Q

Windows SBS and Exchange Server security configuration best practices

Discover how to maximize Microsoft Exchange Server security on Windows SBS with or without ISA Server as a network firewall security feature.

We are installing Windows Small Business Server (SBS). We have approximately 10 users, and a new Internet service provider (ISP) is hosting email. Which Windows SBS and Exchange Server configuration best practices should we employ if the company plans to grow?

SMTP forwarding sends email directly to the Windows SBS/Exchange server, but what are the security implications if the Internet Security and Acceleration (ISA) server is not configured? Is the Asymmetric Digital Subscriber Line's (ADSL) built-in firewall secure enough for this solution, or should I configure the ISA server with a second network interface card (NIC)? I am trying to keep the configuration simple, but secure. Any recommendations would be greatly appreciated.

Based on your description, ISA Server is acting as a proxy rather than a firewall, and you are relying on your DSL modem's built-in firewall to protect your network. In my experience, firewalls built into DSL modems do not usually provide the level of management granularity necessary to properly configure it for a network.

I recommend one of the two following options:

  1. Add a second NIC to Windows SBS and configure ISA Server as a firewall in addition to a proxy.
  2. Invest in a firewall appliance such as a SonicWall TZ180. Configure the appliance for your network and disable the firewall feature on the DSL modem.

If you choose the ISA Server option, you can use the Windows SBS wizard to configure ISA Server to permit inbound email and/or other services.

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Exchange Server question in our forum.

This was first published in August 2008

Dig deeper on ISA Server and Firewalls for Microsoft Exchange Server

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close