You can split the OWA and IIS off from Exchange 2K, it doesn't have to be
installed locally.

The IIS server acts as a "front-end" to the exchange server and all POP,
IMAP, and Web access to mail pipes thru this server.
If the server is properly hardened (and more importantly the patches are
kept up to date), then your chance of compromise drops dramatically. You can
also firewall the traffic between the front end IIS and back end Exchange 2K
to limit the options available to an attacker.
Check out Microsoft's site; there is a ton of documentation on this.

Regards

Ric

-----Original Message-----
From: Aaron Zirbes [mailto:ajzcccs.umn.edu]
Sent: Monday, August 13, 2001 4:19 PM
To: Michael Foerster, MIS, IT; 'Andrew Langton';
security-basicssecurityfocus.com; focus-mssecurityfocus.com
Subject: Re: Accessing mail from the web

FYI:

According to the document, it requires IIS to be installed.
That is another door open to the world that he doesn't want to open.

"Outlook Web Access is installed as part of the default setup of Exchange
2000; it requires Windows 2000 and IIS 5.0 to be installed."

-Aaron Zirbes

----- Original Message -----
From: "Michael Foerster, MIS, IT" <michaelfnice.com>
To: "'Andrew Langton'" <andrew.langtonBabcockBrown.com>;
<security-basicssecurityfocus.com>; <focus-mssecurityfocus.com>
Sent: Sunday, August 12, 2001 6:59 PM
Subject: RE: Accessing mail from the web

> Is there any reason for not using Outlook Web Access?
> http://www.microsoft.com/exchange/techinfo/outlook/2000/0WA2000.asp
>
> -----Original Message-----
> From: Andrew Langton [mailto:andrew.langtonBabcockBrown.com]
> Sent: Friday, August 10, 2001 6:31 PM
> To: 'security-basicssecurityfocus.com'; 'focus-mssecurityfocus.com'
> Subject: Accessing mail from the web
>
>
> We have an Exchange server, and are looking to have access to email from
the
> web enabled for our users. Obviously we would rather not have an IIS
server
> in our DMZ...

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]