RE: Windows/Exchange security auditing tool
From: Bourque Daniel (Daniel.Bourque_at_loto-quebec.com)
Date: 09/05/04
- Previous message: Jordan Wiseman: "RE: XP-SP2 "Feature""
- Maybe in reply to: Rod Dickerson: "Windows/Exchange security auditing tool"
- Next in thread: Jay Abshier: "RE: Windows/Exchange security auditing tool"
- Reply: Jay Abshier: "RE: Windows/Exchange security auditing tool"
- Reply: Sarbjit Singh Gill: "RE: Windows/Exchange security auditing tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: 'Chad Lorenc ' <CLorenc@entfederal.com>, "'focus-ms@securityfocus.com '" <focus-ms@securityfocus.com> Date: Sun, 5 Sep 2004 16:13:37 -0400
What about using a reverse Proxy in the DMZ to keep OWA inside?
Better, keep the OWA server inside isolate with access list so it can only
talk to the DC and the Exchange server?
I think you should look at Microsoft ISA server for that role or use
dedicated box like Ciphertrust Ironmail.
-----Message d'origine-----
De: Chad Lorenc
A: focus-ms@securityfocus.com
Date: 9/2/2004 6:00 PM
Objet: RE: Windows/Exchange security auditing tool
I have a quick question, we are rolling out exchange 2003 with OWA. Our
OWA server sits one of our DMZ's, because of the active directory
component the engineers state that OWA must be a part of our internal AD
domain. We currently do not have any servers bridging the internal AD
domain into the DMZ's.
Is there anyway around this requirement?
How significant of a risk does this create, or more importantly are the
feasible exploits past information probing?
We do have multiple layers of protection such as two factor
authentication (AD login + random authenticator), host monitoring,
firewall rules, VLAN's etc. I am just curious, on its own, what kind of
risk we assume with this design.
Chad Lorenc
DISCLAIMER:
The information contained in this email and in any attachments is
intended for the person or entity to which it is addressed and may
contain confidential and/or privileged material. If you have received
this email in error, please notify us immediately by replying to the
message and delete the email from your computer. Use of this information
by persons or entities other than the intended recipient is prohibited.
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Jordan Wiseman: "RE: XP-SP2 "Feature""
- Maybe in reply to: Rod Dickerson: "Windows/Exchange security auditing tool"
- Next in thread: Jay Abshier: "RE: Windows/Exchange security auditing tool"
- Reply: Jay Abshier: "RE: Windows/Exchange security auditing tool"
- Reply: Sarbjit Singh Gill: "RE: Windows/Exchange security auditing tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
