RE: [fw-wiz] PIX -> ISA -> OWA Configuration

From: Behm, Jeffrey L. (BehmJL_at_bvsg.com)
Date: 05/06/05

  • Next message: Victor Williams: "Re: [fw-wiz] PIX -> ISA -> OWA Configuration" 
    To: "Paul Melson" <psmelson@comcast.net>, <woodsd001@hawaii.rr.com>
Date: Fri, 6 May 2005 09:00:45 -0500

    On Thursday, May 05, 2005 2:21 PM, Paul Melson spake:

    >PS - How come nobody's come back with, "The most secure option is to
    not use
    >OWA at all and make people check their e-mail from the office like
    normal
    >human beings." ?
    Even more restrictive: "Why not just completely disconnect from the
    Internet, send all computers to the shredder, and install DNA
    authentication equipment to get in the front door?" Because we as
    security
    professionals have to help our companies to balance the risks with
    keeping the business open. My company has folks traveling the globe
    doing
    work, sometimes sitting on other company's networks for a few days, and
    those companies may not allow VPN connectivity outbound, but do allow
    HTTPS.
    These folks have no ability to "come into the office to check their
    email."

    >If you apply that option to the risk valuation I use
    >above, you get a sum of 0. Clearly better than the rest.
    May not be better than the rest if the physical security at said office
    is less than adequate. We all need to remember to weigh all the risks,
    not
    just the technology ones.

    Jeff
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Victor Williams: "Re: [fw-wiz] PIX -> ISA -> OWA Configuration"