I've done this before, and it is actually quite handy. As far as security
is concerned, you are opening up a big hole. I believe that in order to
function properly, the netbios and RPC ports have to be open (verify this)
to connect to the Exchange box (assuming the web server is in a DMZ).
That's a problem (in my mind).
If you must do this, lock down the NT and IIS as much as possible (that
means going well beyond what MS 'recommends' in securing the boxes) and go
through the IIS and Outlook Web Access components file-by-file to determine
minimum required permissions. I know it's not fun (I did it a couple times,
but I can't locate the documentation - new job, move, etc), but you should
really do it.
(In response to possible objections regarding the use of IIS, I think it's
required to setup Outlook Web Access)
-----Original Message-----
From: Mikael Olsson <[EMAIL PROTECTED]>
To: Fiamingo, Frank <[EMAIL PROTECTED]>
Cc: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
Date: Tuesday, February 29, 2000 7:09 PM
Subject: Re: Security of MS Exchange access via the Internet
>
>Uhhh.. This sounds like solving the security problem by wrapping
>another layer of toilet paper around it.
>
>Go with Squid or some other (well written) proxy capable of doing
>reverse proxying and authentication in the proxy. This will solve
>your problem. (No, do NOT use MS Proxy, since that's basically nothing
>more than an extension of IIS.)
>
>"Fiamingo, Frank" wrote:
>> The organization is studying the idea of allowing access the the
corporate
>> Exchange server via the Internet - going through IIS via an SSL
connection
>> first.
>>
>
>--
>Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
>Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
>Mobile: +46 (0)70 248 00 33
>WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
