Ask the Expert

Windows SBS and Exchange Server security configuration best practices

We are installing Windows Small Business Server (SBS). We have approximately 10 users, and a new Internet service provider (ISP) is hosting email. Which Windows SBS and Exchange Server configuration best practices should we employ if the company plans to grow?

SMTP forwarding sends email directly to the Windows SBS/Exchange server, but what are the security implications if the Internet Security and Acceleration (ISA) server is not configured? Is the Asymmetric Digital Subscriber Line's (ADSL) built-in firewall secure enough for this solution, or should I configure the ISA server with a second network interface card (NIC)? I am trying to keep the configuration simple, but secure. Any recommendations would be greatly appreciated.

    Requires Free Membership to View

Based on your description, ISA Server is acting as a proxy rather than a firewall, and you are relying on your DSL modem's built-in firewall to protect your network. In my experience, firewalls built into DSL modems do not usually provide the level of management granularity necessary to properly configure it for a network.

I recommend one of the two following options:

  1. Add a second NIC to Windows SBS and configure ISA Server as a firewall in addition to a proxy.
  2. Invest in a firewall appliance such as a SonicWall TZ180. Configure the appliance for your network and disable the firewall feature on the DSL modem.

If you choose the ISA Server option, you can use the Windows SBS wizard to configure ISA Server to permit inbound email and/or other services.

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Exchange Server question in our forum.

This was first published in August 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: