Protecting External Connectivity In OCS 2007

Last Friday on TechRepublic’’s “10 Things” Blog, Brien Posey wrote about 10 Common Network Security Design Flaws.

The second flaw is “opening more firewall ports than necessary.” And what does he use as an example? OCS 2007 R2.

It’’s a very good example. As he states, OCS requires several ports opened in order to provide external connections to other networks. Without proper protection, this can be a risk to you. Ports left open (and not monitored) are little signposts saying, “Enter Here!”

(This is only if you want to use external connections. If you”re only interested in OCS for internal IM and Presence, you won”t need to open those ports.)

Brien puts forth Microsoft ForeFront as a good solution to the problem. ForeFront’’s Threat Management Gateway is a reverse proxy - intended to filter requests for access into & out of your network. At the risk of sounding too provider-loyal, it IS a natural fit. (If you use a hosted OCS provider, chances are ForeFront is in place.)

In order to protect External Connectivity completely though, you”ll have to use the OCS Edge Server. There’’s an advantage to this: depending on how you want to communicate with others, you can enable only what you need. Each of the External Connectivity services requires a service enabled on the OCS Edge Server. According to Microsoft’’s TechNet, these are:

• Access Edge service — Lets outside users communicate with your OCS using SIP.
• Web Conferencing Edge service — Lets outside users participate in your conferences.
• A/V Edge service — Lets you share audio and video with external users.

The TechNet page also gives links on how to administer these services:
Microsoft TechNet — Managing External Connectivity for Your Organization with Edge Servers

I blogged about this because it’’s important to remember. Brien’’s #1 network security flaw was the “set it and forget it” mentality. Doing that with OCS can leave a lot of exploitable holes in your network. All of them preventable if you remember to protect External Connectivity.

Technorati Tags:businessMicrosofttechnologyOCS 2007 R2security

Comments

• Categories

  • Conferencing
  • Exchange Server 2007
  • Exchange Server 2010
  • Instant Messaging (IM)
  • OCS 2007
    • OCS 2007 R2
  • OCS 2010
  • Reference
  • SQL Server 2008
  • Uncategorized
  • Unified Communications
  • Voice over IP

• Archives

  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009

• Links

  • Microsoft.com OCS Page
  • Office Communications Server Team Blog
  • Office Systems Community - Microsoft
  • PlanetMagpie.com
  • The SharePoint Insider
  • The Three UC Amigos
  • Unified Communications @ Microsoft Blog

• Meta

  • Register
  • Log in
  • WordPress
  • XHTML

• Recent Posts

  • Hosted Exchange VS. Google Apps: Which Works Better for Small Business?
  • OCS and Windows 7: Problems to Watch Out For
  • Got Enough Bandwidth for OCS R2?
  • 6 Things to Check Before an OCS Conference
  • Three Articles on Unified Communications Tech