Educause Security Discussion mailing list archives

Re: Risks of RPC over HTTP

From: Jeff Kell <jeff-kell () UTC EDU>
Date: Wed, 15 Feb 2006 10:54:31 -0500

James H Moore wrote:

- - - -
Our technical infrastructure has "turned it on".  I am left with trying
to find out to see what controls need to be in place.  Best practices,
Opinions, References welcome.


We are using it to facilitate off-campus Outlook "native"/Exchange interaction.  From a security standpoint, it looked 
much more attractive than opening up the 27,362 other ports that native Outlook would otherwise require.

Initially there were some false positives from our IDS related to SSL/PCT exploits, but otherwise no problems [yet].  I 
too would be interested in any 'gotchas' as I haven't digested the details of the underlying protocols.

Jeff Kell, GCIA
IT Security
UT Chattanooga

Current thread:

Risks of RPC over HTTP James H Moore (Feb 15)
- <Possible follow-ups>
- Re: Risks of RPC over HTTP Jeff Kell (Feb 15)
- Re: Risks of RPC over HTTP Chris Green (Feb 15)
- Re: Risks of RPC over HTTP Gary Flynn (Feb 15)