Security Basics mailing list archives

RE: Exchange Server and External Access

From: Joey Peloquin <jpelo1 () jcpenney com>
Date: Mon, 25 Aug 2003 10:17:50 -0500

Implementing OWA has already been suggested, but I would take it a step
further and set up a reverse proxy.  Have a look at this paper:
http://www.giac.org/practical/Mattison_Ward_GSEC.rtf

-- -
Joey Peloquin
Technical Specialist
JCPenney Internet Store
http://www.jcpenney.com



-----Original Message-----
From: Cherian M. Palayoor [mailto:cpalayoor () cwalkergroup com] 
Sent: Friday, August 22, 2003 12:26 PM
To: security-basics () securityfocus com
Subject: Exchange Server and External Access


Hi,

We presently use the Std edition of Exchange 2000 as a mail server for
our internal users, behind the Firewall.

However we would like to grant mailbox access to external users outside
the Firewall.

What would be the most secure and efficient method of accomplishing
this. 

One stream of thought that I have been entertaining is having a separate
Exchange/Mail  Server on the DMZ.

Now this solution would result in having to maintain 2 separate
mailboxes for internal and external users. This creates problems for
users who would access their emails from both inside and outside the
office.

How can I workaround this problem.

Thanks in advance for any suggestions.

Regards

CP


 Scanned by Webshield E250



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

Exchange Server and External Access Cherian M. Palayoor (Aug 22)
- Re: Exchange Server and External Access Moti Levy (Aug 22)
- Re: Exchange Server and External Access Moti Levy (Aug 25)
- Re: Exchange Server and External Access Moti Levy (Aug 25)
- RE: Exchange Server and External Access Jimmy Sansi (Aug 25)
- RE: Exchange Server and External Access Rick Kingslan (Aug 25)
  - RE: Exchange Server and External Access mobile (Aug 26)
- RE: Exchange Server and External Access Joey Peloquin (Aug 25)
- Re: Exchange Server and External Access chort (Aug 25)
- <Possible follow-ups>
- RE: Exchange Server and External Access Rubottom, Karl (Aug 22)
- Re: Exchange Server and External Access salgak (Aug 22)
- Re: Exchange Server and External Access Tony (Aug 22)
- FW: Exchange Server and External Access Cherian M. Palayoor (Aug 25)
  - Re: FW: Exchange Server and External Access chort (Aug 26)
- RE: Exchange Server and External Access Depp, Dennis M. (Aug 25)
- RE: Exchange Server and External Access Gregory M. Brown (Aug 25)
- RE: Exchange Server and External Access Nick Duda (Aug 25)
- RE: Exchange Server and External Access Nick Duda (Aug 25)

(Thread continues...)