
	Home > Ask the Security Experts > Questions & Answers > The risks of putting the e-mail server in the DMZ

Ask The Security Expert: Questions & Answers

EMAIL THIS

The risks of putting the e-mail server in the DMZ

EXPERT RESPONSE FROM: Ben Wright

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 10 July 2003
Currently our internal e-mail server is located on a computer behind the firewall like everything else. Our database administrator has asked that I move our e-mail server to the DMZ so that the database can link with the e-mail system. Apparently, the functionality he wants will only work if the e-mail server is in the DMZ. Is there a particular risk in doing this, and if so, how can I eliminate or reduce the risk?

Anytime you put a corporate system open to the Internet there is a risk involved. However, if you build the system properly you can reduce the risk. Start by using two network adapters. One for the DMZ and the other for internal access. Make sure you set up port filtering on the networks cards and only let traffic that is needed through. If you can move Web mail off your mail server and onto another server this will also help (keeping IIS out of the DMZ). Thoroughly check all NTFS permission for security vulnerabilities. For example, replace the "Everyone Group" with "Authenticated Users" wherever possible. As, always make sure you system is up-to-date with patches.

For more info on this topic, check out these SearchSecurity.com resources:

Network Security Tip: Choose the right firewall topology

Guest Commentary: Secure content management -- Looking beyond antivirus software

BROWSE BY TAG

DMZ Setup and Configuration, NAC and Endpoint Security Management, Enterprise Network Security, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	DMZ Setup and Configuration
	Endpoint protection best practices manual: Combating issues, problems
	How to set up a DMZ
	How to configure firewall ports for webmail system implementation
	When should a database application be placed in a DMZ?
	How will many firewalls serving as the default gateway affect the DMZ?
	Should a domain controller be placed within the DMZ?
	If one server in a DMZ network gets attacked from outside, will the other servers be corrupted?
	Should an ISP keep corrupted machines off of a network?
	A security checklist: How to build a solid DMZ
	Server considerations for internal network application setup

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

DMZ (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy