Perhaps, but that's not what he said. Ed
--- Steve Evans <[EMAIL PROTECTED]> wrote: > It doesn't, but it keeps people from reusing > credentials. At least I > believe that's the posters point. > > > Steve Evans > SDSU Foundation > > -----Original Message----- > From: Ed Crowley [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 18, 2003 1:40 PM > To: Exchange Discussions > Subject: RE: OWA front end server - licensing and > security > > I don't see how that would stop key-logging. > > Ed > > --- Greg Marr <[EMAIL PROTECTED]> wrote: > > We have set up our OWA to require two-factor > authentication (SecurID) > > which eliminates any key-logging concerns but this > system is not cheap > > > at approx $300 AU ($160 US) per user. > > > > The upside is that you can use the same system to > authenticate all of > > your remote access users (dial-up, VPN, etc) and > this is the function > > that really allows me to sleep well at night. > > > > I guess that it all depends on how many people are > going to require > > this functionality and of course, your budget..... > > > > Greg > > > > -----Original Message----- > > From: Erick Thompson [mailto:[EMAIL PROTECTED] > > Sent: Thursday, 18 September 2003 10:07 AM > > To: Exchange Discussions > > Subject: RE: OWA front end server - licensing and > security > > > > We talked about this exact scenario. We decided > that given how easy it > > > is to install a key logger, and other malware, on > public systems we > > decided it was too risky. We are planning on using > public folders > > quite heavily with data that we can't risk getting > out. > > Same with the address > > books. > > > > We are trying to figure out a way to give people > access to email only > > from a public terminal. No public folders or > address books. If you > > have any suggestions, that would be great. > > > > Erick > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > Behalf Of Ed Crowley > > > Sent: Wednesday, September 17, 2003 4:40 PM > > > To: Exchange Discussions > > > Subject: RE: OWA front end server - licensing > and > > security > > > > > > > > > ISA is a better solution in a DMZ because it > > doesn't > > > require the plethora of holes in the internal > firewall. > > > > > > > > > http://www.microsoft.com/technet/treeview/default.asp?url=/tec > > hnet/prodtechnol/isa/deploy/isaexch.asp > > > > > > Requiring VPN (your other message) is a good > idea, > > > however, you may be coming back to ISA or some > > other > > > idea when your users demand to be able to get > > e-mail > > > from a coffeehouse kiosk terminal. > > > > > > Ed > > > > > > --- Erick Thompson <[EMAIL PROTECTED]> wrote: > > > > I have to admit to being a little confused, > how > > > > would ISA help, aside from being a proxy? > Which > > > > isn't nothing, but I'm wondering if I'm > missing > > > > something else. > > > > > > > > Thanks, > > > > Erick > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > > [mailto:[EMAIL PROTECTED] > > > > Behalf Of Webb, Andy > > > > > Sent: Wednesday, September 17, 2003 7:04 AM > > > > > To: Exchange Discussions > > > > > Subject: RE: OWA front end server - > licensing > > and > > > > security > > > > > > > > > > > > > > > Don't forget you also have to fully protect > > the > > > > front end server from > > > > > all the other servers on the DMZ from which > it > > is > > > > not isolated. > > > > > > > > > > Those other systems may have been placed on > > the > > > > DMZ in an > > > > > insecure state > > > > > with the thought that if anyone broke them, > > they > > > > would be > > > > > isolated from > > > > > the internal LAN. What happens when you put > > the > > > > FE in the DMZ is you > > > > > break that theory. The DMZ is no longer > > isolated > > > > from the LAN. > > > > > > > > > > You definitely have to secure the FE, but > once > > you > > > > have, why > > > > > not put it > > > > > inside where it is not at risk from > > questionable > > > > systems on the DMZ? > > > > > > > > > > Better to put an ISA server in the DMZ as > was > > > > suggested earlier. > > > > > > > > > > Regarding IPSEC, Exchange 2003 explicitly > > states > > > > that IPSEC is now > > > > > supported between front end and back end. > So > > if > > > > you upgrade, that's > > > > > perhaps an option. Though a lesser one than > > using > > > > ISA imho. > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED] > > On > > > > Behalf Of Leeann > > > > > McCallum > > > > > Sent: Tuesday, September 16, 2003 6:32 PM > > > > > To: Exchange Discussions > > > > > Subject: RE: OWA front end server - > licensing > > and > > > > security > > > > > > > > > > You could throw an OWA front end server in > the > > > > DMZ, put certificate on > > > > > as Ed suggests, and then wrap everything up > in > > an > > > > IPSEC > > > > > packet that goes > > > > > between the front end and backend. Between > > the > > > > client on the net and > > > > > the front end, you would use SSL, so just > open > > > > 443. > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Erick Thompson > === message truncated === __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]