RE: Securing OWA w/SSL on IIS5.0

From: Evan Mann (emann@questinc.org)
Date: 01/05/02


From: Evan Mann <emann@questinc.org>
To: "'Ogle Ron (Rennes) '" <OgleR@thmulti.com>, Evan Mann <emann@questinc.org>, "''focus-ms@securityfocus.com' '" <focus-ms@securityfocus.com>
Date: Sat, 5 Jan 2002 11:24:26 -0500 

Unfortunately, I am not at the luxury of taking the time or resources to do
things like you suggest. People always come up with some form of idea that
entails using Linux as the cheap route, but this also means one needs to
learn how to do these things in Linux, or go with a route that requires
spending money. In the end, it's just not worth it given the circumstance
and resources available. Some people may call you a bad admin for not doin
everything possible to make your OWA box as secure as possible, but when you
evaluate the use of the system, and the security measures you currently
have, it sometimes cones down the fact that it is simply not worth the
effort.
 

-----Original Message-----
From: Ogle Ron (Rennes)
To: 'Evan Mann'; 'focus-ms@securityfocus.com'
Sent: 1/4/2002 8:07 PM
Subject: RE: Securing OWA w/SSL on IIS5.0

I've looked at this issue myself for my organization. You have some
security issues that you have to solve. First SSL by itself doesn't
solve
completely your issues. With your current setup, you have some big
problems, you have IIS directly connected to the Internet and you can't
trust the client.

<---snipped-->



Relevant Pages

  • Organisational aspects in security design
    ... the fundament of IT security. ... assignment of responsibilities through to the distribution of control ... Lack of resources or unsuitable resources ... Rights of admission and of access to hardware and software are applied ...
    (comp.security.misc)
  • Re: The end of Seti
    ... resources upon whatever's a whole lot closer to home. ... placing a 10 meter KECK into LL-1 might become worth ... Manned expeditions to/from that LL-1 location (parked roughly 60,000 km ...
    (sci.astro.seti)
  • Re: Distribution group kept changing
    ... Could be anything, public folders, calendars, folders in a mailbox. ... Trying to locate the resources the group is being applied to could be extremely difficult unless you have a very small deployment or you have scripts that can enumerate through all permissions. ... if a distribution group is being used to secure ANY exchange resource, exchange will security enable the group....with "security enable the group" is what is meant by converting a distribution group to a security group ... These groups we created are distribution groups and for email purposes. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Distribution group kept changing
    ... Trying to locate the resources the group is being applied to could be ... Most likely, which exchange ... exchange will security enable the group....with "security enable the group" ... These groups we created are distribution groups and for email purposes. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Roles in context
    ... domain resources if you were in the machine's administrator group" the ... to resources it is instead the security identifier of the logged ... Brown's security book: ... > AzMan is a component of Windows Server 2003 which can also be installed on ...
    (microsoft.public.dotnet.security)