Our Proxy server and e-mail server both have two network cards. One is on the local subnet and another has direct public IP address (MX record in ISP), because of this, lots of virus and Trojans come on the server and have the possibility of hacking too.
Please give us your best suggestion how to place this server. Or is there something you could recommend that I should do in current setup to prevent this security issue?
You have not mentioned any firewall, so I would guess your proxy server is the only security you have in place. The first thing I would like to suggest is switching to MS ISA as support for MS Proxy 2.0 has been discontinued. Moreover you will have better security with ISA then with Proxy 2.0.
You can make your e-mail server sit behind you proxy and make your e-mail server "server proxied" to the proxy server. Install a good enterprise version anti virus software and have it integrate with your mail server to scan all incoming and outgoing messages. Also, stop SMTP relay on your mail server. And if you decide to switch to MS ISA, you won't need separate Web Filtering software -- it comes built in.
Dig Deeper on Network Security Monitoring and Analysis
Related Q&A from Puneet Mehta
To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://... Continue Reading
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading