Firewall Wizards mailing list archives
RE: Outlook Web Access - Paranoid?
From: "Matt Wilbur" <matt () efs org>
Date: Sat, 30 Nov 2002 11:39:58 -0800
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Mark L. Evans Sent: Tuesday, November 26, 2002 10:01 AM To: 'Firewall-Wizards (E-mail) Subject: [fw-wiz] Outlook Web Access - Paranoid?
[snip]
We're trying to come up with the least dangerous method of allowing our users to check their email on MS Exchange. We currently allow them to use POP3 only. Our management would like to use Outlook Web Access. I have followed the issue on several mailing lists. I know it's a bad idea to use Exchange at all but management thinks I am too paranoid on this issue. It seems the best method is a reverse proxy using squid on a DMZ machine and then into the IIS server on the inside over SSL. What are your opinions/suggestions on this issue? Do you have any other methods that are more secure?
Mark, If you just need to give end users access to email and email directory services from the outside, why not use one of the many "webmail" applications out there, all of which need far less access to your internal networks. You could plunk, for example, squirrelmail out on a DMZ system, allow port 143 (IMAP) and port 389 (LDAP) to an exchange server (proxy them if that's appropriate - oh, and enable them in the exchange server), and you'd be in business. End-users would lose a little bit of added "features" OWA would give them, but you'd mitigate so many other issues it would most likely be worth it, even to the "suits". Regards, Matt Wilbur _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Outlook Web Access - Paranoid? Matt Wilbur (Nov 30)
- Re: Outlook Web Access - Paranoid? Devdas Bhagat (Dec 01)
- Re: Outlook Web Access - Paranoid? Mikael Olsson (Dec 01)
- IP/HTTP from the internet to internal network Shimon Silberschlag (Dec 02)
- Re: IP/HTTP from the internet to internal network Paul D. Robertson (Dec 02)
- Message not available
- Re: IP/HTTP from the internet to internal network Dave Piscitello (Dec 04)
- Re: Outlook Web Access - Paranoid? Mikael Olsson (Dec 01)
- Re: Outlook Web Access - Paranoid? Luca Berra (Dec 02)
- Re: Outlook Web Access - Paranoid? Devdas Bhagat (Dec 01)
- <Possible follow-ups>
- RE: Outlook Web Access - Paranoid? Stefan Norberg (Dec 03)
- RE: Outlook Web Access - Paranoid? Joseph Steinberg (Dec 05)