How does an SMTP protocol attack work?

How does that work?

A spam filter is to protect email clients, not Exchange. All email is benign as far as Exchange is concerned.

Exchange is (now) designed to be exposed. So it's hardened and is secure. Or if it isn't, I'd like someone to explain why it isn't and how I should protect it.

So to return to the OP, Windows VPN is designed to be exposed, right? It's designed to be secure, right? So why not use it? What are it's flaws? Unlike years ago, Microsoft develop products with security at the fore.

Can you give me some examples?

That's the way it's always been done?

Years ago, it was generally accepted that Microsoft products weren't very secure and that you wouldn't want to expose them. But it's 2017 now, and I'm not sure that assumption still applies.

People used to explain it to me by saying "cuz it's Microsoft, duh..". Now I need to know specifics on how an attack on an exposed MS product could play out and why.

I'm only using Exchange as an example, I'm also interested in Window VPN and IIS.

Why?

E.g. How does a reverse proxy make Exchange more secure? Or to put it another way, what are the Exchange security flaws that you're trying to fix?

I've never seen much love for Windows VPN. Best practice seems to be to install a VPN on your firewall instead. Is that still the case? If so, why? I already expose other Windows servers/ports to the internet (e.g. Exchange, IIS).

@scottalanmiller said in Netgear woes:

@Carnival-Boy said in Netgear woes:

Had a drive failure on an 11 month old ReadyNAS. Trying to arrange a replacement and Netgear say they need "credit card details for collateral". As an IT department, we don't generally have, or use, credit cards, so this is going to be a pain.

Is this normal?

Yes, this is the standard process for this category of products. This is what is called "SMB equipment", not enterprise. Support is a key difference and SMB world stuff expects credit cards, more often than not. Same from every vendor in this category.

Fine, I guess you've changed your opinion from this thread though?

@scottalanmiller said in Buffalo NAS Return Policy Review:

Right, but in IT we never seen this. This just indicates that Buffalo is consumer gear, not business gear. A business might not even have a credit card. What a weird thing to request! Even businesses that have CCs, rarely do they have a workflow that would allow IT to use it for this. Business and IT just don't work this way. No valid vendor could.

How do you know what is enterprise and what is SMB? In future I'll try and stick with HP & HPE. The only other vendor I've started buying from is Ubiquiti. Is this how they work to?

Had a drive failure on an 11 month old ReadyNAS. Trying to arrange a replacement and Netgear say they need "credit card details for collateral". As an IT department, we don't generally have, or use, credit cards, so this is going to be a pain.

Is this normal? If so, it's one of the reasons why I won't buy any more Netgear products, and will try and stick to HP as I've never had any issues with HP support.

It's only one of the reasons, as the whole support call has been a nightmare from start to finish - I'd be interested to hear if anyone else have had bad or good experiences with Netgear, I know there is some love for ReadyNAS's on ML.

Most of my users have learnt that tickets they raise themselves via e-mail tend to get resolved quicker than ones they submit verbally. Also, I often tell them to submit a ticket even when they're in my office, and explain that I might forget to resolve the problem otherwise with my terrible memory.

Oh, ok, I'll check it out. Agree that Freshdesk is a bit clunky.

Oh. You used to you Freshdesk though, right? What made you switch, apart from price?

Do you use Freshdesk for that Breffni? I've been considering it.

I've used Veeam Endpoint a bit, which handles bare metal and is also free. Might be worth trying it out.

That's ok at a larger organisation, but trickier at a smaller one where there's only one or two IT staff, or they use an MSP. Having a maintenance window during the week is nice though.

Tell me more. How often do you patch? Does the same person do it? When do you do it, Sundays? How do you to check that server applications aren't getting broken?

I need to get more organised and am looking for best practice.

@dafyre said in Patch Fast:

There is no real reason for businesses of any size to not be able to backup (at bare minimum) and / or snapshot their systems before running patches.

Who here snapshots their systems before patching their Microsoft servers? Scott says it's so easy to snapshot and roll back, so perhaps I'm missing a trick here? I can see that it's easy if you're manually installing patches, but who does that?

The other problem is that you may not realise that a patch has broken something for a couple of days, and by then it's likely to be too late to satisfactorily restore from backup.

@Shuey said in Free SharePoint?:

1. Perform a P2V of the server and host it in our existing VMware environment.
2. Build a new virtual member server in our existing VMware environment and migrate the data from the existing WSS 3.0 server to the new VM (using the same versions of everything; Server 2008 R2, WSS 3.0 and SQL Server 2008).

Option 2 might be easier than you think. Use the "Backup and Restore" feature in the Sharepoint Central Administration. As others have said, you don't want Sharepoint running on a DC, so this would be a good opportunity to fix that issue. It's probably the easiest and cheapest solution.

Correct. We manufacture products that typically last 30 years or so. We occasionally get requests for spare parts for products that we sold 50 years ago.

It's a pain. Last week a user said "I'm having trouble reviewing a quote I sent someone a while back." Reason: the quote was created in 2002 using Microsoft Office Binder (OBD). I didn't even know what an .OBD file was.