Firewall Wizards mailing list archives
Re: Outlook Web Access - Paranoid?
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Fri, 29 Nov 2002 01:08:19 +0100
Christopher Lee wrote:
While the number of RPC ports one must open to allow OWA(or any MS DCOM apps) to work is insane, that doesn't mean you have open them manually. Check Point firewall (for example) has the smarts to be able to open them dynamically as needed. This way, unless the intruder is able to forge the same DCOM/RPC communications, the exposure is not all that bad...
Ah, yes, and such mechanisms are of course entirely impossible to fool into opening up arbitrary ports of the attacker's choice. </sarcasm> Fortunately, the set of RPC ports used can be reduced. And, quite frankly, if I have to do RPC through a firewall (yuck, argh, ptooiiee), I'd rather have a manageable small set of static holes open than some Black Magic figuring it out for me. More info about this at: http://support.microsoft.com/default.aspx?scid=KB;en-us;q154596 "HOWTO: Configure RPC Dynamic Port Allocation to Work with Firewall" -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Outlook Web Access - Paranoid? Mark L. Evans (Nov 26)
- Re: Outlook Web Access - Paranoid? Paul Robertson (Nov 26)
- Re: Outlook Web Access - Paranoid? Paul D. Robertson (Nov 26)
- <Possible follow-ups>
- RE: Outlook Web Access - Paranoid? Symon Thurlow (Nov 26)
- RE: Outlook Web Access - Paranoid? Steve Evans (Nov 28)
- RE: Outlook Web Access - Paranoid? Paul D. Robertson (Nov 28)
- RE: Outlook Web Access - Paranoid? Frank Knobbe (Nov 28)
- RE: Outlook Web Access - Paranoid? Christopher Lee (Nov 28)
- Re: Outlook Web Access - Paranoid? Mikael Olsson (Nov 28)
- RE: Outlook Web Access - Paranoid? Paul D. Robertson (Nov 28)
- RE: Outlook Web Access - Paranoid? Paul D. Robertson (Nov 28)
- Re: Outlook Web Access - Paranoid? Paul Robertson (Nov 26)