RE: Exchange/MAPI/RPC

• Previous message: Adrian Romo: "RE: Exchange/MAPI/RPC"
• In reply to: Chris Norris: "Re: Exchange/MAPI/RPC"
• Next in thread: Adrian Romo: "RE: Exchange/MAPI/RPC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "shannong" <shannong@texas.net>
To: "'Chris Norris'" <cnorris@continental-microwave.co.uk>, <focus-ms@securityfocus.com>
Date: Tue, 11 Mar 2003 15:59:09 -0600

Actually, what Chris has setup is what is recommended in general.
Exchange is not being made accessible to the Internet. ISA was made
available to the Internet. Only authenticated users can access Exchange
through the ISA server. Using some form of access-control is
recommended for all services exposed to the Internet when possible.
This mitigates a lot of the problems and concerns.

-Shannon

-----Original Message-----
From: Chris Norris [mailto:cnorris@continental-microwave.co.uk]
Sent: Tuesday, March 11, 2003 1:52 AM
To: focus-ms@securityfocus.com
Subject: Re: Exchange/MAPI/RPC

I use Microsoft ISA server and use the techniques described on
isaserver.org
to publish MAPI/RPC for Exchange 2000.
It's simple, safe, secure - my only gripe is it's a bit slow.
I have run countless security attacks using all the available tool(z)
and
have yet to read about a vulnerability using ISA/Exchange in this way.

• Previous message: Adrian Romo: "RE: Exchange/MAPI/RPC"
• In reply to: Chris Norris: "Re: Exchange/MAPI/RPC"
• Next in thread: Adrian Romo: "RE: Exchange/MAPI/RPC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]