Home
Topics
Exchange Server Security
ISA Server and Firewalls for Microsoft Exchange Server
Windows SBS and Exchange Server security configuration best practices

Ask the Expert

Windows SBS and Exchange Server security configuration best practices

Bradley Dinerman

We are installing Windows Small Business Server (SBS). We have approximately 10 users, and a new Internet service provider (ISP) is hosting email. Which Windows SBS and Exchange Server configuration best practices should we employ if the company plans to grow?

SMTP forwarding sends email directly to the Windows SBS/Exchange server, but what are the security implications if the Internet Security and Acceleration (ISA) server is not configured? Is the Asymmetric Digital Subscriber Line's (ADSL) built-in firewall secure enough for this solution, or should I configure the ISA server with a second network interface card (NIC)? I am trying to keep the configuration simple, but secure. Any recommendations would be greatly appreciated.

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Based on your description, ISA Server is acting as a proxy rather than a firewall, and you are relying on your DSL modem's built-in firewall to protect your network. In my experience, firewalls built into DSL modems do not usually provide the level of management granularity necessary to properly configure it for a network.

I recommend one of the two following options:

Add a second NIC to Windows SBS and configure ISA Server as a firewall in addition to a proxy.

Invest in a firewall appliance such as a SonicWall TZ180. Configure the appliance for your network and disable the firewall feature on the DSL modem.

If you choose the ISA Server option, you can use the Windows SBS wizard to configure ISA Server to permit inbound email and/or other services.

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Exchange Server question in our forum.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary
- reverse proxy server

This was first published in August 2008

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

Windows Server
Enterprise Desktop
Cloud computing
SQL Server
Windows IT

Windows Server
- Office, 32-bit Windows fixes included in Patch Tuesday update
  
  Microsoft offered five bulletins in June's Patch Tuesday updates, with 19-vulnerability critical Internet Explorer patch and Windows Server 2008 fixes.
- Q&A: Anderson talks BYOD management in Windows Server 2012 R2
  
  Microsoft's Brad Anderson talks about changes to expect in Windows Server 2012 R2 features, including some to security and enterprise mobility.
- Q&A: Microsoft's Brad Anderson talks Windows Server 2012 R2
  
  Microsoft's Brad Anderson discusses new features in Windows Server 2012, including a faster update cycle and cross-platform integration.
Enterprise Desktop
- Q&A: Microsoft's Erwin Visser discloses Windows 8 mobile strategy
  
  Microsoft GM Erwin Visser discusses the company's mobile strategy for Windows 8 and the need to deliver one device supporting all types of computing.
- Q&A: Microsoft's Erwin Visser on Windows 8.1 updates, security
  
  Microsoft's Erwin Visser discusses Windows 8.1 features, how IT can keep pace with faster update cycles and Windows security enhancements.
- Telerik updates Windows 8 app development tools
  
  Telerik's updated DevCraft tool for developing Windows 8 apps helps IT to deliver business apps to end users on PCs and tablets.
Cloud computing
- PaaS market heats up with Red Hat OpenShift, Savvis AppFog buy
  
  PaaS made headlines last week, but it's still difficult to gauge the true level of interest in Platform as a Service in the enterprise world.
- IBM, Salesforce deals usher in cloud consolidation era
  
  IBM's SoftLayer buy is getting mixed reviews from IT pros, but everyone agrees that it's an example of the consolidation phase of the cloud bubble.
- U.S. defense agencies' cloud transition yields better intelligence
  
  A cloud migration seems daunting but the effort is worthwhile; U.S. defense agencies say their cloud move led to better military intelligence.
SQL Server
- SQL Server 2014 'keeps up with the Joneses,' says analyst
  
  Ovum analyst Tony Baer says that most database platforms are moving toward in-memory features, and SQL Server 2014 is no different.
- SQL Server high availability: Natural enemy of virtualization?
  
  Do SQL Server high availability and virtualization go together or not? Find out if virtualization is a good option for you in this tip by Bob Sheldon.
- SQL Server 2014 due out in late 2013, in-memory OLTP a big feature
  
  Microsoft announced that the next version of its database, SQL Server 2014, will have in-memory features and be generally available in late 2013.
Windows IT
- Eight questions to ask yourself before moving to C-suite management
  
  There are many opportunities that come with working in C-suite management, but you should answer these eight questions before a move to mahogany row.
- SharePoint 2013 features: what's new, what's changed and what's gone
  
  Some existing SharePoint features were replaced or dropped in SharePoint 2013. Here's how to work through the changes.
- Prevent hacking in your enterprise with these nine easy steps
  
  There are no foolproof ways to completely stop hacking in an enterprise, but follow these proven and common sense methods to reduce your risk.

All Rights Reserved,Copyright - 2013, TechTarget