: Friday, 19 September 2003 7:02 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
Perhaps, but that's not what he said.
Ed
--- Steve Evans [EMAIL PROTECTED] wrote:
It doesn't, but it keeps people from reusing
credentials. At least I
believe that's
:55
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
I couldn't tell you. Our dialup consists of dialing to what essentially
is a world-wide ISP, then firing up a Nortel VPN client. The Nortel
client is apparently pretty tightly integrated with SecurID - I'm
Intel bought them for next to nothing.
-Original Message-
From: Hurst, Paul [mailto:[EMAIL PROTECTED]
Sent: Monday, September 22, 2003 3:42 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
Yeah,
I remember them in my mainframe days, we used them
-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Ken Cornetet [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2003 5:43 PM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
S!!
Our security folks wanted
4:40 PM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
I don't see how that would stop key-logging.
Ed
--- Greg Marr [EMAIL PROTECTED] wrote:
We have set up our OWA to require two-factor
authentication (SecurID)
which eliminates any key-logging
.
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2003 5:44 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
It doesn't stop key logging per se, but it renders it ineffective.
The SecurID tokens use a three
-
From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2003 10:29 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
Forgive me for arguing, but I believe the time alloted for
guessing that
third factor is even less than
]
Sent: Friday, September 19, 2003 10:01 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
Actually, you've got the system down correctly.
However, the slack time is +/- 1 minute, so you really get 3 minutes per
code
.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Ken Cornetet [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2003 2:21 PM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
I've
is NT 4 SP6a in an NT4 domain.
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2003 11:54 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
It really is a cool system.
We're currently using it for VPN
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
It really is a cool system.
We're currently using it for VPN access and front ending OWA, and we're
playing with it and some Cisco Aironet wireless devices - requiring
SecurID authentication before you get onto
the remote access market, then manage to lose everything
in such a short period of time.
-Original Message-
From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2003 2:23 PM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
Thanks Ken.
-Original Message-
From: Ken Cornetet [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2003 2:55 PM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
I couldn't tell you. Our dialup consists of dialing to what essentially is a
world
: Erick Thompson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 17, 2003 8:07 PM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
We talked about this exact scenario. We decided that given how easy it is to
install a key logger, and other malware, on public
..
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Ken Cornetet [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 17, 2003 5:30 PM
To: Exchange Discussions
Subject: RE: OWA front end server
be great.
Erick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of Ed Crowley
Sent: Wednesday, September 17, 2003 4:40 PM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and
security
ISA is a better solution
.
Greg
-Original Message-
From: Erick Thompson [mailto:[EMAIL PROTECTED]
Sent: Thursday, 18 September 2003 10:07 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and
security
We talked about this exact scenario. We decided that
given how easy
and of course, your budget.
Greg
-Original Message-
From: Erick Thompson [mailto:[EMAIL PROTECTED]
Sent: Thursday, 18 September 2003 10:07 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
We talked about this exact scenario. We decided
]
Sent: Thursday, September 18, 2003 1:40 PM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and
security
I don't see how that would stop key-logging.
Ed
--- Greg Marr [EMAIL PROTECTED] wrote:
We have set up our OWA to require two-factor
authentication
-
From: Erick Thompson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 17 September 2003 11:29 a.m.
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
Ed,
I'm a little confused. You're recommending that I put in a front end server,
but not in the DMZ? It seems to me that I
Discussions
Subject: Re: OWA front end server - licensing and security
Instal a certificate on the front-end server and open
port 443 to the front-end server. Putting a front-end
server in a DMZ requires you to open lots of dangerous
ports through the internal firewall to the Exchange
servers, DCs
just open 443.
-Original Message-
From: Erick Thompson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 17 September 2003 11:29 a.m.
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
Ed,
I'm a little confused. You're recommending that I put in a front end
] On Behalf Of Leeann
McCallum
Sent: Tuesday, September 16, 2003 6:32 PM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
You could throw an OWA front end server in the DMZ, put certificate on
as Ed suggests, and then wrap everything up in an IPSEC packet
We use a Network Appliance NetCache in the DMZ as a reverse proxy SSL
front end. Internet OWA users hit the NetCache with HTTPS, and the
NetCache decrypts and forwards HTTP to a front-end server. Works great,
but was a little pricey.
Also, because OWA likes to send out absolute URLs, there is a
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Fyodorov,
Andrey
Sent: Wednesday, September 17, 2003 6:30 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
IPSec is a nice idea too. But you need to test test test.
Sincerely,
Andrey
, September 17, 2003 7:04 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
Don't forget you also have to fully protect the front end server from
all the other servers on the DMZ from which it is not isolated.
Those other systems may have been placed
missing
something else.
Thanks,
Erick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of Webb, Andy
Sent: Wednesday, September 17, 2003 7:04 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and
security
Don't
: Wednesday, September 17, 2003 4:40 PM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
ISA is a better solution in a DMZ because it doesn't
require the plethora of holes in the internal
firewall.
http://www.microsoft.com/technet/treeview/default.asp?url=/tec
September 2003 10:07 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
We talked about this exact scenario. We decided that given how easy it
is to install a key logger, and other malware, on public systems we
decided it was too risky. We are planning on using public
credentials left behind by one of
your users which is where we happen to draw the line in terms of
functionality/security.
Greg
-Original Message-
From: Greg Marr
Sent: Thursday, 18 September 2003 11:31 AM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
We have
Instal a certificate on the front-end server and open
port 443 to the front-end server. Putting a front-end
server in a DMZ requires you to open lots of dangerous
ports through the internal firewall to the Exchange
servers, DCs and GCs.
Ed
--- Erick Thompson [EMAIL PROTECTED] wrote:
I'm
16, 2003 4:25 PM
To: Exchange Discussions
Subject: Re: OWA front end server - licensing and security
Instal a certificate on the front-end server and open
port 443 to the front-end server. Putting a front-end
server in a DMZ requires you to open lots of dangerous
ports through
To: Exchange Discussions
Subject: Re: OWA front end server - licensing and
security
Instal a certificate on the front-end server and
open
port 443 to the front-end server. Putting a
front-end
server in a DMZ requires you to open lots of
dangerous
ports through the internal firewall
,
Erick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ed Crowley
Sent: Tuesday, September 16, 2003 4:41 PM
To: Exchange Discussions
Subject: RE: OWA front end server - licensing and security
That's exactly what I'm saying. Get the publications
]
[mailto:[EMAIL PROTECTED]
Behalf Of Ed Crowley
Sent: Tuesday, September 16, 2003 4:25 PM
To: Exchange Discussions
Subject: Re: OWA front end server - licensing
and
security
Instal a certificate on the front-end server
and
open
port 443 to the front-end server
35 matches
Mail list logo
