years so  Exchange 2013 doesn't really seem to be a solution
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Long term plan to shift over to exchange 2013 will be good otherwise better to offload tmg end of life to also maybe an application delivery controller that can serves as reverse proxy.

https://f5.com/resources/white-papers/post-tmg-securely-delivering-microsoft-applications

F5 Networks provides ADC products that support Exchange, specifically its BIG-IP Local Traffic Manager appliance solution, which enables pre-authentication via an Access Policy Manager module.
Cris HannaSr IT Support Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Exec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.