RE: Outlook Anywhere

["Ahsan Khan" <jahilkhan () verizon net>]

Do you mean RPC over HTTPS for outlook 2003, if so there is not RPC port
open from outside, you only need to open HTTPS and HTTP ports for your OWA
servers and you are all set, talk to you Exchange Admins and have them
configured OWA access for RPC over HTTP.

Regards
Ahsan Khan


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of clwsecurity () mistral co uk
Sent: Thursday, December 07, 2006 9:36 AM
To: security-basics () securityfocus com
Subject: Outlook Anywhere

Hi

My company is thinking of implementing Outlook Anywhere but my boss & I
don't think it's totally secure.  

1> ATM, we don't allow RPC but from the blurb, we'll need to start allowing.
How risky is this?

2> AFAIK, we'll be reliant on the users' AV rather than on the server.  AV
is on the server but scans nightly and "on read".  Please could we have
opinions on this.

Has anybody else looked into this and decided it's either ok or too risky?

All comments gladly received.

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------