Firewall Wizards mailing list archives
OWA and Risk Assesment
From: <kronos () datastreamcowboys net>
Date: Sun, 1 Dec 2002 19:45:52 -0600 (CST)
Having delt with Exchange the OWA portion can be a nightmare to lockdown. I have to admitt when my boss decided to go with Citrix and Win RDP my life got simpler with this issue, Because it ment i only had to have Win RDP and ICA ports open. I wouldnt want to firewall a OWA set up with a IPtables or Netfilter set up. The Checkpoint and the like is the way to go. As for the person who wants in and knows what hes doing this is where risk assessment comes in. If youre a one man shop just selling stuff you dont have the risk of someone wanting your data compared to if you are a R&D lab for a Fourtune 100 company that just developed the next fad. With most security weather it is encryption or firewall people make mistakes. Look at Encryption as a deadbolt lock on your front door of your house. The typical dead bolt has 50 tumblers. This lock is useless if the intruders use a chainsaw and cut a hole in your wall (which happened a few years ago in California). Just because you have the biggest baddest security tool on the market, a minor misconfiguration will have you looking for a new job, with out a good reference. Also look at the life of your data. If it would be detramental if it got out today but inconsequential if it does next week, act according. Besides risk do research.. Believe 10% of the venders and 50% of the "hackers". Go to the "hacker sites" and see what tools they have. If they have a tool for breaking a specific protocol that ups the risk. Another good reason to check out these is to see what may be run aginst your firewall. I dont believe any manufactures claims right away. Without testing, using the tools from "hacker sites" because these are the things that are going to be run aginst your network. sorry for the rant... Adam Graham Datastreamcowboys.net _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- OWA and Risk Assesment kronos (Dec 02)
- Re: OWA and Risk Assesment Achim Dreyer (Dec 02)
- Re: OWA and Risk Assesment Volker Tanger (Dec 02)
- Re: OWA and Risk Assesment David Lang (Dec 02)
- Re: OWA and Risk Assesment Volker Tanger (Dec 02)
- <Possible follow-ups>
- RE: OWA and Risk Assesment Simon Graham (Dec 04)
- RE: OWA and Risk Assesment Eric L Budke (Dec 04)
- RE: OWA and Risk Assesment David Lang (Dec 04)
- Re: OWA and Risk Assesment Achim Dreyer (Dec 02)