RE: OWA 2003

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Sun, 22 Jan 2006 11:07:28 -0600

Hi Carl,

I don't call opening a handful of ports "blowing holes". I think
security professionals know better. What Microsoft had in mind with to
keep things rediculously easy for the ill informed, that's all.

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Carl Houseman [mailto:c.houseman@xxxxxxxxx] 
> Sent: Sunday, January 22, 2006 10:55 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: OWA 2003
> 
> http://www.MSExchange.org/
> 
> As always, there are two camps on this.  One camp wants to 
> blow holes in the
> firewall to permit the FE to talk to the BE.  The other wants 
> to avoid that.
> 
> See "Figure 1 Secure Firewall Structure" here:
> <http://www.microsoft.com/technet/security/prodtech/exchangese
> rver/secmod44.
> mspx>
> 
> So, Microsoft favors the FE and BE servers on the same 
> security zone, when
> their ISA server is used as reverse proxy.
> 
> Have fun arguing with Microsoft.  When you convince them and 
> they change
> their document, let us know.  Otherwise, we already know your 
> opinion, so
> thanks for sharing.
> 
> Carl
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> Sent: Sunday, January 22, 2006 11:31 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: OWA 2003
> 
> http://www.MSExchange.org/
> 
> About why putting a front-end, Internet facing, Exchange Server on the
> same security zone as the back end Exchange servers. I'd like to
> understand the misconceptions that underlie that assertion, so that we
> can shoot them down and show how foolish they are.
> 
> Thanks!
> Tom
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: Andy David [mailto:adavid@xxxxxxxxxxxxx] 
> > Sent: Sunday, January 22, 2006 10:30 AM
> > To: [ExchangeList]
> > Subject: [exchangelist] RE: OWA 2003
> > 
> > http://www.MSExchange.org/
> > 
> > About what? 
> > 
> > 
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> > Sent: Sunday, January 22, 2006 11:25 AM
> > To: [ExchangeList]
> > Subject: [exchangelist] RE: OWA 2003
> > 
> > http://www.MSExchange.org/
> > 
> > Hi Andy,
> > 
> > You are patently WRONG about that. Where did you get such incorrect
> > advice? Because whoever told you that is most definitely 
> not security
> > minded.
> > 
> > You might want to share the rationale you used for this assertion so
> > that we can shoot it down sequentially and rationally.
> > 
> > Tom
> > 
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: Andy David [mailto:adavid@xxxxxxxxxxxxx]
> > > Sent: Saturday, January 21, 2006 9:57 PM
> > > To: [ExchangeList]
> > > Subject: [exchangelist] RE: OWA 2003
> > > 
> > > http://www.MSExchange.org/
> > > 
> > > http://www.microsoft.com/downloads/details.aspx?FamilyID=E6466
> > > 6FC-42B7-4
> > > 8A1-AB85-3C8327D77B70&displaylang=en
> > > 
> > > 
> > > Don't put it in the DMZ however. That's just foolish. Put a 
> > > reverse-proxy in the DMZ if you must. Otherwise, keep the 
> Front End 
> > > server behind your firewall.
> > > 
> > > 
> > > 
> > > -----Original Message-----
> > > From: Dave Flaim [mailto:thethin@xxxxxxxxxxxxxxxxxxxxxxx]
> > > Sent: Saturday, January 21, 2006 10:41 PM
> > > To: [ExchangeList]
> > > Subject: [exchangelist] OWA 2003
> > > 
> > > http://www.MSExchange.org/
> > > 
> > > Is it possible to install OWA on a separate server than 
> the Excange 
> > > 2003 server - ie. we would like to place he OWA server in 
> > the DMZ.  Of
> > 
> > > so does anyone have a procedure or reference?
> > > 
> > > Thanks
> > > Dave Flaim
> > > CVI
> 
> 
> ------------------------------------------------------
> List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this MSExchange.org 
> Discussion List as: tshinder@xxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to info@xxxxxxxxxxxxxx
> 
> 

Other related posts:

• » OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » Re: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » [ExchangeList] OWA 2003
• » [ExchangeList] Re: OWA 2003
• » [ExchangeList] Re: OWA 2003
• » [ExchangeList] Re: OWA 2003
• » [ExchangeList] Re: OWA 2003
• » [ExchangeList] Re: OWA 2003
• » OWA 2003
• » Re: OWA 2003
• » Re: OWA 2003

1. Home
2. exchangelist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---