RE: OWA and Ex2k3
- From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Mon, 10 Nov 2003 09:16:11 -0500
Of course ISA offers some good things, Tom. But it would be an unfair
suggestion to think that all shops run only Microsoft products and may not
need an alternative. Rather than walk away from OWA or deploy it unsafely,
I think it's better to understand the options. It's also not a fair
assertion that one has to bridge SSL between a layer-7 device and the web
page that they're publishing is it? What's the benefit?
I did however forget to mention other products such as ironmail that will
also proxy OWA. There are others with various levels of functionality, but
I don't have a list of them handy.
Al
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Saturday, November 08, 2003 4:26 PM
To: [ExchangeList]
Subject: [exchangelist] RE: OWA and Ex2k3
http://www.MSExchange.org/
Hi Al,
What's nice about using ISA firewalls is that they can perform SSL to SSL
bridging, which allows them to examine the contents of the SSL stream. Squid
cannot do this and just passes exploits from the remote host to the OWA
site. ISA firewalls really do provide a unique level of protection for OWA
sites that force SSL links.
Thanks!
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
Sent: Friday, November 07, 2003 2:11 PM
To: [ExchangeList]
Subject: [exchangelist] RE: OWA and Ex2k3
http://www.MSExchange.org/
Typically for a multi-server internet type deployment, you'd want a FE
server to handle the obscuring of the BE servers. In other words, you don't
want to open tcp 443 to each BE server and publish the server name to the
internet, typically. To achieve, this use the FE server as the single point
to the internet. And yes, you'd only want to open TCP 443.
Even better than opening a TCP port (allow rule) from the internet to the FE
server would be to use a layer-7 firewall device that proxie's the
conversation between internet and FE server so you can put the FE server on
the internal network and not have to worry about integrating that machine
into a DMZ and opening access to the Active Directory, DNS, etc. (The FE
server must be a member of the forest).
ISA works in this capacity as does squid if you prefer open source. I'm
sure there're others.
Al
-----Original Message-----
From: A. Michael Salim [mailto:msalim@xxxxxxxxxxxx]
Sent: Friday, November 07, 2003 2:59 PM
To: [ExchangeList]
Subject: [exchangelist] RE: OWA and Ex2k3
http://www.MSExchange.org/
Hi,
> OWA is enabled by default. User can access by
> http://exchangeservername/exchange/userid
>
> The user id is usually the first part of your SMTP email ID. If your
> email ID is first.last@xxxxxxxxxx, the userid=first.last.
Thanks! Can this be accomplished over the Internet (where ports 135 etc.
are generally blocked by most ISP's) or can this be used only locally on the
LAN?
best regards
Mike
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
Other related posts:
