Educause Security Discussion mailing list archives
Re: Risks of RPC over HTTP
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Wed, 15 Feb 2006 10:54:31 -0500
James H Moore wrote:
- - - - Our technical infrastructure has "turned it on". I am left with trying to find out to see what controls need to be in place. Best practices, Opinions, References welcome.
We are using it to facilitate off-campus Outlook "native"/Exchange interaction. From a security standpoint, it looked much more attractive than opening up the 27,362 other ports that native Outlook would otherwise require. Initially there were some false positives from our IDS related to SSL/PCT exploits, but otherwise no problems [yet]. I too would be interested in any 'gotchas' as I haven't digested the details of the underlying protocols. Jeff Kell, GCIA IT Security UT Chattanooga
Current thread:
- Risks of RPC over HTTP James H Moore (Feb 15)
- <Possible follow-ups>
- Re: Risks of RPC over HTTP Jeff Kell (Feb 15)
- Re: Risks of RPC over HTTP Chris Green (Feb 15)
- Re: Risks of RPC over HTTP Gary Flynn (Feb 15)