BlackBerry Forums Support Community
              

Closed Thread
 
Thread Tools
Old 10-12-2004, 08:46 AM   #1
ajogrady
New Member
 
Join Date: Oct 2004
Location: Dublin, Ireland
Model: 7100V
Carrier: carrier
Posts: 7
Default BES server in a DMZ?

Please Login to Remove!

Folks,

I am setting up a BES server with Lotus Domino. Having read all the technical specifications, it states that a BES server should not be set up in a DMZ, but rather on our LAN. But there is no mention of why it shold not be set up on a DMZ.

This is causing me some concerns over security. IS there anyone who can tell me why I can't set up a DMZ for the BES server to reside in.

Thanks.

Alan.
Offline  
Old 10-12-2004, 09:02 AM   #2
emale
Thumbs Must Hurt
 
emale's Avatar
 
Join Date: Sep 2004
Model: 8800
Carrier: Rogers
Posts: 156
Default

You can put a BES in a DMZ but there are security risks with names.nsf being in a dmz. Lotus has information with regards to this and you may want to consider speaking with them. There really isn't any good reasons to put the BES in the DMZ because you still have to open ports (1723) etc to allow the BES to talk to the internal mail servers. Your best bet is to keep the BES on the lan and open 3101 as suggested by BlackBerry. You can review the @Stake Security Assesment at http://www.blackberry.com/knowledgec...0&vernum=0

This decribes how secure the BES is on a lan. This security assesment discourages companies from placing a BES in a DMZ as there is no benifits from doing so, only potential security risks.
Offline  
Old 10-12-2004, 09:35 AM   #3
jibi
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Default

Quote:
Originally Posted by emale
This security assesment discourages companies from placing a BES in a DMZ as there is no benifits from doing so, only potential security risks.


if the whole point of the BES environment, Exchange or Lotus environments, etc are for productivity and security, then you should likely lean on the latter as a definitive clue as to expose the BES (and the rest of your mail environment) to potential security risks.

with that said, if your Lotus environment is currently setup in a DMZ, then i think you should follow suit with the BES. but with that said (heh.. new fave phrase, i tell ya), you may want to go back and look at the reasons for putting a secure mail environment in an insecure zone...
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


Schneider Electric Energy Server EBX510 Server For Energy Management- picture

Schneider Electric Energy Server EBX510 Server For Energy Management-

$4350.00



Wittmann Material Conveyance System Line Server picture

Wittmann Material Conveyance System Line Server

$550.00



MEDIA SERVER DOLBY IMS2000 MSIP-REM-DIB-IMS2000 picture

MEDIA SERVER DOLBY IMS2000 MSIP-REM-DIB-IMS2000

$799.99



Weidmüller WI-MOD-945-E (6720005015) Wireless Ethernet & Serial Device Server picture

Weidmüller WI-MOD-945-E (6720005015) Wireless Ethernet & Serial Device Server

$129.99



Schneider Electric Energy Server EBX510 Server For Energy Management picture

Schneider Electric Energy Server EBX510 Server For Energy Management

$865.64



MOXA CN2650-16-2AC 16-Port Mountable Async Terminal Server Dual Lan Ports picture

MOXA CN2650-16-2AC 16-Port Mountable Async Terminal Server Dual Lan Ports

$285.00







Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.