Anytime you put a corporate system open to the Internet there is a risk involved. However, if you build the system...
properly you can reduce the risk. Start by using two network adapters. One for the DMZ and the other for internal access. Make sure you set up port filtering on the networks cards and only let traffic that is needed through. If you can move Web mail off your mail server and onto another server this will also help (keeping IIS out of the DMZ). Thoroughly check all NTFS permission for security vulnerabilities. For example, replace the "Everyone Group" with "Authenticated Users" wherever possible. As, always make sure you system is up-to-date with patches.
Dig Deeper on Enterprise network security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.