Security Basics mailing list archives
RPC over HTTPS security risks
From: Tim Hanekamp <thanekamp () gmail com>
Date: Tue, 7 Dec 2004 13:43:44 -0600
We have begun to implement RPC over HTTPS for Exchange 2003 at our corporate office. Before rolling this service out to our users, who then could possibly start using it on their home computers, which could easily be insecured, we are trying to evaluate the possible security threats that this poses. It would seem that if someone were able to own a machine that had this configured on it, it would be fairly easy for them to use the exchange server as a relay for mail and/or completely flood the system with viruses, especially if the computer were infected with a virus. Do you think this would be the case, and, if so, what measures do you think could be taken in order to mitigate this risk. The only thing we could come up with so far was requiring these clients to use digital certificates and only install these certificates on machines that have been inspected and will be used in the proper setting (not that we could ever really be certain of the latter idea). Thoughts?
Current thread:
- RPC over HTTPS security risks Tim Hanekamp (Dec 07)
- RE: RPC over HTTPS security risks James McGee (Dec 08)
- Re: RPC over HTTPS security risks xyberpix (Dec 09)
- <Possible follow-ups>
- RE: RPC over HTTPS security risks adisegna (Dec 08)
- RE: RPC over HTTPS security risks Depp, Dennis M. (Dec 08)