Security Basics mailing list archives
RE: Exchange Server and External Access
From: "Nero, Nick" <Nick.Nero () disney com>
Date: Mon, 25 Aug 2003 15:21:52 -0400
VPNS are bad to use for mail. As people are finding out this week, it exposes way too many ports (TCP 135 particulary) just so you can make native calls to the mail server. Web mail is a much better solution (OWA for 2000 is very good and OWA for Exchange 2003 is almost exactly as full featured as the Outlook 2003 client) for security reasons. Add the benefit that no company information actually leaves the box and the solution really shines. A workstation/laptop that is used for VPN has to be as secure as an internal machine. So after apply your Windows 2000 GPO's, A-V updates, service patches and hotfixes, the TCO of the solution gets out of control. Unless someone just HAD to have native port access to an app server, I would stay away from VPN. Go for Term.Services/Citrix before you go there. Nick Nero CISSP The Walt Disney Company -----Original Message----- From: Nick Duda [mailto:nduda () VistaPrint com] Sent: Monday, August 25, 2003 12:23 PM To: jsansi () ritzfoodservice com; Cherian M. Palayoor; security-basics () securityfocus com Subject: RE: Exchange Server and External Access The reason why we didn't do that in my location was ease of connectivity. Principals and executives like to just pop open a browser and get email. Adding them to the corporate vpn would require vpn software installs..etc. Not to mention all the different hotels during traveling tend to block a lot of vpn traffic. - Nick -----Original Message----- From: Jimmy Sansi [mailto:jsansi () ritzfoodservice com] Sent: Friday, August 22, 2003 5:09 PM To: 'Cherian M. Palayoor'; security-basics () securityfocus com Subject: RE: Exchange Server and External Access Why not configure a VPN into the network. Easier then setting up another server in the DMZ, plus users can have access to other network resources as well. -Jimmy -----Original Message----- From: Cherian M. Palayoor [mailto:cpalayoor () cwalkergroup com] Sent: Friday, August 22, 2003 12:11 PM To: security-basics () securityfocus com Subject: Exchange Server and External Access Hi, We presently use the Std edition of Exchange 2000 as a mail server for our internal users, behind the Firewall. However we would like to grant mailbox access to external users outside the Firewall. What would be the most secure and efficient method of accomplishing this. One stream of thought that I have been entertaining is having a separate Exchange/Mail Server on the DMZ. Now this solution would result in having to maintain 2 separate mailboxes for internal and external users. This creates problems for users who would access their emails from both inside and outside the office. How can I workaround this problem. Thanks in advance for any suggestions. Regards CP Scanned by Webshield E250 ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- RE: Exchange Server and External Access, (continued)
- RE: Exchange Server and External Access Nick Duda (Aug 25)
- RE: Exchange Server and External Access Nick Duda (Aug 25)
- RE: Exchange Server and External Access McGill, Lachlan (Aug 25)
- RE: Exchange Server and External Access Nick Duda (Aug 26)
- Re: Exchange Server and External Access salgak (Aug 26)
- RE: FW: Exchange Server and External Access Cherian M. Palayoor (Aug 26)
- Re: FW: Exchange Server and External Access Gabriel Orozco (Aug 26)
- RE: Exchange Server and External Access Hay, Duane (Aug 26)
- RE: Exchange Server and External Access Aditya [Aditya Lalit Desgmukh] (Aug 27)
- Re: Exchange Server and External Access Valery Baranov (Aug 26)
- RE: Exchange Server and External Access Nero, Nick (Aug 26)
- RE: FW: Exchange Server and External Access Cherian M. Palayoor (Aug 26)
- Re: FW: Exchange Server and External Access Gabriel Orozco (Aug 27)
- RE: FW: Exchange Server and External Access Cherian M. Palayoor (Aug 27)
- Re: FW: Exchange Server and External Access some guy (Aug 27)