RE: Exchange/MAPI/RPC

• Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #128"
• Maybe in reply to: Joseph Burton: "Exchange/MAPI/RPC"
• Next in thread: Chris Norris: "Re: Exchange/MAPI/RPC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Campbell, Ian C" <ian.c.campbell@eds.com>
To: "'Joseph Burton'" <joseph_burton1970@hotmail.com>
Date: Mon, 10 Mar 2003 16:10:44 -0500

Regardless of the security implications of opening MAPI/RPC to a public
network, you should not do this. You will never know all the exploits
available.

The most convincing argument in my mind is simply: if you don't need the
general public accessing a particular service, don't make a connection to
that service available to the general public. Use a VPN to control who can
connect to the service in the first place.

-----Original Message-----
From: Joseph Burton [mailto:joseph_burton1970@hotmail.com]
Sent: March 8, 2003 11:08 AM
To: focus-ms@securityfocus.com
Subject: Exchange/MAPI/RPC

Hello all,

I have a client that will soon start using Microsoft Exchange, and I have a
question regarding the Outlook client. The Exchange client in Outlook uses
the MAPI protocol which uses RPC to communicate with the Exchange server. I
know it's not recommended to connect from the Internet using MAPI, without
using any form av encryption like IPSec.

My question is simply, why? Why is it dangerous to use MAPI/RPC over
Internet? Is the password sent in clear text or something? I need some good
arguments to convince my client to use VPN for the roaming users.

Thanks in advance,

//Joe

_________________________________________________________________
Skaffa fler messengerkontakter - Vinn 10.000 i resecheckar!
http://messenger.msn.se/promo

• Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #128"
• Maybe in reply to: Joseph Burton: "Exchange/MAPI/RPC"
• Next in thread: Chris Norris: "Re: Exchange/MAPI/RPC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]