Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: RH (RHbeulah.org)
Date: Tue Aug 14 2001 - 09:49:16 CDT
You can split the OWA and IIS off from Exchange 2K, it doesn't have to be
The IIS server acts as a "front-end" to the exchange server and all POP,
IMAP, and Web access to mail pipes thru this server.
If the server is properly hardened (and more importantly the patches are
kept up to date), then your chance of compromise drops dramatically. You can
also firewall the traffic between the front end IIS and back end Exchange 2K
to limit the options available to an attacker.
Check out Microsoft's site; there is a ton of documentation on this.
From: Aaron Zirbes [mailto:ajzcccs.umn.edu]
Sent: Monday, August 13, 2001 4:19 PM
To: Michael Foerster, MIS, IT; 'Andrew Langton';
Subject: Re: Accessing mail from the web
According to the document, it requires IIS to be installed.
That is another door open to the world that he doesn't want to open.
"Outlook Web Access is installed as part of the default setup of Exchange
2000; it requires Windows 2000 and IIS 5.0 to be installed."
----- Original Message -----
From: "Michael Foerster, MIS, IT" <michaelfnice.com>
To: "'Andrew Langton'" <andrew.langtonBabcockBrown.com>;
Sent: Sunday, August 12, 2001 6:59 PM
Subject: RE: Accessing mail from the web
> Is there any reason for not using Outlook Web Access?
> -----Original Message-----
> From: Andrew Langton [mailto:andrew.langtonBabcockBrown.com]
> Sent: Friday, August 10, 2001 6:31 PM
> To: 'security-basicssecurityfocus.com'; 'focus-mssecurityfocus.com'
> Subject: Accessing mail from the web
> We have an Exchange server, and are looking to have access to email from
> web enabled for our users. Obviously we would rather not have an IIS
> in our DMZ...