RE: [fw-wiz] (no subject)
From: Paul Robertson (proberts@patriot.net)
Date: 11/25/02
- Next message: Mikael Olsson: "Re: [fw-wiz] Inspecting routers"
- Previous message: Magosányi Árpád: "Re: [fw-wiz] Active to Passive FTP translator?"
- In reply to: Don Goldstein: "RE: [fw-wiz] (no subject)"
- Next in thread: Nieveler, Juergen: "RE: [fw-wiz] (no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Paul Robertson <proberts@patriot.net> To: Don Goldstein <Don.Goldstein@CCBUSA.COM> Date: Mon Nov 25 17:02:03 2002
On Mon, 25 Nov 2002, Don Goldstein wrote:
> You can put an outlook web access server in the DMZ and the Exchange server
> on your LAN.
OWA and IIS haven't exactly had the best record. Add in password
guessing and a pipe in to an AD or DC, and the upsides don't look all that
attractive to me. Now, if you're talking about a VPN'd segment off the
DMZ, you could perhaps minimize the risk, but I don't think I'd advise my
closest competitor to field OWA on their DMZ as a strategy without some
more serious and direct protection.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
- Next message: Mikael Olsson: "Re: [fw-wiz] Inspecting routers"
- Previous message: Magosányi Árpád: "Re: [fw-wiz] Active to Passive FTP translator?"
- In reply to: Don Goldstein: "RE: [fw-wiz] (no subject)"
- Next in thread: Nieveler, Juergen: "RE: [fw-wiz] (no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
