Re: How do folks firewall MS Exchange?

[Mikael Olsson <mikael.olsson () enternet se>]

"Carson, Joe" wrote:
>   If your users need the Outlook Express client, MS Exchange can encapsulate
> IMAP and POP3 within SSL.  I strongly recommend that you research these
> services before implementing them within your security architecture.  I only
> know of there availability, but have not tested them myself.

Running IMAP4 and POP3 over SSL works just fine.
The problem is that it won't allow access to everything needed.
POP3 will only give you access to your immediate inbox.
IMAP4 will give you access to all messages stored in all folders,
including common folders.

Note however that Exchange doesn't release calendar or contact list
information over IMAP4. (And even if it did, you wouldn't be able
to change any of it).

The only two ways to get to the calendar is using the web interface
or connecting directly to the server via NetBIOS.

As I already noted, you do NOT want to allow the latter without
encryption and authentication, and never at all from untrusted
or mobile clients; VPN users would need the same kind of security
as your internal network, or all your firewalls are moot if the
VPN endpoints may be attacked.

-- 
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50           Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se