Re: [fw-wiz] Single Exchange/OWA on LAN with Internet Access - a good

From: Patrick M. Hausen (hausen_at_punkt.de)
Date: 11/21/05

  • Next message: Ravdal, Stig: "RE: [fw-wiz] Single Exchange/OWA on LAN with Internet Access - a good" 
    To: "Ravdal, Stig" <SRavdal@Quiznos.com>
Date: Mon, 21 Nov 2005 15:32:31 +0100 (CET)

    Hello!

    Stig wrote:

    > Our MS admins are proposing to implement single OWA/Exchange servers
    > on the LAN and allow access directly to the server through the firewall.

    IMHO this depends entirely on your definition of "firewall".

    If the "firewall" in question is nothing more than a stupid
    packet filtering device, then your network will be at a big risk.

    If the firewall can do things like control what happens inside
    the HTTP traffic for OWA, terminate SSL on the firewall for that
    purpose, provide strong token based authentication _before_
    the connection even hits your exchange server ... then I'd say
    the benefits might outweigh the remaining risk.

    Somehow most admins have been brain washed to believe that
    "firewalls" are all about "port numbers". IMNSHO they are not.
    They are choke points for policy enforcment. And policy includes
    much more than just ports.

    Regards, HTH,

    Patrick M. Hausen
    Leiter Netzwerke und Sicherheit 

    -- 
punkt.de GmbH         Internet - Dienstleistungen - Beratung
Vorholzstr. 25        Tel. 0721 9109 -0 Fax: -100
76137 Karlsruhe       http://punkt.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Ravdal, Stig: "RE: [fw-wiz] Single Exchange/OWA on LAN with Internet Access - a good"

    Relevant Pages

    • Re: How to Maintain an IIS Server?
      ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
      (microsoft.public.inetserver.iis.security)
    • Re: CEICW fails at firewall config
      ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
      (microsoft.public.windows.server.sbs)
    • Re: How to Maintain an IIS Server?
      ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ...
      (microsoft.public.inetserver.iis.security)
    • Re: Activesync / Airsync - Alternative Ports
      ... Setup a reverse HTTP proxy. ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to ...
      (microsoft.public.pocketpc.activesync)
    • Re: Activesync / Airsync - Alternative Ports
      ... "Chris De Herrera" wrote: ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to 8888 ...
      (microsoft.public.pocketpc.activesync)