For many years I've been implementing Exchange server in SMB environments without using a DMZ or reverse proxy to control access to Exchange services. At least since Exchange 2010 came out, I've been arguing that they don't really add much security value and that none of my customers (nor any others I've heard of) had any issues with doing this.
Large companies have fairly rigid security policies. One of these policies is typically that no network traffic is passed directly to the LAN from the Internet. There needs to be some sort of reverse proxy in a DMZ (perimeter network in MS speak). In classes where I teach Exchange, the students from larger organizations typically believe strongly in these policies. They are risk adverse and this is the way it's always been. And many times, they have no control over this policy.
Well, a beautifully written article from Greg Taylor on the Exchange Team lays it all out for you to consider. From my perspective, it solidifies what I've thought for some time. It may give you some new ideas to consider.
Check out Greg's article here:
No comments:
Post a Comment