RE: (no subject)

["Nieveler, Juergen" <Juergen.Nieveler () akzonobeldeco de>]

> OWA and IIS haven't exactly had the best record.  Add in password 
> guessing and a pipe in to an AD or DC, and the upsides don't 
> look all that  attractive to me.  Now, if you're talking about a VPN'd 
> segment off the DMZ, you could perhaps minimize the risk, but I don't
think 
> I'd advise my  closest competitor to field OWA on their DMZ as a strategy 
> without some  more serious and direct protection.

As I might face a similar situation soon, how about this scenario:

Put the OWA in the LAN, and a reverse Proxy (Squid prefered, but ISA-server
if necessary) in the DMZ?

After all, OWA should only need port 80 and/or 443, shouldn't it?

-- 
Mit freundlichen Gru?en / Yours sincerely
Juergen Nieveler
Akzo Nobel Deco GmbH
IT / Netzwerk & Systeme
eMail: Juergen.Nieveler () AkzoNobelDeco de

Disclaimer: Views are mine, not my employers' 
--
-------------> IMPORTANT <---------------- 
This message, including attachments, is confidential and may be privileged.
If you are not an intended recipient, please notify the sender then delete
and destroy the original message and all copies. You should not copy,
forward and/or disclose this message, in whole or in part, without
permission of the sender.

Diese Nachricht, einschliesslich anhaengender Dateien, ist persoenlich und
kann vertraulich sein. Wenn Sie diese Nachricht irrtuemlich erhalten,
benachrichtigen Sie bitte den Absender und loeschen Sie bitte die
Originalnachricht und alle Kopien. Sie sollten die Nachricht ohne die
Zustimmung des Absenders weder ganz noch teilweise  kopieren, weiterleiten
oder sonstwie weiterverbreiten.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards