Re: [fw-wiz] Exchange & Blackberry

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 06/22/04

  • Next message: Nathan Casey: "[fw-wiz] Access to internal resources" 
    To: strider@mailworks.org
Date: Tue, 22 Jun 2004 08:13:42 -0400 (EDT)

    On Tue, 22 Jun 2004 strider@mailworks.org wrote:

    [Snip the good stuff...]

    > As for Blackberry, it's a risk tradeoff. What's the chances of that
    > outbound connection doing bad things vs. the pain of trying to get it
    > config'ed in the DMZ and what would that buy you?
    >

    More importantly, what does your security policy say about the
    requirements for such servers/services?

    Every decision point shouldn't require a completely new assessment, it
    should require going into a category of risk management that's already
    outlined, with the appropriate software and hardware infrastructure needs
    outlined, and adjusting for the quirks of the particular thing.

    For instance "This type of server only gets access to the communications
    segment," or "This type of server doesn't get carte blanch access to the
    internal network," or "This type of server has to be on a separate
    external segment" are all valid security policy statements- but the policy
    should address such things at a macro level, with detailed adjustments
    for implementation.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Nathan Casey: "[fw-wiz] Access to internal resources"

    Relevant Pages

    • Domain Controller Security Policy errors
      ... Security Policy or the Domain Controller Security Policy. ... The DC is also a print and file server. ... The domain controller for Group Policy operations is not available. ...
      (microsoft.public.win2000.active_directory)
    • Re: issue accessing an AD server
      ... You can reset local security settings to default defined levels as described ... However on a domain controller, ... Security Policy will override user rights assignments. ... > restore the server from tape. ...
      (microsoft.public.win2000.security)
    • Re: Application.StartupPath
      ... bellow steps to change your app's security policy settings. ... company's Network admin set up a login script to run the installer - I ... However when I just copy the exe file to the file server (along with the ... This xml file is located in the same folder as the executable. ...
      (microsoft.public.dotnet.languages.vb)
    • Re: Interactive Logon Prohibited on DC
      ... What security policy did you change? ... there a TS license server up and running? ... although this is setup just as Terminal Services in Remote ...
      (microsoft.public.windows.terminal_services)
    • Re: Cant change security policy
      ... > I'll try to get the secure passwords accepted by the client, ... > logon to the server from the network. ... > There was a problem when I tried installing the AD and Exchange with the ... >> improved security policy that will go into effect 7 days after the system is ...
      (microsoft.public.windows.server.sbs)