[ajogrady]

Folks,

I am setting up a BES server with Lotus Domino. Having read all the technical specifications, it states that a BES server should not be set up in a DMZ, but rather on our LAN. But there is no mention of why it shold not be set up on a DMZ.

This is causing me some concerns over security. IS there anyone who can tell me why I can't set up a DMZ for the BES server to reside in.

Thanks.

Alan.

[emale]

You can put a BES in a DMZ but there are security risks with names.nsf being in a dmz. Lotus has information with regards to this and you may want to consider speaking with them. There really isn't any good reasons to put the BES in the DMZ because you still have to open ports (1723) etc to allow the BES to talk to the internal mail servers. Your best bet is to keep the BES on the lan and open 3101 as suggested by BlackBerry. You can review the @Stake Security Assesment at http://www.blackberry.com/knowledgec...0&vernum=0

This decribes how secure the BES is on a lan. This security assesment discourages companies from placing a BES in a DMZ as there is no benifits from doing so, only potential security risks.

[jibi]

Quote:

Originally Posted by emale

This security assesment discourages companies from placing a BES in a DMZ as there is no benifits from doing so, only potential security risks.

if the whole point of the BES environment, Exchange or Lotus environments, etc are for productivity and security, then you should likely lean on the latter as a definitive clue as to expose the BES (and the rest of your mail environment) to potential security risks.

with that said, if your Lotus environment is currently setup in a DMZ, then i think you should follow suit with the BES. but with that said (heh.. new fave phrase, i tell ya), you may want to go back and look at the reasons for putting a secure mail environment in an insecure zone...