Re: [fw-wiz] Outlook Web Access - Paranoid?

From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 12/01/02

• Next message: kronos@datastreamcowboys.net: "[fw-wiz] OWA and Risk Assesment"
• Previous message: Devdas Bhagat: "Re: [fw-wiz] Outlook Web Access - Paranoid?"
• In reply to: Devdas Bhagat: "Re: [fw-wiz] Outlook Web Access - Paranoid?"
• Next in thread: Shimon Silberschlag: "[fw-wiz] IP/HTTP from the internet to internal network"
• Reply: Shimon Silberschlag: "[fw-wiz] IP/HTTP from the internet to internal network"
• Reply: Luca Berra: "Re: [fw-wiz] Outlook Web Access - Paranoid?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Mikael Olsson <mikael.olsson@clavister.com>
To: Devdas Bhagat <dvb@users.sourceforge.net>
Date: Sun Dec  1 19:23:01 2002

Devdas Bhagat wrote:
>
> On 30/11/02 11:39 -0800, Matt Wilbur wrote:
> > If you just need to give end users access to email and email directory
> > services from the outside, why not use one of the many "webmail"
> > applications out there, all of which need far less access to your
> > internal networks. You could plunk, for example, squirrelmail out on a
> > DMZ system, allow port 143 (IMAP) and port 389 (LDAP) to an exchange
>
> I would suggest imaps(993) and ldaps(636). If your webmail client
> doesn't support that, zebeedee or stunnel could help in creating the SSL
> connections.
> No use running plain text all over the place when SSL certificates are
> free.

What is the point of running SSL connections from the web server front-end
to the mail server back-end?

If the web server gets owned, I would argue that this ADDS exposure,
not the other way around.

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com

• Next message: kronos@datastreamcowboys.net: "[fw-wiz] OWA and Risk Assesment"
• Previous message: Devdas Bhagat: "Re: [fw-wiz] Outlook Web Access - Paranoid?"
• In reply to: Devdas Bhagat: "Re: [fw-wiz] Outlook Web Access - Paranoid?"
• Next in thread: Shimon Silberschlag: "[fw-wiz] IP/HTTP from the internet to internal network"
• Reply: Shimon Silberschlag: "[fw-wiz] IP/HTTP from the internet to internal network"
• Reply: Luca Berra: "Re: [fw-wiz] Outlook Web Access - Paranoid?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Extranet ... > internal users will use Integrated Authentication and http NOT https whilst ... Remove the SSL access from the existing portal. ... Your LAN users access the host header portal from the LAN and do the ... (microsoft.public.sharepoint.portalserver) Sequel Overflow or Timeout? ... Then users access the ... dynamic tables with a web interface. ... One of the ASP pages has several nested queries that ... On the web server that has the exact code, ... (microsoft.public.sqlserver.programming) Re: [fw-wiz] Outlook Web Access - Paranoid? ... > If you just need to give end users access to email and email directory ... If your webmail client ... No use running plain text all over the place when SSL certificates are ... (Firewall-Wizards) InterOrg and Internet Free Busy ... publishing to our own web server instead. ... response I got on this subject it somewhat made ... overhead opens up the firewall and allows users access to ... webmail, won't fly with security and rightly so. ... (microsoft.public.exchange2000.connectivity) Redirecting Http:// to Https:// ... I have a site that I want to make all users access via ssl (https). ... Regards, ... (microsoft.public.inetserver.iis.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint