RE: [fw-wiz] Outlook Web Access - Paranoid?

From: Frank Knobbe (fknobbe@knobbeits.com)
Date: 11/28/02


From: Frank Knobbe <fknobbe@knobbeits.com>
To: "Paul D. Robertson" <proberts@patriot.net>
Date: Thu Nov 28 18:33:18 2002


On Thu, 2002-11-28 at 09:14, Paul D. Robertson wrote:

> Deploying Internet-facing systems that sit on the internal can nullify the
> firewall. Do that with either the wrong product at the wrong time, or too
> many products, and there's no point in _having_ the firewall.

Paul,

I predict this will only be getting worse. The more .NET stuff gets
developed, the more 'Internet-integrated' Microsoft apps become, the
more you will see a firewall becoming a device that will 'break'
Microsoft computing (we see it today with the inability to pass certain
protocols through a firewall either because of protocol-channel design
or inability to pass NAT). Eventually you will have to remove the
firewall to get your MS apps working (or punch so many wholes in it that
we have more open than closed).

Exchange is a perfect example. Compare an Exchange-OWA setup within an
Exchange 5.5 + NT Domain environment and Exchange 2K + AD environment.
Exchange 5.5 didn't have the requirement of also being an Exchange box,
and required less ports to less servers. Exchange 2K requires so much as
Steve indicates...

I know people complain about code-bloat. There is also a bloat here in
regards of protocols and infrastructure. Not sure what to call it other
than protocol-bloat, but I don't like it...

Anyhow, Happy Turkey Day to everyone.

Regards,
Frank






Relevant Pages

  • Re: redirection on network
    ... There's nothing else that seems significant excluded in my firewall ... Paul T. ... but you do on Vista? ... cross-compare the list of clients and protocols installed for their ...
    (microsoft.public.windowsce.embedded)
  • Re: Unable to Receive Email from the internet
    ... Are you running this on Longhorn server? ... Test from outside your firewall: ... Exchange Server 2007: internet email without Edge ... looking at the firewall inbound rules on my LHS. ...
    (microsoft.public.exchange.setup)
  • Re: Exchange server behind firewall cant send outgoing
    ... > I am having some problems with a firewall, and specifically the Exchange ... > non-local users email to the Exchange server. ... Depending on the DNS servers of your ISP. ...
    (comp.security.firewalls)
  • RE: Exchange 2003
    ... This behavior seems plausible if there's a stateful firewall in the ... the case, then clearly, you won't get anything back from an nbtstat, ... does it allow it after there's a connection?". ... without exchange 2003 on it. ...
    (Pen-Test)
  • Re: SELF Attribute not updating through firewall
    ... Testing server: LEGAL\subdomaindc ... Exchange Server. ... The users access their email from behind the firewall. ... subdomain, as their is only a single Exchange server on the whole Forest, ...
    (microsoft.public.exchange.admin)