
|
|
|
| Chapter 5: Protection 75 |
|
|
|
|
|
| Source | Destination | Service | Protocol and port |
| Screened Subnet | Internal/Private Network | HTTP | TCP 80 |
|
|
|
|
|
| Screened Subnet | Internal/Private Network | RPC EP Mapper | TCP 135 |
|
|
|
|
|
| Screened Subnet | Internal/Private Network | KERBEROS | TCP UDP 88 |
|
|
|
|
|
| Screened Subnet | Internal/Private Network | LDAP | TCP 389 |
|
|
|
|
|
| Screened Subnet | Internal/Private Network | NETLOGON | TCP 445 |
|
|
|
|
|
| Screened Subnet | Internal/Private Network | DSAccess (GC) | TCP 3268 |
|
|
|
|
|
| Screened Subnet | Internal/Private Network | TCP High Ports | TCP 1024+ |
|
|
|
|
|
You should regularly check your firewalls to ensure that the settings have not been altered to allow traffic that should not pass. The outside firewall should only be allowing traffic on port 443 specifically to the
Monitoring Against Hacker Intrusion
No matter how good your firewall setup is, there is still a risk that a hacker may manage to infiltrate it. You should ensure that you have a good intrusion detection system in place to notify you of any firewall breach, and you should make sure that you always have the ability to shut down services if necessary.
Dealing With Security Breaches
In the event of security breach, your priority should be to protect the system. In the majority of corporate
Once you have contained the breach, you should inform firewall vendors and/or Microsoft about the nature of the breach, so that they can come up with a fix. At this point you can revert the system to its state prior to the breach and apply the fixes supplied.
Anti-Virus Measures
As part of your planning and deployment of Exchange 2000, you will have put in place appropriate measures against virus attack. However, regardless of how much protection you put in place, it is quite possible that viruses may affect Exchange. It is therefore very important that you have measures to deal with this possibility.