RE: E-Mail gateway on IIS.

From: Meni Milstein (
Date: 06/13/05

  • Next message: Laura A. Robinson: "RE: DHCP database"
    Date: Mon, 13 Jun 2005 20:03:34 +0300

    You are looking at it from two perspectives. (or at least - you should be).

    One machine is one point of attack - meaning if the machine is successfully
    attacked then both services are down... as Burton implies.

    Two different machines are more costly to maintain and if you say that you
    run both sevrices on the same machine I assume that they have the same OS...
    which means that securing them would just about be the same Job (aside from
    securing the actual protocols themselves...)

    I would go with two separate machines if I had the budjet... always cooler
    to have at least 50% of services running in case a of a real attack. But I
    see no real issue that can arise from running the services on one machine.
    Of course - this machine should be strong enough to support both services.
    If your mail GW scans outgoing mails for viruses, then I guess, depending
    on the size of your org, the server may need to handle loads... in which
    case you should consider seperating the services.

    In terms of security - I see no problem.

    Good luck.

    Meni Milstein

    -----Original Message-----
    From: Burton Strauss []
    Sent: Monday, June 13, 2005 6:38 PM
    To: 'Jitendra Kalyankar';
    Subject: RE: E-Mail gateway on IIS.

    Two separate boxes are two separate points of attack. One box is a single
    point, slightly more attractive to the bad guy.

    Two boxes mean both require the same OS patches and basic OS security

    Either way, each service needs to be secured individually.

    It might be less disruptive to be able to reboot separately, or it may be
    easier to only need one reboot.

    Probably can go both ways depending on your personal preference.


    -----Original Message-----
    From: Jitendra Kalyankar []
    Sent: Monday, June 13, 2005 6:27 AM
    Subject: E-Mail gateway on IIS.

    MS Gurus -

    I have on question about the e-mail gateway. I am working with this company
    where company has webserver as well as E-Mail gateway on the same server.
    Let me know if this will create any security risks. In other words is it
    recommanded that you need to have seperate webserver and e-mail gateway

    Any inputs on this are highly appreciated.

    Jitendra Kalyankar

  • Next message: Laura A. Robinson: "RE: DHCP database"

    Relevant Pages

    • [Full-disclosure] Raising Robot Criminals
      ... identity theft and robot-driven attack propagation. ... security as well as on Sql Injection, this text is not yet another one. ... security numbers - are opened for remote penetration. ...
    • [Full-disclosure] STEP Security
      ... Internet-Drafts are working documents of the Internet Engineering ... security in otherwise insecure environments. ... APT (Another Possible Threat) ... of a cyber attack before more terabytes of data are exfiltrated from ...
    • =?windows-1252?Q?Re=3A_Lahore=2DTerror_Attacks=3A_RAW=92s_Guerilla_Warfare?=
      ... security forces have been martyred in foiling three separate terrorist ... attacks by killing 9 terrorists at FIA Building, ... suicide attack in Kohat. ... been waging a guerilla warfare in Pakistan through its well-trained ...
    • [NT] DCE RPC Vulnerabilities New Attack Vectors Analysis
      ... Get your security news from a reliable source. ... These new attack methods were found while researching exploitation ... They might also apply to other vulnerabilities such as the DCE RPC DCOM ...
    • Risks Digest 24.91
      ... ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ... Adi Shamir's bug attack ... Security company e-mail undercuts user education ...