Firewall Wizards mailing list archives
RE: (no subject)
From: "Paul D. Robertson" <proberts () patriot net>
Date: Tue, 26 Nov 2002 08:01:00 -0500 (EST)
On Tue, 26 Nov 2002, Nieveler, Juergen wrote:
As I might face a similar situation soon, how about this scenario: Put the OWA in the LAN, and a reverse Proxy (Squid prefered, but ISA-server if necessary) in the DMZ? After all, OWA should only need port 80 and/or 443, shouldn't it?
I'm completely against letting external users on to the internal network. Since most proxies don't do significant data inspection, and since most IIS and OWA issues in the past have been in-band attacks, I probably wouldn't go this route. Something that requires strong authentication, such as a VPN server, and some form of compartmentalization is a good thing. If I had to do it though, I'd choose different components- both because they wouldn't need to be hooked into my core infrastructre quite as well, and because I could then use an authentication infrastructure that had to do with a single e-mail account, and not every resource that particular user has access to. I think OWA has *way* too much baggage associated with it on the server, requires too much trust into the authentication infrastructure, and is too difficult to protect. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- (no subject) LazloCarreidas (Nov 06)
- <Possible follow-ups>
- Re: (no subject) broyds (Nov 06)
- (no subject) Dean Pullen (Nov 22)
- Re: (no subject) Skip Frizzell (Nov 22)
- Message not available
- Re: (no subject) Skip Frizzell (Nov 24)
- Re: (no subject) Skip Frizzell (Nov 22)
- Re: (no subject) Paul D. Robertson (Nov 24)
- RE: (no subject) Noonan, Wesley (Nov 22)
- RE: (no subject) Don Goldstein (Nov 25)
- RE: (no subject) Paul Robertson (Nov 25)
- RE: (no subject) Nieveler, Juergen (Nov 26)
- RE: (no subject) Paul D. Robertson (Nov 26)