Chapter 5: Protection
75
Source
Destination
Service
Protocol and port
Screened Subnet
Internal/Private Network
HTTP
TCP 80
Screened Subnet
Internal/Private Network
RPC EP Mapper
TCP 135
Screened Subnet
Internal/Private Network
KERBEROS
TCP UDP 88
Screened Subnet
Internal/Private Network
LDAP
TCP 389
Screened Subnet
Internal/Private Network
NETLOGON
TCP 445
Screened Subnet
Internal/Private Network
DSAccess (GC)
TCP 3268
Screened Subnet
Internal/Private Network
TCP High Ports
TCP 1024+
You should regularly check your firewalls to ensure that the settings have not been altered
to allow traffic that should not pass. The outside firewall should only be allowing traffic
on port 443 specifically to the front-end servers, and only these front-end servers should be
allowed to communicate with the back-end servers on the ports you have defined. You
may also want to perform network monitoring to monitor the nature of the traffic that
goes through the firewall.
Monitoring Against Hacker Intrusion
No matter how good your firewall setup is, there is still a risk that a hacker may manage
to infiltrate it. You should ensure that you have a good intrusion detection system in place
to notify you of any firewall breach, and you should make sure that you always have the
ability to shut down services if necessary.
Dealing With Security Breaches
In the event of security breach, your priority should be to protect the system. In the
majority of corporate e-mail systems, the stores will contain extremely sensitive informa-
tion and should be protected. This means that, in the case of a security risk, the initial
response may be to prevent access to the internal network from the outside world. Pro-
vided you manage to catch the intrusion early enough, you will still in most cases be able
to allow internal mail to flow.
Once you have contained the breach, you should inform firewall vendors and/or Microsoft
about the nature of the breach, so that they can come up with a fix. At this point you can
revert the system to its state prior to the breach and apply the fixes supplied.
Anti-Virus Measures
As part of your planning and deployment of Exchange 2000, you will have put in place
appropriate measures against virus attack. However, regardless of how much protection
you put in place, it is quite possible that viruses may affect Exchange. It is therefore very
important that you have measures to deal with this possibility.