FW: Exchange Server and External Access
From: Cherian M. Palayoor (cpalayoor_at_cwalkergroup.com)
Date: 08/23/03
- Previous message: Lucas Zaichkowsky: "RE: VPN Question"
- Maybe in reply to: Cherian M. Palayoor: "Exchange Server and External Access"
- Next in thread: Cherian M. Palayoor: "RE: FW: Exchange Server and External Access"
- Maybe reply: Cherian M. Palayoor: "RE: FW: Exchange Server and External Access"
- Reply: chort: "Re: FW: Exchange Server and External Access"
- Maybe reply: Cherian M. Palayoor: "RE: FW: Exchange Server and External Access"
- Maybe reply: some guy: "Re: FW: Exchange Server and External Access"
- Maybe reply: Cherian M. Palayoor: "RE: FW: Exchange Server and External Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Aug 2003 16:53:25 -0700 To: <security-basics@securityfocus.com>
Thanks for the suggestions.
Based on the feedback so far, there appears to 2 school of thought....
Solution 1) Have Exchange setup in a FE/BE configuration with the FE in the
DMZ and the BE in the internal LAN. Have the FE poll the BE
through a secure link using SSL.
Problem : Too expensive, requires Exchange Enterprise and not to mention
Windows Advanced Server.
Also it may not resolve the problem as what I am primarily hoping
to achieve here is faster access time. We presently have
to traverse through a WAN cloud and 2 firewalls to get to the Internet and
the DMZ.
Solution 2) Move the Exchange Server to the DMZ and set it up either as an
OWA or POP3 Server.
Problem : This would affect internal user access speed and also the OWA
option would negatively impact users fed on a diet of Outlook's convenience.
Is it possible to run a third part Server like possibly Sendmail to front
end Exchange ?
Regards
CP
-----Original Message-----
From: Jeff Huston [mailto:JeffH@gatesfoundation.org]
Sent: Friday, August 22, 2003 1:24 PM
To: Cherian M. Palayoor
Subject: RE: Exchange Server and External Access
Use Exchange's front-end / back-end technology. Set up the front-end
server in the DMZ (remember to only allow SSL access!), then use IPSec
to connect it to the back-end server (presumably in your production
network). Users can then access their mailbox data through Outlook Web
Access. You can also do this for POP3 / IMAP4 access, but these can be
somewhat less secure (unless you activate SSL for each of these as
well).
-- Jeff
-----Original Message-----
From: Cherian M. Palayoor [mailto:cpalayoor@cwalkergroup.com]
Sent: Friday, August 22, 2003 10:26 AM
To: security-basics@securityfocus.com
Subject: Exchange Server and External Access
Hi,
We presently use the Std edition of Exchange 2000 as a mail server for
our
internal users, behind the Firewall.
However we would like to grant mailbox access to external users outside
the
Firewall.
What would be the most secure and efficient method of accomplishing
this.
One stream of thought that I have been entertaining is having a separate
Exchange/Mail Server on the DMZ.
Now this solution would result in having to maintain 2 separate
mailboxes for
internal and external users. This creates problems for users who would
access
their emails from both inside and outside the office.
How can I workaround this problem.
Thanks in advance for any suggestions.
Regards
CP
Scanned by Webshield E250
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ ---- Scanned by Webshield E250 Scanned by Webshield E250 --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
- Previous message: Lucas Zaichkowsky: "RE: VPN Question"
- Maybe in reply to: Cherian M. Palayoor: "Exchange Server and External Access"
- Next in thread: Cherian M. Palayoor: "RE: FW: Exchange Server and External Access"
- Maybe reply: Cherian M. Palayoor: "RE: FW: Exchange Server and External Access"
- Reply: chort: "Re: FW: Exchange Server and External Access"
- Maybe reply: Cherian M. Palayoor: "RE: FW: Exchange Server and External Access"
- Maybe reply: some guy: "Re: FW: Exchange Server and External Access"
- Maybe reply: Cherian M. Palayoor: "RE: FW: Exchange Server and External Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
