Windows SBS and Exchange Server security configuration best practices

We are installing Windows Small Business Server (SBS). We have approximately 10 users, and a new Internet service provider (ISP) is hosting email. Which Windows SBS and Exchange Server configuration best practices should we employ if the company plans to grow?

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

SMTP forwarding sends email directly to the Windows SBS/Exchange server, but what are the security implications if the Internet Security and Acceleration (ISA) server is not configured? Is the Asymmetric Digital Subscriber Line's (ADSL) built-in firewall secure enough for this solution, or should I configure the ISA server with a second network interface card (NIC)? I am trying to keep the configuration simple, but secure. Any recommendations would be greatly appreciated.

Based on your description, ISA Server is acting as a proxy rather than a firewall, and you are relying on your DSL modem's built-in firewall to protect your network. In my experience, firewalls built into DSL modems do not usually provide the level of management granularity necessary to properly configure it for a network.

I recommend one of the two following options:

Add a second NIC to Windows SBS and configure ISA Server as a firewall in addition to a proxy.

Invest in a firewall appliance such as a SonicWall TZ180. Configure the appliance for your network and disable the firewall feature on the DSL modem.

If you choose the ISA Server option, you can use the Windows SBS wizard to configure ISA Server to permit inbound email and/or other services.

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Exchange Server question in our forum.

Related Resources

Dell EMC Unity Storage with Microsoft Exchange Server –Data#3
Microsoft SQL Server 2017 on Linux Quick Start Guide –Microsoft
Virtualizing your Exchange Server: Fact vs. fiction –SearchDataCenter.com
Exchange Server: E-mail Archiving and Security –SearchSecurity.com

Dig Deeper on ISA Server and Firewalls for Microsoft Exchange Server

All
News
Get Started
Manage
Problem Solve

Configuring Web Application Proxy with AD to future-proof Exchange

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Microsoft Exchange experts

View all Microsoft Exchange questions and answers

Configuring Web Application Proxy with AD to future-proof Exchange

Publishing Exchange to the Internet via Web Application Proxy and ADFS

Replacing Forefront TMG: Alternate reverse-proxy options for Exchange

Deploying ISA Server as a firewall for Exchange Server mobile devices

McAfee sued for patent infringement

Should you use ISA Server as your Exchange firewall?

Configuring Web Application Proxy with AD to future-proof Exchange

Configuring Web Application Proxy with AD to future-proof Exchange

Publishing Exchange to the Internet via Web Application Proxy and ADFS

Firewall policies and SMTP line lengths

Publishing Exchange to the Internet via Web Application Proxy and ADFS

Replacing Forefront TMG: Alternate reverse-proxy options for Exchange

Deploying ISA Server as a firewall for Exchange Server mobile devices

Enhance OWA logon security using Microsoft ISA Server

Please create a username to comment.

Azure PowerShell cmdlets monitor, manage VMs

Windows out-of-band patches overshadow April Patch Tuesday

Microsoft Project Honolulu shows promise but needs work

Workflow automation software improves LA court productivity

How to create a custom Windows 10 image for deployment

Four Windows 10 built-in security features to know

IaaS and PaaS blurred lines increase lock-in risks

Single pane of glass for multi-cloud management still elusive

Microsoft takes holistic approach to IoT security concerns

Why running SQL Server on Docker is no longer frowned upon

What the Microsoft GDPR compliance toolkit offers for SQL Server

How much do you know about the components of SQL Server?

Related Resources

Dig Deeper on ISA Server and Firewalls for Microsoft Exchange Server

Related Q&A from Bradley Dinerman

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.