Security Basics mailing list archives
Re: Outlook Anywhere
From: Danny Puckett <dpuckett () comresource com>
Date: Fri, 8 Dec 2006 14:12:23 -0500
If you just need to allow browser based email access then OWA is the quick and easy way to do this. If users need full Outlook functionality (usually for calendering) then you can setup an RPC over HTTPS proxy. Properly configured they are both about the same from a security standpoint. You can never truly trust the remote endpoint as they are out of your control but this is usually a risk most business are willing to accept with proper policies in place requiring end users use anti-virus and such. On Thursday 07 December 2006 10:38 pm, Ahsan Khan wrote:
Do you mean RPC over HTTPS for outlook 2003, if so there is not RPC port open from outside, you only need to open HTTPS and HTTP ports for your OWA servers and you are all set, talk to you Exchange Admins and have them configured OWA access for RPC over HTTP. Regards Ahsan Khan -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of clwsecurity () mistral co uk Sent: Thursday, December 07, 2006 9:36 AM To: security-basics () securityfocus com Subject: Outlook Anywhere Hi My company is thinking of implementing Outlook Anywhere but my boss & I don't think it's totally secure. 1> ATM, we don't allow RPC but from the blurb, we'll need to start allowing. How risky is this? 2> AFAIK, we'll be reliant on the users' AV rather than on the server. AV is on the server but scans nightly and "on read". Please could we have opinions on this. Has anybody else looked into this and decided it's either ok or too risky? All comments gladly received. --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
-- Danny Puckett CISSP, MCSE:Security, Security+, CCNA, CCDA, CCA, CNA Senior Systems Engineer Technical Resource Manager ComResource Inc. 614-221-6348 ext 23 --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Outlook Anywhere clwsecurity (Dec 07)
- RE: Outlook Anywhere Ahsan Khan (Dec 08)
- Re: Outlook Anywhere Danny Puckett (Dec 12)
- RE: Outlook Anywhere Ahsan Khan (Dec 08)