How do users authenticate? What vulnerabilities might that open in your DMZ model? How does the front-end query directory services? Is it different for Exchange5.5 vs 2000?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Muqeem Syed Sent: Monday, July 15, 2002 1:58 AM To: Exchange Discussions Subject: RE: Secure Exchange Web Access What kind of vulnerabilities have u discovered, I would appreciate if you could share that info with the list. DO u have the OWA configured with the SSL or is it on normal port 80, apart from that .. you shall need to stop the server from displaying information that would mention about the OPearating \System of the server. The DMZ method with 2 firewalls is the best method...you call allow access over the SSL to the front end server and filter the traffic thru the second firewall to the backend exchange server. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 11:51 AM To: Exchange Discussions Subject: Secure Exchange Web Access I have recently found vulnerabilities while carrying out penetration tests involving OWA. I need to compile some infomation outlining a secure method of implementing OWA using exchange server in a DMZ with a backend exchange server behind a 2nd firewall. If anybody has info or experience on the above - it would be greatly appreciated. Many Thanks _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
