[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: static nat
[ Part 1, Text/PLAIN 64 lines. ]
[ Unable to print this part. ]
One obvious thing I forgot to mention. Static NAT does not distingish
between ports or protocols. To prevent attacks against other
ports/services on the Exchange box it would be best to filter the traffic
and only permit SMTP to pass.
-- Bill Stackpole, CISSP
William.Stackpole@predictive.com
Sent by: firewalls-owner@Lists.GNAC.NET
07/13/00 10:28 AM
To: <yanivf@know-net.com>
cc: firewalls@Lists.GNAC.NET,
firewalls-owner@Lists.GNAC.NET
Subject: Re: static nat
To date, there aren't any known vulnerabilities to the Exchange-SMTP
gateway. That does not however, mitigate the other obvious problems with
mail based attacked including using Exchange as a spam relay, active
content attacks (ala ILOVEYOU), HTTP formatted mail attacks, virus
infected attachments, flooding the server, DoS attacks, etc. Keep the
big picture.
Bill Stackpole, CISSP
"Yaniv Fine" <yanivf@know-net.com>
Sent by: firewalls-owner@Lists.GNAC.NET
07/13/00 08:48 AM
Please respond to yanivf
To: "Firewalls LIST \(E-mail\)" <firewalls@Lists.GNAC.NET>
cc:
Subject: static nat
Hi all
We are using check point FW-1 and thinking of installing Exchange server
with Static Nat
What are the risks we are taking in this scenario .
Should I thinks on a tighter security strategy but more expensive
Any pointers are welcome
~~~~~~~~~~~~~~~~~~~
Yaniv Fine
MIS Manager
Know-Net Group
~~~~~~~~~~~~~~~~~~~
-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]
|
