However, there are several factors that complicate the answer to this question. Many email systems, especially...
Microsoft Exchange, make it quite difficult to separate the webmail front end from the email back end. They require punching so many holes in the firewall -- to allow communication between the two systems -- that they limit the effectiveness of placing them in different network zones.
If you have some flexibility in your network topology, one potential workaround is to create a separate email network zone that is firewalled from both the DMZ and your internal network, and then place both the email and webmail servers in that zone. You may then allow client access there over traditional "fat client" ports from the internal network and webmail ports from the Internet.
Dig Deeper on DMZ Setup and Configuration
Related Q&A from Mike Chapple
Here are some important criteria for hiring a partner to review your information security program, with a focus on HIPAA and HITECH compliance.continue reading
New guidance from the PCI SSC includes some essential aspects of tokenization security and what merchants need to know about tokenization products.continue reading
HIPAA data breach reporting now uses an electronic Web portal, so what does this mean for covered entities? Expert Mike Chapple explains.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.