I recently installed SBS 2000, including ISA 2000 and Exchange 2000, on a clients server and I'm a little concerned about the fact that, according to programs such as "Shields Up" (I do not want to instigate a flame war about the merits of Shields Up however), a number of ports are wide open. The client does run a mail server and uses Outlook Web access so I presume that certain ports need to be open for their mail to function properly.
My question is: how can I provide the maximum protection for my client and still leave their mail server, etc... functional? I've installed all the patches for ISA and Exchange. The ports that show as "open" on "Shields Up" are 80; 110; 25; and 443. I know what these ports are for. Can I, or do I need to, mask them from the internet? All of these ports were open by default after installing SBS 2000.
I know Microsoft is part of the problem when it comes to security but could the default configuration of ISA be dangerous?
Any help would be greatly appreciated.
Kevin G