RE: Accessing mail from the web
From: Frank Knobbe (FKnobbe@KnobbeITS.com)Date: 08/14/01
- Previous message: Jan Falkenreck: "perl,ODBC Access"
- Maybe in reply to: Andrew Langton: "Accessing mail from the web"
- Next in thread: Andrew Langton: "RE: Accessing mail from the web"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <32CD6FE22EAB444BB1D27C10949A0E7C14FA65@server1.home.knobbeits.com> From: Frank Knobbe <FKnobbe@KnobbeITS.com> To: 'Aaron Zirbes' <ajz@cccs.umn.edu>, security-basics@securityfocus.com, focus-ms@securityfocus.com Subject: RE: Accessing mail from the web Date: Tue, 14 Aug 2001 09:42:52 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Aaron Zirbes [mailto:ajz@cccs.umn.edu]
> Sent: Monday, August 13, 2001 3:19 PM
>
> According to the document, it requires IIS to be installed.
> That is another door open to the world that he doesn't want to
> open.
>
> "Outlook Web Access is installed as part of the default setup
> of Exchange
> 2000; it requires Windows 2000 and IIS 5.0 to be installed."
Then close the door. If the system is a) properly hardened, b) behind
a stateful firewall in the DMZ (i.e. third NIC), c) access to web
pages requires authentication, d) using SSL certificate, e)
controlled access to Exchange server (read: fixed ports), then I
think the level of risk should be in the 'acceptable' realm.
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.
iQA/AwUBO3k47JytSsEygtEFEQK6eQCfaHiiUHTiCyLFZo6n82GMOc+eJYcAoKzH
ludQdlXf9eCTfkRyKDPGIOBG
=eSR6
-----END PGP SIGNATURE-----
- Previous message: Jan Falkenreck: "perl,ODBC Access"
- Maybe in reply to: Andrew Langton: "Accessing mail from the web"
- Next in thread: Andrew Langton: "RE: Accessing mail from the web"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
