RE: E-Mail gateway on IIS.
From: Meni Milstein (meni_at_kdm.co.il)
Date: 06/13/05
- Previous message: Matt Ostiguy: "Re: Scripted Software removal (Encrypting Credentials)"
- Maybe in reply to: Jitendra Kalyankar: "E-Mail gateway on IIS."
- Next in thread: Beauford, Jason: "RE: E-Mail gateway on IIS."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Jun 2005 20:03:34 +0300
You are looking at it from two perspectives. (or at least - you should be).
One machine is one point of attack - meaning if the machine is successfully
attacked then both services are down... as Burton implies.
Two different machines are more costly to maintain and if you say that you
run both sevrices on the same machine I assume that they have the same OS...
which means that securing them would just about be the same Job (aside from
securing the actual protocols themselves...)
I would go with two separate machines if I had the budjet... always cooler
to have at least 50% of services running in case a of a real attack. But I
see no real issue that can arise from running the services on one machine.
Of course - this machine should be strong enough to support both services.
If your mail GW scans outgoing mails for viruses, then I guess, depending
on the size of your org, the server may need to handle loads... in which
case you should consider seperating the services.
In terms of security - I see no problem.
Good luck.
Meni Milstein
http://www.lcs-guides.com
-----Original Message-----
From: Burton Strauss [mailto:BStrauss3@comcast.net]
Sent: Monday, June 13, 2005 6:38 PM
To: 'Jitendra Kalyankar'; focus-ms@securityfocus.com
Subject: RE: E-Mail gateway on IIS.
Two separate boxes are two separate points of attack. One box is a single
point, slightly more attractive to the bad guy.
Two boxes mean both require the same OS patches and basic OS security
(hardening).
Either way, each service needs to be secured individually.
It might be less disruptive to be able to reboot separately, or it may be
easier to only need one reboot.
Probably can go both ways depending on your personal preference.
-----Burton
-----Original Message-----
From: Jitendra Kalyankar [mailto:jitendra.kalyankar@gmail.com]
Sent: Monday, June 13, 2005 6:27 AM
To: focus-ms@securityfocus.com
Subject: E-Mail gateway on IIS.
MS Gurus -
I have on question about the e-mail gateway. I am working with this company
where company has webserver as well as E-Mail gateway on the same server.
Let me know if this will create any security risks. In other words is it
recommanded that you need to have seperate webserver and e-mail gateway
servers.
Any inputs on this are highly appreciated.
-- Thanks, Jitendra Kalyankar --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Matt Ostiguy: "Re: Scripted Software removal (Encrypting Credentials)"
- Maybe in reply to: Jitendra Kalyankar: "E-Mail gateway on IIS."
- Next in thread: Beauford, Jason: "RE: E-Mail gateway on IIS."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
