RE: OWA 2003

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Sun, 22 Jan 2006 11:12:45 -0600

What I meant to say was that I think what Microsoft had in mind with
their guidance was to keep things rediculously easy for the ill
informed, and the problem was they actually hurt their customer's
security position by doing so. Lower security is not the *wrong*
decision, its just the less secure decision.

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> Sent: Sunday, January 22, 2006 11:07 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: OWA 2003
> 
> http://www.MSExchange.org/
> 
> Hi Carl,
> 
> I don't call opening a handful of ports "blowing holes". I think
> security professionals know better. What Microsoft had in mind with to
> keep things rediculously easy for the ill informed, that's all.
> 
> Tom
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
> 
>  
> 
> > -----Original Message-----
> > From: Carl Houseman [mailto:c.houseman@xxxxxxxxx] 
> > Sent: Sunday, January 22, 2006 10:55 AM
> > To: [ExchangeList]
> > Subject: [exchangelist] RE: OWA 2003
> > 
> > http://www.MSExchange.org/
> > 
> > As always, there are two camps on this.  One camp wants to 
> > blow holes in the
> > firewall to permit the FE to talk to the BE.  The other wants 
> > to avoid that.
> > 
> > See "Figure 1 Secure Firewall Structure" here:
> > <http://www.microsoft.com/technet/security/prodtech/exchangese
> > rver/secmod44.
> > mspx>
> > 
> > So, Microsoft favors the FE and BE servers on the same 
> > security zone, when
> > their ISA server is used as reverse proxy.
> > 
> > Have fun arguing with Microsoft.  When you convince them and 
> > they change
> > their document, let us know.  Otherwise, we already know your 
> > opinion, so
> > thanks for sharing.
> > 
> > Carl
> > 
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> > Sent: Sunday, January 22, 2006 11:31 AM
> > To: [ExchangeList]
> > Subject: [exchangelist] RE: OWA 2003
> > 
> > http://www.MSExchange.org/
> > 
> > About why putting a front-end, Internet facing, Exchange 
> Server on the
> > same security zone as the back end Exchange servers. I'd like to
> > understand the misconceptions that underlie that assertion, 
> so that we
> > can shoot them down and show how foolish they are.
> > 
> > Thanks!
> > Tom
> > 
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: Andy David [mailto:adavid@xxxxxxxxxxxxx] 
> > > Sent: Sunday, January 22, 2006 10:30 AM
> > > To: [ExchangeList]
> > > Subject: [exchangelist] RE: OWA 2003
> > > 
> > > http://www.MSExchange.org/
> > > 
> > > About what? 
> > > 
> > > 
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> > > Sent: Sunday, January 22, 2006 11:25 AM
> > > To: [ExchangeList]
> > > Subject: [exchangelist] RE: OWA 2003
> > > 
> > > http://www.MSExchange.org/
> > > 
> > > Hi Andy,
> > > 
> > > You are patently WRONG about that. Where did you get such 
> incorrect
> > > advice? Because whoever told you that is most definitely 
> > not security
> > > minded.
> > > 
> > > You might want to share the rationale you used for this 
> assertion so
> > > that we can shoot it down sequentially and rationally.
> > > 
> > > Tom
> > > 
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > 
> > >  
> > > 
> > > > -----Original Message-----
> > > > From: Andy David [mailto:adavid@xxxxxxxxxxxxx]
> > > > Sent: Saturday, January 21, 2006 9:57 PM
> > > > To: [ExchangeList]
> > > > Subject: [exchangelist] RE: OWA 2003
> > > > 
> > > > http://www.MSExchange.org/
> > > > 
> > > > http://www.microsoft.com/downloads/details.aspx?FamilyID=E6466
> > > > 6FC-42B7-4
> > > > 8A1-AB85-3C8327D77B70&displaylang=en
> > > > 
> > > > 
> > > > Don't put it in the DMZ however. That's just foolish. Put a 
> > > > reverse-proxy in the DMZ if you must. Otherwise, keep the 
> > Front End 
> > > > server behind your firewall.
> > > > 
> > > > 
> > > > 
> > > > -----Original Message-----
> > > > From: Dave Flaim [mailto:thethin@xxxxxxxxxxxxxxxxxxxxxxx]
> > > > Sent: Saturday, January 21, 2006 10:41 PM
> > > > To: [ExchangeList]
> > > > Subject: [exchangelist] OWA 2003
> > > > 
> > > > http://www.MSExchange.org/
> > > > 
> > > > Is it possible to install OWA on a separate server than 
> > the Excange 
> > > > 2003 server - ie. we would like to place he OWA server in 
> > > the DMZ.  Of
> > > 
> > > > so does anyone have a procedure or reference?
> > > > 
> > > > Thanks
> > > > Dave Flaim
> > > > CVI
> > 
> > 
> > ------------------------------------------------------
> > List Archives: 
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: 
> http://www.msexchange.org/pages/newsletter.asp 
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this MSExchange.org 
> > Discussion List as: tshinder@xxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Report abuse to info@xxxxxxxxxxxxxx
> > 
> > 
> 
> ------------------------------------------------------
> List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this MSExchange.org 
> Discussion List as: tshinder@xxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to info@xxxxxxxxxxxxxx
> 
> 

Other related posts:

• » OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » Re: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » RE: OWA 2003
• » [ExchangeList] OWA 2003
• » [ExchangeList] Re: OWA 2003
• » [ExchangeList] Re: OWA 2003
• » [ExchangeList] Re: OWA 2003
• » [ExchangeList] Re: OWA 2003
• » [ExchangeList] Re: OWA 2003
• » OWA 2003
• » Re: OWA 2003
• » Re: OWA 2003

1. Home
2. exchangelist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---