Firewall Wizards mailing list archives
RE: Outlook Web Access - Paranoid?
From: "Paul D. Robertson" <proberts () patriot net>
Date: Thu, 28 Nov 2002 20:12:01 -0500 (EST)
On Thu, 28 Nov 2002, Christopher Lee wrote:
While the number of RPC ports one must open to allow OWA(or any MS DCOM apps) to work is insane, that doesn't mean you have open them manually. Check Point firewall (for example) has the smarts to be able to open them dynamically as needed. This way, unless the intruder is able to forge the same DCOM/RPC communications, the exposure is not all that bad...
While you stop random acts of senseless scanning, the point here is that there's likely to be an attack vector *through* the OWA box- any in-band attack against either IIS or OWA gets the firewall happily opening the ports dynamically- the end result is still a compromised server allowing access to your domain infrastructure. This would be a bad thing in most cases- it's a worse thing when you have historically broken services which don't appear to have been engineered to live in hostile environments. "When an attacker can compromise your mail server, then access your domain controller, that's one degree of separation?" Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Outlook Web Access - Paranoid? Mark L. Evans (Nov 26)
- Re: Outlook Web Access - Paranoid? Paul Robertson (Nov 26)
- Re: Outlook Web Access - Paranoid? Paul D. Robertson (Nov 26)
- <Possible follow-ups>
- RE: Outlook Web Access - Paranoid? Symon Thurlow (Nov 26)
- RE: Outlook Web Access - Paranoid? Steve Evans (Nov 28)
- RE: Outlook Web Access - Paranoid? Paul D. Robertson (Nov 28)
- RE: Outlook Web Access - Paranoid? Frank Knobbe (Nov 28)
- RE: Outlook Web Access - Paranoid? Christopher Lee (Nov 28)
- Re: Outlook Web Access - Paranoid? Mikael Olsson (Nov 28)
- RE: Outlook Web Access - Paranoid? Paul D. Robertson (Nov 28)
- RE: Outlook Web Access - Paranoid? Paul D. Robertson (Nov 28)
- Re: Outlook Web Access - Paranoid? Paul Robertson (Nov 26)