Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Frank Knobbe (FKnobbeKnobbeITS.com)
Date: Tue Aug 14 2001 - 09:42:52 CDT
-----BEGIN PGP SIGNED MESSAGE-----
> -----Original Message-----
> From: Aaron Zirbes [mailto:ajzcccs.umn.edu]
> Sent: Monday, August 13, 2001 3:19 PM
> According to the document, it requires IIS to be installed.
> That is another door open to the world that he doesn't want to
> "Outlook Web Access is installed as part of the default setup
> of Exchange
> 2000; it requires Windows 2000 and IIS 5.0 to be installed."
Then close the door. If the system is a) properly hardened, b) behind
a stateful firewall in the DMZ (i.e. third NIC), c) access to web
pages requires authentication, d) using SSL certificate, e)
controlled access to Exchange server (read: fixed ports), then I
think the level of risk should be in the 'acceptable' realm.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.
-----END PGP SIGNATURE-----