Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Single Exchange/OWA on LAN with Internet Access - a good

From: "Patrick M. Hausen" <hausen () punkt de>
Date: Mon, 21 Nov 2005 15:32:31 +0100 (CET)
Hello!

Stig wrote:


Our MS admins are proposing to implement single OWA/Exchange servers 
on the LAN and allow access directly to the server through the firewall.


IMHO this depends entirely on your definition of "firewall".

If the "firewall" in question is nothing more than a stupid
packet filtering device, then your network will be at a big risk.

If the firewall can do things like control what happens inside
the HTTP traffic for OWA, terminate SSL on the firewall for that
purpose, provide strong token based authentication _before_
the connection even hits your exchange server ... then I'd say
the benefits might outweigh the remaining risk.

Somehow most admins have been brain washed to believe that
"firewalls" are all about "port numbers". IMNSHO they are not.
They are choke points for policy enforcment. And policy includes
much more than just ports.

Regards, HTH,

Patrick M. Hausen
Leiter Netzwerke und Sicherheit
-- 
punkt.de GmbH         Internet - Dienstleistungen - Beratung
Vorholzstr. 25        Tel. 0721 9109 -0 Fax: -100
76137 Karlsruhe       http://punkt.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: