Firewall Wizards mailing list archives
Re: Outlook Web Access - Paranoid?
From: Luca Berra <bluca () comedia it>
Date: Tue, 03 Dec 2002 01:00:12 +0100
Mikael Olsson wrote: >> I would suggest imaps(993) and ldaps(636). If your webmail client >> doesn't support that, zebeedee or stunnel could help in creating the SSL >> connections. >> No use running plain text all over the place when SSL certificates are >> free. > >> What is the point of running SSL connections from the web server front-end
> to the mail server back-end? >> If the web server gets owned, I would argue that this ADDS exposure, not the other way around.
my guess is that it could help in case another server on the same DMZ segment as the webmail server gets owned, best thing to prevent this issue is to have a single dmz per server as discussed previously on this list.
regards, l. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Outlook Web Access - Paranoid? Matt Wilbur (Nov 30)
- Re: Outlook Web Access - Paranoid? Devdas Bhagat (Dec 01)
- Re: Outlook Web Access - Paranoid? Mikael Olsson (Dec 01)
- IP/HTTP from the internet to internal network Shimon Silberschlag (Dec 02)
- Re: IP/HTTP from the internet to internal network Paul D. Robertson (Dec 02)
- Message not available
- Re: IP/HTTP from the internet to internal network Dave Piscitello (Dec 04)
- Re: Outlook Web Access - Paranoid? Mikael Olsson (Dec 01)
- Re: Outlook Web Access - Paranoid? Luca Berra (Dec 02)
- Re: Outlook Web Access - Paranoid? Devdas Bhagat (Dec 01)
- <Possible follow-ups>
- RE: Outlook Web Access - Paranoid? Stefan Norberg (Dec 03)
- RE: Outlook Web Access - Paranoid? Joseph Steinberg (Dec 05)