A.2 Supplemental Exchange security information


Key protocols and ports for Exchange security configuration

Table A.1 lists protocols and ports used by Windows servers and Exchange servers. It is important to go through them to customize the firewall you are using. For a complete reference on Exchange security, see the Exchange Security Operations Guide or Paul Robichaux’s book, Securing Exchange 2003 Server .

Table A.1: Ports and Protocols for the Services in Windows/Exchange 2000/2003

PORT

TCP/UDP

Name of Service

25

TCP

SMTP

42

TCP

WINS Replication

47

TCP

GRE for PPTP

53

TCP/UDP

DNS Name Resolution

67

UDP

DHCP Lease (BOOTP)

68

UDP

DHCP Lease

80

TCP

HTTP

88

TCP/UDP

Kerberos Authentication

102

TCP

MTA—X.400 over TCP/IP

110

TCP

POP3

119

TCP

NNTP

135

TCP

Location Service

  • RPC

  • RPC EP Mapper

  • WINS Manager

  • DHCP Manager

  • MS DTC

137

UDP

NetBIOS Name Service

  • Logon Sequence

  • Windows NT 4.0 Trusts

  • Windows NT 4.0 Secure Channel

  • Pass Through Validation

  • Browsing

  • Printing

137

TCP

WINS Registration

138

UDP

NetBIOS Datagram Service

  • Logon Sequence

  • Windows NT 4.0 Trusts

  • Windows NT 4.0 Directory Replication

  • Windows NT 4.0 Secure Channel

  • Pass Through Validation

  • NetLogon

  • Browsing

  • Printing

139

TCP

NetBIOS Session Service

  • NBT

  • SMB

  • File Sharing

  • Printing

  • Logon Sequence

  • Windows NT 4.0 Trusts

  • Windows NT 4.0 Directory Replication

  • Windows NT 4.0 Secure Channel

  • Pass Through Validation

Windows NT 4.0 Administration Tools (Server Manager, User Manager, Event Viewer, Registry Editor, Diagnostics, Performance Monitor, DNS Administration)

143

TCP

IMAP

389

TCP/UDP

LDAP

443

TCP

HTTP (SSL)

445

TCP

Active Directory NetLogon

465

TCP

SMTP (SSL)

500

TCP/UDP

ISAKMP/Oakley negotiation traffic (IPSEC)

—IPSec Internet Key Eexchange (IKE)

522

TCP

User Location Store

563

TCP

NNTP (SSL)

636

TCP/UDP

LDAP (over TLS/SSL)

691

TCP

SMTP Link State

750

TCP/UDP

Kerberos Authentication

751

TCP/UDP

Kerberos Authentication

752

UDP

Kerberos Password Service

753

UDP

Kerberos User Registration Server

754

TCP

Kerberos Slave Propagation

888

TCP

Logon and Environment Passing

993

TCP

IMAP4 (SSL)

995

TCP

POP3 (SSL)

1109

TCP

POP with Kerberos

1723

TCP

PPTP Control Channel (IP Protocol 47—GRE)

2053

TCP

Kerberos de-multiplexor

2105

TCP

Kerberos encrypted rlogin

3268

TCP

Active Directory Global Catalog

3269

TCP

Active Directory Global Catalog

3389

TCP/RDP

Terminal Services

The following Microsoft Knowledge Base articles are also excellent references on securing Exchange services exposed to the Internet.

289241 “A List of the Windows Server Domain Controller Default Ports”

 http://support.microsoft.com/?id=289241  

278339 “XGEN: TCP/UDP Ports Used by Exchange 2000 Server”

 http://support.microsoft.com/?id=278339 

224196 “Restricting Active Directory Replication Traffic to a Specific Port”

 http://support.microsoft.com/?id=224196 

280132 “XCCC: Exchange 2000 Windows 2000 Connectivity through Firewalls”

 http://support.microsoft.com/?id=280132  




Mission-Critical Microsoft Exchange 2003. Designing and Building Reliable Exchange Servers
Mission-Critical Microsoft Exchange 2003: Designing and Building Reliable Exchange Servers (HP Technologies)
ISBN: 155558294X
EAN: 2147483647
Year: 2003
Pages: 91
Authors: Jerry Cochran

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net