Security Basics mailing list archives

RE: OWA security

From: "Beverly Kittens" <beverlykittens () hotmail com>
Date: Tue, 16 Dec 2003 13:42:30 +0000


Thanks Mike

In fact we are using and ISA server.  Proposed config looks like this.

Internet
   |
+------+             +------------------+
| PIX  |-----+----- | OWA Server |
+------+     |       +------------------+
  |           |
  |     +---------------+
  |     | ISA Server |
  |     +---------------+
  |           |
----------------------------+---
internal network      |
                   +----------------------+
                   | Xchange server |
                   +----------------------+

I'm trying to determine if this is a sensible architecture, and I'm stillrather unclear about the function of the ISA server in this context.

On a somewhat related topic: What stops an attacker compromising the webserver then using it to attack an internal system? Port 80 is open from theInternet to the web server, and from the web server to the internal systems.Isn't this a huge security hole?

From: "Michael Dunn" <MDunn () sscincorporated com>
To: "Beverly Kittens" <beverlykittens () hotmail com>
CC: <security-basics () securityfocus com>
Subject: RE: OWA security
Date: Mon, 15 Dec 2003 14:38:40 -0500


Check out isaserver.org.

You may or may not be using ISA server as your firewall, but in eithercase, there are several articles on 'best practices' for securing anIIS/OWA server.

Regards,

-Mike

-----Original Message-----
From: Beverly Kittens [mailto:beverlykittens () hotmail com]
Sent: Monday, December 15, 2003 10:32 AM
To: security-basics () securityfocus com
Subject: OWA security

Hello list

My company is currently implementing OWA to provide users with access to
email from any Internet machine.  I'd like to see the OWA server in a DMZ,
but this is currently up for discussion.  Sometimes operational stuff gets
in the way of security....

Can anyone point me at a paper that describes the security implications of

OWA, particularly the network related issues please. I'd also beinterested

to learn the difference between OWA and POP architecture.

Thank you

_________________________________________________________________
Use MSN Messenger to send music and pics to your friends
http://www.msn.co.uk/messenger


---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------


_________________________________________________________________

It's fast, it's easy and it's free. Get MSN Messenger today!http://www.msn.co.uk/messenger



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

OWA security Beverly Kittens (Dec 15)
- <Possible follow-ups>
- RE: OWA security Michael Dunn (Dec 15)
- RE: OWA security Beverly Kittens (Dec 16)