RE: OWA and Ex2k3
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Sat, 8 Nov 2003 15:25:38 -0600
Hi Al,
What's nice about using ISA firewalls is that they can perform SSL to
SSL bridging, which allows them to examine the contents of the SSL
stream. Squid cannot do this and just passes exploits from the remote
host to the OWA site. ISA firewalls really do provide a unique level of
protection for OWA sites that force SSL links.
Thanks!
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
Sent: Friday, November 07, 2003 2:11 PM
To: [ExchangeList]
Subject: [exchangelist] RE: OWA and Ex2k3
http://www.MSExchange.org/
Typically for a multi-server internet type deployment, you'd want a FE
server to handle the obscuring of the BE servers. In other words, you
don't want to open tcp 443 to each BE server and publish the server name
to the internet, typically. To achieve, this use the FE server as the
single point to the internet. And yes, you'd only want to open TCP 443.
Even better than opening a TCP port (allow rule) from the internet to
the FE server would be to use a layer-7 firewall device that proxie's
the conversation between internet and FE server so you can put the FE
server on the internal network and not have to worry about integrating
that machine into a DMZ and opening access to the Active Directory, DNS,
etc. (The FE server must be a member of the forest).
ISA works in this capacity as does squid if you prefer open source. I'm
sure there're others.
Al
-----Original Message-----
From: A. Michael Salim [mailto:msalim@xxxxxxxxxxxx]
Sent: Friday, November 07, 2003 2:59 PM
To: [ExchangeList]
Subject: [exchangelist] RE: OWA and Ex2k3
http://www.MSExchange.org/
Hi,
> OWA is enabled by default. User can access by
> http://exchangeservername/exchange/userid
>
> The user id is usually the first part of your SMTP email ID. If your
> email ID is first.last@xxxxxxxxxx, the userid=first.last.
Thanks! Can this be accomplished over the Internet (where ports 135
etc.
are generally blocked by most ISP's) or can this be used only locally on
the LAN?
best regards
Mike
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
Other related posts:
