Re: Making sure OWA is secure

• From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
• To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
• Date: Tue, 12 Oct 2004 16:52:33 -0400

Just checking.  It looked from your post that you were not advocating that.
If someone were to only use SSL and allow access via TCP 443, then that
would be a secure channel that IDS traditionally can't look at.  I was
curiuos how you wanted to handle that.  I'm assuming from your last post you
are indicating a layer-7 device that's capable of SSL bridging or something
that can terminate and proxy the SSL connection.  

"I would have an intrusion prevention and intrusion detection firewall (can
be had for less than $1000 for small to medium business) in-front of it." 

-----Original Message-----
From: Danny [mailto:nocmonkey@xxxxxxxxx] 
Sent: Tuesday, October 12, 2004 2:08 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Making sure OWA is secure

http://www.MSExchange.org/

On Tue, 12 Oct 2004 12:28:22 -0400, Mulnick, Al <al.mulnick@xxxxxxxxxx>
wrote:
> http://www.MSExchange.org/
> 
> Danny, do you have a server with only 443TCP access on the internet?

No -- it's IPSec VPN or nothing from the Internet into my network.
But, if you had a dedicated OWA (front-end) server with SSL based OWA, what
other essential ports would you need open for an external
(Internet) interface?

> What was your thinking for this type of setup and what does it provide 
> your company?

Obviously if your OWA/Exchange server was not dedicated to the role and also
received and delivered email via SMTP, then you would open up port 25, but,
in my case, I never allow Microsoft services respond directly to TCP/IP
traffic from the Internet. For example, I have a Postfix based MTA setup as
the SMTP gateway for all incoming and outgoing email traffic. If I did have
an OWA server, I would have an intrusion prevention and intrusion detection
firewall (can be had for less than $1000 for small to medium business)
in-front of it.

> As long as we're viewing that as recommendation?

Lettah was very brief with his/her question, so I was very brief with my
answer. Lets call them a list of tips. When I have more information about
requirements, budget, environment, personnel responsible after implementing,
etc., then I will make more of a recommendation based on my experience and
research.

...D

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts:

• » Making sure OWA is secure
• » RE: Making sure OWA is secure
• » RE: Making sure OWA is secure
• » RE: Making sure OWA is secure
• » Re: Making sure OWA is secure
• » Re: Making sure OWA is secure
• » Re: Making sure OWA is secure
• » Re: Making sure OWA is secure
• » Re: Making sure OWA is secure
• » Re: Making sure OWA is secure
• » RE: Making sure OWA is secure
• » Re: Making sure OWA is secure

1. Home
2. exchangelist
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---