The big issue is that 99.7%[1] of your users will never put the https at the beginning of the URL, generating about a 100% incident rate amongst the user community.
We publish a single page on port 80 that does an http redirect to the secure page. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. [1] Completely non-scientific WAG > -----Original Message----- > From: Anthony Sollars [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 20, 2004 2:39 PM > To: Exchange Discussions > Subject: RE: EX2003 OWA Front End or ISA Publishing for security > > > Why open port 80? All you need is 443 for exchange OWA > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Erick > Thompson > Sent: Tuesday, January 20, 2004 11:28 AM > To: Exchange Discussions > Subject: RE: EX2003 OWA Front End or ISA Publishing for security > > When this is done, is this "enough" security? I'm looking at > setting up OWA, > and trying to figure out the best security setup. Money is a > huge issue > (non-profit org), so I'm looking at > > 1) Open port 80 to internal Exchange system > 2) Open port 443 (SSL) to internal Exchange system > 3) Set up a front end server > 4) Use ISA publishing > > Where/how should/could a VPN fit into this? Any other issues > I should think > about? > > Thanks, > Erick > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > > Anthony Sollars > > Sent: Tuesday, January 20, 2004 10:58 AM > > To: Exchange Discussions > > Subject: RE: EX2003 OWA Front End or ISA Publishing for security > > > > > > Yes it sure is, this is the MS best practice. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On > Behalf Of Ken > > Cornetet > > Sent: Tuesday, January 20, 2004 10:34 AM > > To: Exchange Discussions > > Subject: RE: EX2003 OWA Front End or ISA Publishing for security > > > > Yes, publishing OWA through ISA server (standalone, not part of a > > domain) is more secure than using a FE server. Last I > checked, this is > > actually what Microsoft recommends. > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Jean-Francois Bourdeau > > Sent: Tuesday, January 20, 2004 1:04 PM > > To: Exchange Discussions > > Subject: EX2003 OWA Front End or ISA Publishing for security > > > > > > Hi > > > > I would like to know that most of you think about using ISA > to Publish > > OWA 2003 instead of having a Front End Server ? > > > > If we don't have a lot of user and that the only reason we > > won't a Front > > End is for security, I try to convince my customer to user > > the ISA they > > have. > > > > IF a Front End Server is compromise and a hacker have > access to it, do > > you agree with me that because that front end server talk > to the back > > end exchange, it's making life easy for the hacker to access the > > internal exchange and internal network ? > > > > Web Publishing through ISA is a lot more secure I think ? > > > > Thanks > > > > JF > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
