What kind of trust do you propose creating? Two way is a bad idea. One-way
with the DMZ box as the trusted domain is a bad idea, and one-way with the
internal domain as the trusted domain gets you nothing that I can see
offhand.

-----Original Message-----
From: Ondrej Gug [mailto:ondrej.duchonDEBIS.CZ]
Sent: Tuesday, April 24, 2001 2:09 AM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Re: Outlook Web Access

Hi,

put the exchange server to the DMZ and make new domain , don't use same
account like inside, open 80 and 443 ports foroutside. Make trust between
your new domain and your exchange server domain. After it close all ports
between OWA to your LAN except TCP>80,135,139, and four ports above 1024,
and UDP>137,138. There will be some errors like userenv, but OWA is able to
autentificate user from domain inside.

ps>aplly all patches on IIS , have nice day there is about 15 patches with
restart after SP 1 .

Ondrej

-----Original Message-----
From: Steven Bonici [ mailto:sboniciGROUPEA.COM
<mailto:sboniciGROUPEA.COM> ]
Sent: Friday, 20 April 2001 3:21 AM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Outlook Web Access

We are currently looking into turning on OWA in Exchange (v5.5) and I am
wondering what issues/concerns there are in doing this? Are there any
firewall issues that I need to be concerned with? Is there any checklists
available to help guide? Someone did mention to me that I may want to use
IPSec to secure the connection, is this something that should be
implemented? I would appreciate any thoughts anyone may have.

Thanks in advance - Steven

======================================================================
This email message has been swept by MIMEsweeper.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]