RE: Securing OWA w/SSL on IIS5.0

From: Evan Mann (emann@questinc.org)
Date: 01/05/02 

From: Evan Mann <emann@questinc.org>
To: "'Ogle Ron (Rennes) '" <OgleR@thmulti.com>, Evan Mann <emann@questinc.org>, "''focus-ms@securityfocus.com' '" <focus-ms@securityfocus.com>
Date: Sat, 5 Jan 2002 11:24:26 -0500

Unfortunately, I am not at the luxury of taking the time or resources to do
things like you suggest. People always come up with some form of idea that
entails using Linux as the cheap route, but this also means one needs to
learn how to do these things in Linux, or go with a route that requires
spending money. In the end, it's just not worth it given the circumstance
and resources available. Some people may call you a bad admin for not doin
everything possible to make your OWA box as secure as possible, but when you
evaluate the use of the system, and the security measures you currently
have, it sometimes cones down the fact that it is simply not worth the
effort.
 

-----Original Message-----
From: Ogle Ron (Rennes)
To: 'Evan Mann'; 'focus-ms@securityfocus.com'
Sent: 1/4/2002 8:07 PM
Subject: RE: Securing OWA w/SSL on IIS5.0

I've looked at this issue myself for my organization. You have some
security issues that you have to solve. First SSL by itself doesn't
solve
completely your issues. With your current setup, you have some big
problems, you have IIS directly connected to the Internet and you can't
trust the client.

<---snipped-->

Relevant Pages

  • Organisational aspects in security design
    ... the fundament of IT security. ... assignment of responsibilities through to the distribution of control ... Lack of resources or unsuitable resources ... Rights of admission and of access to hardware and software are applied ...
    (comp.security.misc)
  • Re: The end of Seti
    ... resources upon whatever's a whole lot closer to home. ... placing a 10 meter KECK into LL-1 might become worth ... Manned expeditions to/from that LL-1 location (parked roughly 60,000 km ...
    (sci.astro.seti)
  • Re: Distribution group kept changing
    ... Could be anything, public folders, calendars, folders in a mailbox. ... Trying to locate the resources the group is being applied to could be extremely difficult unless you have a very small deployment or you have scripts that can enumerate through all permissions. ... if a distribution group is being used to secure ANY exchange resource, exchange will security enable the group....with "security enable the group" is what is meant by converting a distribution group to a security group ... These groups we created are distribution groups and for email purposes. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Distribution group kept changing
    ... Trying to locate the resources the group is being applied to could be ... Most likely, which exchange ... exchange will security enable the group....with "security enable the group" ... These groups we created are distribution groups and for email purposes. ...
    (microsoft.public.windows.server.active_directory)
  • Re: What price immortality?
    ... scarcest of resources is usually capital. ... and all the immortal retirees would have to go back to work. ... worth $1000 in 1900 dollars. ... A yield of 3.08% after taxes would have been enough to preserve the ...
    (rec.arts.sf.written)