locked
Security concerns with Edge server RRS feed

  • Question

  • The security team concern we run into on pretty much every deployment of SFB (full, hybrid, CCE, etc.) is the following:

     

    The Edge server is a dual homed server that has an external DMZ interface and an internal interface.  In my experience, 90% of the deployments have an external firewall and DMZ, but not an internal firewall between the Edge and FE\clients.

    Concern I hear repeatedly:

    If  the Edge server is compromised by an external source, they would have access to the internal network through this machine.  Standard Security procedure is to never have a DMZ machine with access to internal networks.

     

    I have never been able to get a full technical explanation to give to the security teams.  Ports are one discussion, this is a completely different discussion.

    Any good official information?

    Friday, May 19, 2017 5:25 PM

All replies

  • Deleted
    • Proposed as answer by jim-xu Monday, May 22, 2017 6:55 AM
    Saturday, May 20, 2017 12:52 AM
  • I would also heck out the Lync 2010 Security Whitepaper. Most of the concepts/security mechanims are still the same:

    https://www.microsoft.com/en-us/download/details.aspx?id=2729

    Cheers,

    Damien

    dmunified.com

    Saturday, May 20, 2017 1:50 AM