Have you looked at what ports and what machines your OWA server in the DMZ has to communicate with on the internal LAN? Unless you have some good IDS software and security skills, I don't believe that OWA in a DMZ alone meets your desired objective.
> -----Original Message----- > From: Anthony L. Sollars [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 16, 2002 1:29 PM > To: Exchange Discussions > Subject: RE: OWA Setup on a different machine on XCH2000 SP2 > > I am designing this exact system, but my plan is to use a front end > exchange > server on the intranet and a back-end OWA web server on the internet > segmented in a DMZ. If this box does get compromised I don't want it > having > free access to the rest of my intranet. > > Do I have to have Enterprise edition Exch2k to have my OWA on a separate > server? > > -TOny > > -----Original Message----- > From: Ed Crowley [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 16, 2002 9:59 AM > To: Exchange Discussions > Subject: RE: OWA Setup on a different machine on XCH2000 SP2 > > The advantage of deploying a front-end server is that your mailbox > server isn't touched directly by an Internet user. That is, you can > configure your firewall to allow HTTPS only to the OWA server. It's not > a huge security benefit, in my opinion, but it might make you sleep > better. I agree with leaving the front-end server in the intranet and > allowing HTTPS (SSL) only from the Internet. > > Ed Crowley MCSE+Internet MVP kcCC+I > Tech Consultant > hp Services > Protecting the world from PSTs and Bricked Backups! > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Jeffrey Dubyn > Sent: Tuesday, July 16, 2002 2:24 AM > To: Exchange Discussions > Subject: RE: OWA Setup on a different machine on XCH2000 SP2 > > > Just curious - isn't the fact that OWA is being used at all mean that > the box is exposed to the Internet, even if it's NAT'ed behind a > firewall? The idea is to use this via the Internet, not an Intranet. > Thanks! > > Jeff > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Crowley > Sent: Monday, July 15, 2002 11:37 PM > To: Exchange Discussions > Subject: RE: OWA Setup on a different machine on XCH2000 SP2 > > > I don't think there are any security benefits unless you're going to > expose it to the Internet. > > Ed Crowley MCSE+Internet MVP kcCC+I > Tech Consultant > hp Services > Protecting the world from PSTs and Bricked Backups! > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Jeffrey Dubyn > Sent: Monday, July 15, 2002 5:18 PM > To: Exchange Discussions > Cc: 'Michael A. Brown'; Stan Martin > Subject: OWA Setup on a different machine on XCH2000 SP2 > > > We are looking to configure OWA for use with our lone Exchange 2000 > server (SP2). Are there any security benefits to configuring this on a > different machine than the Exchange server? Also, do we need to have > the Enterprise Edition of Exchange 2000 and configure it as a front-end > server to do this? > > Thanks! > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
