Here's the way I look at it: Imagine that employee X uses Outlook on her machine at home to get access to her mail. Her machine at home is also used by her 12 year old son, who likes to install random files found on the net, including some trojans. If you make her VPN, then unless you are very clever with your firewall rules (and thus hinder usefulness of your VPN), when she VPNs from that machine, it will now be within your corporate network and able to do all kinds of attacks. By replacing that with RPC over HTTP, you keep that from happening. Andy's makes a very important point about the fact that no RPC traffic makes it past the HTTPS server until the outside user has been authenticated. So the key is making sure that you have strong passwords so that the authentication that people are using from the remote machines to the HTTPS server is as tight as you need.
David This postings is provided "AS IS" with no warranties, and confers no rights. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Webb, Andy Sent: Friday, October 03, 2003 1:52 PM To: Exchange Discussions Subject: RE: Exchange 2003 RPC over HTTP Note that ISA server is actually smart about being able to pass the RPC necessary for Exchange and not other malformated RPC traffic if I remember correctly. And you're not opening up RPC to the net, rather https. The RPC traffic originates inside your network after the HTTPS has been authenticated. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Friday, October 03, 2003 12:29 PM To: Exchange Discussions Subject: RE: Exchange 2003 RPC over HTTP The single biggest benefit of RPC over HTTP is that it's a single port. The single biggest problem with RPC over HTTP is that it's a single, well known port. The archives from last month (or maybe a few back) have covered this discussion, but ultimately its not a terribly secure thing. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Bridges, Samantha [mailto:[EMAIL PROTECTED] > Sent: Friday, October 03, 2003 12:24 PM > To: Exchange Discussions > Subject: Exchange 2003 RPC over HTTP > > > Hello All. > > I really think it is neat that Exchange 2003 can do RPC over HTTP, > however, I don't see this being very secure. Especially with the > latest vulnerabilities i.e....Blaster...etc.. > > What is your opinions about this new feature. Will anyone in the > discussion use the RPC over HTTP? If yes, how will you secure it? If > no, why? > > Hoping for some opinions and comments. > > Thank you, > > Samantha Bridges > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
