Re: Is it better let users access webmail with different URL's inside vs. outside ?
From: Byron Hynes (nospam_at_byronetta.com)
Date: 04/01/05
- Next message: Mark Randall: "Re: School district and creative way to handle student passwords ?"
- Previous message: Byron Hynes: "Re: School district and creative way to handle student passwords ?"
- In reply to: Marlon Brown: "Is it better let users access webmail with different URL's inside vs. outside ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Mar 2005 19:48:23 -0800
> However, I talked today to another securty guy and he claims that it
> is better to distinguish URL's and let ISA between external traffic
> (https://webmail.domain.com/exchange). If I make the 'internal' users
> getting redirected to the ISA box in the DMZ, that means anyone
> spoofing my internal addresses could be accepted as well.
Most large organizations handle it by having two sets of DNS servers. DNS
inside the LAN/WAN directs mail.ourcorp.com to 10.0.0.10 and publicly accessible
DNS servers outside the LAN/WAN directs to, say, 199.247.2.1.
I smaller organizations with less technically-savvy users, I usually have
internal and external users use the same FQDN.
Personally, I think the most important thing is to REQUIRE SSL. And, if doing
that, remember that you may have issues with https://ourmail/exchange not
matching the certificate issued to https://mail.ourcorp.com
- Byron Hynes
- Next message: Mark Randall: "Re: School district and creative way to handle student passwords ?"
- Previous message: Byron Hynes: "Re: School district and creative way to handle student passwords ?"
- In reply to: Marlon Brown: "Is it better let users access webmail with different URL's inside vs. outside ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
