Announcement

Collapse
No announcement yet.

Mail Server on the outside network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mail Server on the outside network

    I have been trying to convince my boss that we need to put the email server behind the firewall. He is convinced we dont need to, he thinks that no one can get in.
    I am not a computer hacker, I know very little about how to break into a system and take control of it.
    What I would like to do is find a way into the system wipeout all the email then show him I was correct then restore the system from the backups I have.

    Can anyone tell me how to do this or where to start. I already have the admin account and password, I dont want to use them. I am looking for the way a person will hack in and take control of this system.

  • #2
    Re: Mail Server on the outside network

    What mail server are you using (I guess not exchange) and on what OS?
    What firewalls do you have in place?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Mail Server on the outside network

      Originally posted by Ossian View Post
      What mail server are you using (I guess not exchange) and on what OS?
      What firewalls do you have in place?

      Mdeamon is the email software. Its installed on server 2003. The only firewall is Windows firewall.

      Comment


      • #4
        Re: Mail Server on the outside network

        If your boss is ok with it, well then it's his responsibility.
        Personally hacking your own systems isn't the way to go. Hire a independent consultant to do some pen testing.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Mail Server on the outside network

          Hiring an outside contractor is not an option. I have to prove it before we buy it. I understand doing a pen test would be great but I would like to have a person tell me where to start looking, and what to look for. I have been told by a few people that they can access this machine and wipe it out. But I yet to find a person that can really do it. I would like a person to explain how they can knock this system over. What tools to use, and where to run these tools.

          Comment


          • #6
            Re: Mail Server on the outside network

            This won't help much but keep in mind that there are only 2 types of systems; those that have been hacked and those that are going to be hacked.

            Remind your boss that if hackers can get into NASA, CIA and a multitude of other "secure" sites that spend tens if not hundreds of thousands of dollars on security then what hope does your Server have. By having Port 25 (and 443) open then you are visible on the Net. If they can see you then they know where to attack you.
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment

            Working...
            X