Re: FW: Exchange Server and External Access

From: some guy (someguy_555_at_hotmail.com)
Date: 08/27/03

  • Next message: Cherian M. Palayoor: "RE: FW: Exchange Server and External Access" 
    To: cpalayoor@cwalkergroup.com, security-basics@securityfocus.com
Date: Wed, 27 Aug 2003 14:36:01 +0000

    Hello Everybody,
    I have been watching this thread with interest because i am facing a similar
    situation at the moment. Currently what i have set up is a Linux server
    which is running Horde and Imp (php-based webmail software) which makes imap
    connections to the exchange server. The linux box also runs the firewall and
    internet connection. I know it could be more secure but this is the best i
    can do with limited hardware. Anyway the users now want to be able to access
    documents from home. They usually use Word, except it is embedded in various
    macros and templates etc. etc. I am currently thinking of setting up another
    computer to run Terminal Services and allow them to remotely connect to
    that. There would only probably be max 2 users at a time. Does anyone see
    any major problems with this? I like this idea in theory because no software
    is needed to be installed (just use activeX through a webpage which i can
    put password protection on and embed in Horde) and it presents a screen they
    are familiar with. Also on a secondary point how well does TS work over
    dialup?
    Thanks for any advice you can give. I suspect i will get a number of howling
    cries of terrible security practice...:-)
    -Scott

    >From: "Cherian M. Palayoor" <cpalayoor@cwalkergroup.com>
    >To: <security-basics@securityfocus.com>
    >Subject: FW: Exchange Server and External Access
    >Date: Fri, 22 Aug 2003 16:53:25 -0700
    >
    >
    >
    >Thanks for the suggestions.
    >
    >Based on the feedback so far, there appears to 2 school of thought....
    >
    >Solution 1) Have Exchange setup in a FE/BE configuration with the FE in the
    >DMZ and the BE in the internal LAN. Have the FE poll the BE
    >through a secure link using SSL.
    >
    >Problem : Too expensive, requires Exchange Enterprise and not to mention
    >Windows Advanced Server.
    > Also it may not resolve the problem as what I am primarily
    >hoping
    >to achieve here is faster access time. We presently have
    >to traverse through a WAN cloud and 2 firewalls to get to the Internet and
    >the DMZ.
    >
    >Solution 2) Move the Exchange Server to the DMZ and set it up either as an
    >OWA or POP3 Server.
    >
    >Problem : This would affect internal user access speed and also the OWA
    >option would negatively impact users fed on a diet of Outlook's
    >convenience.
    >
    >Is it possible to run a third part Server like possibly Sendmail to front
    >end Exchange ?
    >
    >Regards
    >
    >CP
    >
    >-----Original Message-----
    >From: Jeff Huston [mailto:JeffH@gatesfoundation.org]
    >Sent: Friday, August 22, 2003 1:24 PM
    >To: Cherian M. Palayoor
    >Subject: RE: Exchange Server and External Access
    >
    >
    >Use Exchange's front-end / back-end technology. Set up the front-end
    >server in the DMZ (remember to only allow SSL access!), then use IPSec
    >to connect it to the back-end server (presumably in your production
    >network). Users can then access their mailbox data through Outlook Web
    >Access. You can also do this for POP3 / IMAP4 access, but these can be
    >somewhat less secure (unless you activate SSL for each of these as
    >well).
    >
    >-- Jeff
    >
    >-----Original Message-----
    >From: Cherian M. Palayoor [mailto:cpalayoor@cwalkergroup.com]
    >Sent: Friday, August 22, 2003 10:26 AM
    >To: security-basics@securityfocus.com
    >Subject: Exchange Server and External Access
    >
    >Hi,
    >
    >We presently use the Std edition of Exchange 2000 as a mail server for
    >our
    >internal users, behind the Firewall.
    >
    >However we would like to grant mailbox access to external users outside
    >the
    >Firewall.
    >
    >What would be the most secure and efficient method of accomplishing
    >this.
    >
    >One stream of thought that I have been entertaining is having a separate
    >Exchange/Mail Server on the DMZ.
    >
    >Now this solution would result in having to maintain 2 separate
    >mailboxes for
    >internal and external users. This creates problems for users who would
    >access
    >their emails from both inside and outside the office.
    >
    >How can I workaround this problem.
    >
    >Thanks in advance for any suggestions.
    >
    >Regards
    >
    >CP
    >
    >
    > Scanned by Webshield E250
    >
    >
    >
    >------------------------------------------------------------------------
    >---
    >------------------------------------------------------------------------
    >----
    >
    >
    >
    > Scanned by Webshield E250
    >
    >
    >
    >
    > Scanned by Webshield E250
    >
    >
    >
    >---------------------------------------------------------------------------
    >Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
    >October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
    >technical IT security event. Modeled after the famous Black Hat event in
    >Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    >Symantec is the Diamond sponsor. Early-bird registration ends September
    >6.Visit us: www.blackhat.com
    >----------------------------------------------------------------------------
    >

    _________________________________________________________________
    ninemsn Extra Storage comes with McAfee Virus Scanning - to keep your
    Hotmail account and PC safe. Click here http://join.msn.com/

    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
    October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
    technical IT security event. Modeled after the famous Black Hat event in
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
    ----------------------------------------------------------------------------

  • Next message: Cherian M. Palayoor: "RE: FW: Exchange Server and External Access"

    Relevant Pages

    • Re: PocketPC user and ActiveSync over Internet
      ... Under ActiveSync on the PocketPC, ... Synchronize with Exchange Server ... So it contacted the Exchange server and grab the mail, ... Open the Server Management console and click the Internet and E-mail ...
      (microsoft.public.windows.server.sbs)
    • OWA... Cant get it to work.
      ... Do you install iis together with the exchange server in ... with the Microsoft Outlook Web Access components that are ... Microsoft Exchange Server ...
      (microsoft.public.exchange.misc)
    • Re: Email Configuration
      ... To send internet mail you should not need to do anything special. ... > on the server is configured with fowarders pointing to the IP Addresses that> our ISP gave us so we can have internet access. ... > Currently we have a groupwise server that we are going to replace with an> Exchange server. ... > Would this help me with internet mail, or do i still need to configure a> recipient policy. ...
      (microsoft.public.exchange.setup)
    • RE: Catchall not working, EXTERNALLY?
      ... Exchange server 2003 supports multiple clients, such as OWA, MAPI ... Microsoft CSS Online Newsgroup Support ... When I open the connection (over internet) to my exchange account, ...
      (microsoft.public.windows.server.sbs)
    • RE: Catchall not working, EXTERNALLY?
      ... Microsoft CSS Online Newsgroup Support ... but we will start using the exchange server fully ... When I open the connection (over internet) to my exchange account, ...
      (microsoft.public.windows.server.sbs)
    Loading