RE: RPC over HTTP security

["Robert Hines" <b.hines () comcast net>]

Ronish,

As well, if you are running in a server 2003 environment, the machine can
also act as a secure cert server, a CA option exist that force Domain
members to get and use certs. Install certs for IIis HTTPs service, mail
signing/encryption, or make a new one under admin tools/security
policy/ipsecurity policy. The policy manager regarding active directory is
used in this setup. Its seem quite secure, and to work with the Microsoft
suite, if you plan to file encrypt NTFS data, as the admin make sure you use
the CIPHER /R:filename command to generate a key to be installed for a
recovery option prior to any file encryption.

Bob


-----Original Message-----
From: LordInfidel () directionweb com [mailto:LordInfidel () directionweb com] 
Sent: Thursday, January 27, 2005 11:33 AM
To: sf_mail_sbm () yahoo com; security-basics () securityfocus com
Subject: RE: RPC over HTTP security

http://office.microsoft.com/en-us/assistance/HA011402731033.aspx

~tips~
Make sure you use it over https and not http. (use self signed CA certs)
The client side needs to be outlook 2003, previous versions will not
work.

-----Original Message-----
From: sf_mail_sbm () yahoo com [mailto:sf_mail_sbm () yahoo com] 
Sent: Wednesday, January 26, 2005 8:03 AM
To: security-basics () securityfocus com
Subject: RPC over HTTP security



Hi List,
We are thinking about deploying RPC over HTTP to access email from the
Internet

Wanted to get some information on the technology and the security
implications of same

Not much info from Microsoft's site

any help would be greatly apreciated

Thanks,
Ronish