RE: How do folks firewall MS Exchange?

["Noller, Gregory" <Noller2G () kochind com>]

We are testing OWA.

We have our Internet based clients point their browser at an IP address that
the Raptor firewall aliases into our DMZ which has a dual homed host running
OWA.  That box has certain access through a screening router into our
Exchange server.

We use SSL/port 443 (only open port 443 between red IP of firewall and OWA).
Tests so far indicate that it works fine.

We sniffed a complete transaction and could gather no data as to username
and password.


What do you all think?

 <<Image1.jpg>> 

Gregory Noller
Network Security Technologist
Koch Industries, Inc.
(316) 828-7725
(316) 214-7057 (Cellular)

        To report a computer security incident or learn about a suspected
virus, call our 24 hour Computer Incident Response Team at (800) 577-2862
(828-5672 in Wichita).  You can also E-Mail us at CIRT () kochind com.

On Tuesday,October 12,1999 8:33 PM, Bill Pennington
[SMTP:bpennington () lucidnetworks com] wrote:
> One thing you might want to look at is Outlook Web Access (OWA). It allows
> access to Exchange via a web interface (duh). I played around with it a
bit
> but that was a while ago so my memory is a bit fuzzy. I believe you can
> install the Web access piece on the Exchange server or a separate box. I
> think the problem you might be running into is that Exchange use RPC for a
> lot of its communication. I am a little brain dead right now (been writing
> Openview docs all day....yeech) but I think the OWA piece would work well
> for you. If I recall correctly you can use SSL to encrypt the traffic if
you
> so desire. You can get all the info you want off of M$ web site. This
> solution sidesteps the issue somewhat but I think the end result will work
> well.
>
> If you find another approach I would be interested in hearing about it.
>
> Bill Pennington
> Consultant
> Lucid NetworX
>
>
> ----- Original Message -----
> From: Dan Schlitt <schlitt () world std com>
> To: <firewall-wizards () nfr net>
> Sent: Thursday, October 07, 1999 12:37 PM
> Subject: How do folks firewall MS Exchange?
>
>
> > How do folks work access to an MS Exchange server through a firewall?
> >
> > We are under pressure to install MS Exchange in our mixed unix/NT
> > environment and allow access from outside our local network.
> >
> > I checked the archives and didn't find anything that helped me.
> >
> > Currently we limit outside access from the Internet to ssh to a unix
host.
> > Port forwarding makes it possible to do all of the things that have been
> > required in the past. But now the folks on the sales side of the company
> > want to have MS Exchange installed so they can use its calendaring and
> > other functions.
> >
> > We have attempted to use the port forwarding to make exchange work and
we
> > have also tried Lotus Notes. No luck. Maybe we have missed something.
This
> > would be our preferred approach.
> >
> > So we are now looking for a firewall solution to this problem. Have any
of
> > you our there encountered this problem. How did you solve it?
> >
> > Thanks.
> >
> > /dan
> >
> > --
> >
> > Dan Schlitt
> > schlitt () world std com