RE: RPC over 80

["Depp, Dennis M." <deppdm () ornl gov>]

First you want to run this over https, port 443 not http port 80.  The
disadvantage is your exchange servers and domain controllers need to be
running Windows 2003.  Your clients all need to be Windows XP SP1 (w/ a
hotfix) or SP2 and have Office 2003.  If you are using username and
password to get into your VPN, the security is comparable.  RCP over
http(s) does not allow for any two factor authentication (one time
passwords or smart cards)  Also I don't think there is any type of
inactivity disconnect with RPC over http(s).  Advantages is it is much
easier on the end user.  Often all people need from the internal network
is access to email.

Denny

-----Original Message-----
From: Corey Watts-Jones [mailto:cwattsjones () rogers com] 
Sent: Thursday, July 14, 2005 9:50 AM
To: security-basics () securityfocus com
Subject: RPC over 80

G'day list,

Just to grab some opinions from the list, we're trying to cut our usage
of
VPNs down for a lot of our clients as password management seems to be an
issue for a lot of our users (shocker, eh?). So, a suggested alternative
for
users that just need access to their Exchange accounts has been RPC over
80,
to allow them to use their full outlook clients instead of OWA.

Any advantages, disadvantages or known problems with this?

Thanks in advance!

Corey Watts-Jones
BIT Incorp. 
Network Technician