Re: Windows XP ICF and Outlook XP

["Wehner, Paul (wehnerpl)" <WEHNERPL () UCMAIL UC EDU>]

Here at the Univ. of Cincinnati we have statically mapped the ports on all
our exchanger servers and haven't experienced and issues.


-----Original Message-----
From: Jason Richardson [mailto:a00jer1 () WPO CSO NIU EDU]
Sent: Friday, May 07, 2004 8:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Windows XP ICF and Outlook XP

Jake, we discovered the same kind of problem with ICF and Groupwise Busy
Search - users could not use busy search with ICF enabled because it didn't
use the same port every time and ICF is not an application based firewall.
I think that XP SP2's ver. of ICF will solve your problem because it can do
more of an application based firewall and you've seen that already with the
machine that you are testing on - it also works with GW busy search.  I
wouldn't worry too much about forcing Exchange to use static ports by
hacking the registry if the process if documented, but it might be more
painless to wait for SP2 which is already a release candidate so it
shouldn't be much longer.

Good luck,

---
Jason Richardson, J.D., CISSP, CISM, CNE Manager, IT Security and Client
Development Enterprise Systems Support Northern Illinois University
Voice: 815-753-1678
Fax: 815-753-2555
jasrich () niu edu

> > > jkbarros () GRACE EDU 5/7/2004 5:12:28 PM >>>
We'd like to start deploying Windows XP using the built in Internet
connection firewall campus wide, but in testing noticed that our Outlook XP
clients are not 'automatically' sending or receiving mail.  When you
manually send/receive or navigate between any folders within the exchange
mailbox, mail flow is fine.  Right now we have Outlook clients set to send /
receive every minute, and that works, but users are complaining.

After reading a post on the Neohapsis archive, we've used TCP view and found
that the Exchange server makes UDP connections with each client when
started.  The problem is that the UDP port(s) it uses are never the same.
Windows ICF isn't configurable to the point of including wildcards, nor can
I set it to except all traffic from a specific host.
At least I don't know a way.

Microsoft sort of acknowledges that it's a problem. Their fix is to change
the Exchange server to only communicate on static ports...
which
makes sense but scares me because it's a registry hack.
http://support.microsoft.com/default.aspx?kbid=270836

Anyone using this configuration? Can I anticipate my Exchange server to
panic if I hack the registry?  Client problems? Has anyone tried it?

Do you even view this as a problem? Is this a legitimate issue or should I
just tell my users to deal?  I want to make security as painless as possible
but I also don't mind telling them that this is just the way that it will
be.

Any advice, technical or interpersonal, would be helpful.



In a semi-related note I have a pre-release of XP sp2 loaded and running on
my desktop and I think it's great.  Includes a built in pop-up blocker in
IE,  the ICF is a BIG step up from sp 1, and it hasn't locked or choked at
all.  Only issue I've seen is the one mentioned above.
Anyone else have input?



Jake Barros
Grace College

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.