RE: Exchange/MAPI/RPC
From: Adrian Romo (ARomo@quilogy.com)
Date: 03/11/03
- Previous message: Chris Norris: "Re: Exchange/MAPI/RPC"
- Maybe in reply to: Joseph Burton: "Exchange/MAPI/RPC"
- Next in thread: Pidgorny, Slav: "RE: Exchange/MAPI/RPC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 Mar 2003 21:34:34 -0600 From: "Adrian Romo" <ARomo@quilogy.com> To: "Joseph Burton" <joseph_burton1970@hotmail.com>, <focus-ms@securityfocus.com>
Assuming your client is about to implement Exchange 2000, there is one
important thing that has not been mentioned yet. Outlook was designed
to be used on a private network. In particular, Outlook 2000 and XP
query global catalog servers for Global Address List lookups and
distribution list name resolution. Do a packet capture of Outlook
traffic and you will see a split between traffic going to the Exchange
server and traffic going to a GC. If an Outlook client is sitting on
the Internet, it won't work properly unless it can contact a GC. One
option is to but a domain controller/global catalog server on the
Internet...but that is tantamount to rolling out the red carpet. A more
reasonable option is to publish Exchange RPC with ISA Server and
implement the registry modification from MS KB article 302914 that
instructs the Exchange server to query the global catalog on behalf of
Outlook clients. Using a VPN is definitely the cleanest and most secure
option, just not the easiest for users. It all boils down to what your
client values more, ease of use or security.
Adrian
-----Original Message-----
From: Joseph Burton [mailto:joseph_burton1970@hotmail.com]
Sent: Saturday, March 08, 2003 10:08 AM
To: focus-ms@securityfocus.com
Subject: Exchange/MAPI/RPC
Hello all,
I have a client that will soon start using Microsoft Exchange, and I
have a
question regarding the Outlook client. The Exchange client in Outlook
uses
the MAPI protocol which uses RPC to communicate with the Exchange
server. I
know it's not recommended to connect from the Internet using MAPI,
without
using any form av encryption like IPSec.
My question is simply, why? Why is it dangerous to use MAPI/RPC over
Internet? Is the password sent in clear text or something? I need some
good
arguments to convince my client to use VPN for the roaming users.
Thanks in advance,
//Joe
_________________________________________________________________
Skaffa fler messengerkontakter - Vinn 10.000 i resecheckar!
http://messenger.msn.se/promo
- Previous message: Chris Norris: "Re: Exchange/MAPI/RPC"
- Maybe in reply to: Joseph Burton: "Exchange/MAPI/RPC"
- Next in thread: Pidgorny, Slav: "RE: Exchange/MAPI/RPC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
