AW: Exchange/MAPI/RPC

From: Jens Mickerts (j.mickerts@bmp-si.de)
Date: 03/10/03

  • Next message: Brian W. Spolarich: "RE: Exchange/MAPI/RPC" 
    Date: Mon, 10 Mar 2003 20:27:48 +0100
From: "Jens Mickerts" <j.mickerts@bmp-si.de>
To: "Joseph Burton" <joseph_burton1970@hotmail.com>, <focus-ms@securityfocus.com>

    Hi,

    the password and the data can be encrypted, so this is not the issue. But to ensure communications, you have to open the RPC-Endpoint-Mapper and two or three additional high ports to the Exchange Server and it could be possible to DoS or hack the Exchange Server using these ports. For one of the high ports is used to connect to the Information Store even corrupting/deleting data could be accomplished. So the reason for using a VPN is to protect the Exchange server from a direct connection to the internet.
    For you can often implement an IPSec or PPTP VPN without any additional licensing costs this should be done and I do not even see the need to have arguments on this.

    Gruß,

    Jens Mickerts
     

    -----Ursprüngliche Nachricht-----
    Von: Joseph Burton [mailto:joseph_burton1970@hotmail.com]
    Gesendet: Samstag, 8. März 2003 17:08
    An: focus-ms@securityfocus.com
    Betreff: Exchange/MAPI/RPC

    Hello all,

    I have a client that will soon start using Microsoft Exchange, and I have a
    question regarding the Outlook client. The Exchange client in Outlook uses
    the MAPI protocol which uses RPC to communicate with the Exchange server. I
    know it's not recommended to connect from the Internet using MAPI, without
    using any form av encryption like IPSec.

    My question is simply, why? Why is it dangerous to use MAPI/RPC over
    Internet? Is the password sent in clear text or something? I need some good
    arguments to convince my client to use VPN for the roaming users.

    Thanks in advance,

    //Joe

    _________________________________________________________________
    Skaffa fler messengerkontakter - Vinn 10.000 i resecheckar!
    http://messenger.msn.se/promo

  • Next message: Brian W. Spolarich: "RE: Exchange/MAPI/RPC"

    Relevant Pages

    • Re: best way to recreate a mailbox
      ... >> some changes in PSS recently, so please take advantage of any request to ... I exhausted what I could do by phone and told the client, ... data loss can occur from running utilities against your Exchange ... >>> There is also a problem, likely related, with Backup Exec. ...
      (microsoft.public.windows.server.sbs)
    • Re: AD Site Topology
      ... authenticating with a domain controller in a different physical ... to a GC outside of it's physical location resulting in Outlook ... local infrastrcuture i.e. DC's/F&P but not exchange. ... client side is a good point though although I thought MS improved the ...
      (microsoft.public.win2000.active_directory)
    • Re: AD Site Topology
      ... to a GC outside of it's physical location resulting in Outlook ... local infrastrcuture i.e. DC's/F&P but not exchange. ... client happended to authenticate with infrastrcuture outside of its ... local to the Exchange Servers and in other physical locations. ...
      (microsoft.public.win2000.active_directory)
    • RE: Outlook trying to connect.......
      ... does outlook client connect to exchange server ...
      (microsoft.public.windows.server.sbs)
    • Re: User authentication IPsec
      ... View Output Logs for details ... Ping Diagnosis: ... NAP Client Diagnosis: ... IPsec Service Diagnosis: ...
      (microsoft.public.windows.server.active_directory)