RE: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons and Security Pros/Cons

• Previous message: Shawn Jackson: "RE: Load is balanced web app is on Windows 2000 or 2003 servers?......"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 2 Dec 2003 10:35:39 -0800
To: <tawilson@speakeasy.net>, <security-basics@securityfocus.com>

        
        Exchange, OpenExchange, GroupWise, Lotus Notes, Oracle
Collaboration Suite and Java System Servers are all groupware products.
I've never seen a need to have these servers Internet based and always
opt for a MTA (MX) server to handle External->Internal and
Internal->External mail delivery. All these products have their security
holes and the possibility to leak information because their intent and
mode of operation is to provide the free flow of information within a
corporation and not to restrict it.

        Having a MTA between the Internet and your groupware servers is
neither a huge hassle nor big cost. It takes very little hardware to run
an OpenBSD server with Postfix or newer versions of Sendmail. I've never
had any security issues running Exchange (5, 5.5, 2000 and now testing
2003) my only gripe is that their backend DB technology (at least in
5.5/2000) is not scalable enough to handle a whole load of users. Once
we get 200+ people on a server we either have to start clustering or get
departmental/site servers.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
 
Email: sjackson@horizonusa.com
Phone: (775) 858-2338
       (800) 325-1199 x338

-----Original Message-----
From: tawilson@speakeasy.net [mailto:tawilson@speakeasy.net]
Sent: Tuesday, December 02, 2003 6:23 AM
To: security-basics@securityfocus.com
Subject: Re: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons and
Security Pros/Cons

Thanks for all the Input. I am kind of surprised that more people do not
have thoughts negative to Exchange. SUNS new email platform is trying to
look very much like Exchange in form and function. I am wonder how
Microsoft will handle the security questions we have. We are looking
forward to the presentation.

-Todd

> -----Original Message-----
> From: Sarbjit Singh Gill [mailto:ssgill@gilltechnologies.com]
> Sent: Saturday, November 29, 2003 02:36 AM
> To: security-basics@securityfocus.com
> Subject: RE: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons
and Security Pros/Cons
>
> I seriously think it is something to do with your hardware or at
least
> setup of your OS / Exchange which made it corrupt the databases. Also
worse
> case , somebody is opening the Exchange DBs using access thinking it
is a
> JetDatabase technology based database. Also make sure no virus
scanners,
> defragmentation software are accessing the mdb database.
>
> Anyway, Joint Engine Technology (JET) in earlier versions of Exchange
> Server, evolved into the Extensible Storage Engine (ESE) in later
versions.
> ESE is a solid relational database technology similar to that of
Microsoft
> SQL Server or Oracle, although ESE's implementation is quite
different.
> Exchange 2000's ESE, a transacted storage engine that works primarily
with
> messaging and collaborative data, guarantees that all database
operations
> meet the Atomicity, Consistency, Isolation, and Durability (ACID)
> properties. ACID properties for database engines ensure that you can
roll
> back transactions in the event of unsuccessful completion or replay
them in
> recovery. Microsoft uses ESE throughout Exchange 2000, in places such
as the
> Key Management Server (KMS) and the Site Replication Service (SRS), as
well
> as in Windows 2000's Active Directory (AD).
>
> I have clients which have implemented Exchange 2003 (and before that
> Exchange 2000) and never had problems like you have. Also one of my
clients,
> I just met up last week is a polytechnic and they have a 8-way server
> running exchange 2003 and all is ok since they installed Exchange 2003
this
> year.
>
> I don't think Exchange 2003 is "self-corrupting the JetDatabase Data
Store."
> There is no such thing. Like I mentioned above, the technology isn't
> JetDatabase anymore. So somebody in your organization some setup not
done
> correctly. Verify all logs, event logs etc to see if there is
something not
> proper. Could even be a hardware based disk cache mechanism which
interferes
> with the transaction log management of the databases.
>
> Kind Regards
> Gill
>
>
> -----Original Message-----
> From: Jimi Thompson [mailto:jimit@myrealbox.com]
> Sent: Friday, November 28, 2003 1:01 PM
> To: tawilson@speakeasy.net
> Cc: security-basics@securityfocus.com
> Subject: Re: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons and
> Security Pros/Cons
>
> I'm not going to tell you what you should buy, but I do suggest that
you
> benefit from my experience and my advice is that you should avoid
> Microsoft, if if the alternative costs more upfront. We are a
> relatively small (for email) Microsoft Shop running Exhcange 2003 and
we
> have had endless problems with it self-corrupting the JetDatabase Data
> Store. It's been horrible. We've only got about 300-350 users and
we've
> had to reload (format the drives, reinstall the OS, and restore from a
back
> up) the server 3 times since May, when it got deployed. If we hadn't
put a
> Sendmail sever in front of it to do spam filtering, we'd have lost
days of
> email. Fortunately, we have been able to configure the Sendmail
server to
> spool until we could bring the Exchange box back on line. As things
stand,
> we've lost a total of about 24 hours worth of email.
>
> It so bad that even though we are a university and Microsoft basically
gives
> us their products, we're looking at purchasing an alternative.
> Right now the front runner is Samsung Contact (nee HP's OpenMail), but
that
> may change now that SuSE has released a new mail server.
>
> I can tell you from experience that the "new secure 'out-of-the-box'
> 2003" products aren't much better than their current counterparts.
The
> service isn't any better, it's just not "on". They also left a lot of
> things turned on that I'd turn off in a "secure out of the box" OS.
I'd be
> happy to supply you with both NMAP and NESSUS scan results from
various
> machines that we've loaded. We've deliberately done some very vanilla
> installs specifically so that we could scan them. Our experience
indicates
> that unless you plan on deploying Office 2003 as well, you won't be
getting
> any change in how Outlook (XP and earlier) connects to Exchange in any
> event.
>
> iPlanet's big downside has always been documentation and installation.

> Regardless of the product, their install process has tended to bite
rather
> severely. Part of what has traditionally made the installs so painful
is
> that their products are SOOOOOO poorly documented. If you guys have
worked
> with iPlanet/SunONE, you know what I'm talking about.
> However, once installed and working they tend to be rock solid.
>
> There's other stuff out there though. I've got a pretty good list,
since
> we've been doing evals looking to replace our Exchange server with
something
> that actually works reliably and has all the groupware features that
our
> users want (namely calendaring). I'd be happy to share my notes with
you.
>
> HTH,
>
> Jimi
>
>
> tawilson@speakeasy.net wrote:
>
> >Hello everyone,
> >
> >Our IS group is a current SUN Iplanet shop. We have Win2K3 AD running
and
> the majority of the server infrastructure is running on Win2K.
> >
> >We are looking to upgrade our Email infrastructure. Our current SUN
Iplanet
> implementation is about 3 years old. At the time of deployment it was
> perfect for our environment. We needed to deploy web mail and at that
time
> there was/is no question that MS Exchange was not mature enough in the
web
> client.
> >
> >Our environment still has a HIGH demand for a web based client due to
our
> customer base.
> >
> >We are now talking with SUN about upgrading the infrastructure and
moving
> to their new Email infrastructure. We are also looking to determ if
> Microsoft has come of age and does it now fit in to our environment
better
> then the SUN solution.
> >
> >SUN and Microsoft are preparing presentations as well as presenting
SOWs
> for our review and interactive discussion. I am interested in security
> issues or design issues with either platform. We have users that need
to
> access our email infrastructure from around the world. Our clients use
UNIX
> (all flavors), MACs, Win2K/XP and some older MS OSs as well.
> >
> >So let me have it hit me with the good the bad and the ugly about
E2K3 and
> Win2K3 as well as any SUN items you can come up with. Security is my
primary
> focus but I will addressing questions from all aspects to presentation
> teams.
> >
> >I have not had a chance to see the new outlook client and the new
"secure"
> way it connects to E2K3 so if anyone has input to this I would really
love
> to hear that.
> >
> >Thanks in advance for any inputs I look forward to reading them.
> >
> >
> >-Todd
> >
> >
> >
> >
>
>-----------------------------------------------------------------------
> >----
>
>-----------------------------------------------------------------------
> >-----
> >
> >
> >
> >
> >
>
>
>
>
------------------------------------------------------------------------

---
>
------------------------------------------------------------------------
----
> 
> 
>
------------------------------------------------------------------------
---
>
------------------------------------------------------------------------
----
> 
> 
------------------------------------------------------------------------
---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Shawn Jackson: "RE: Load is balanced web app is on Windows 2000 or 2003 servers?......"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]