Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Bob Buel (rbuelasd-web.com)
Date: Fri Aug 17 2001 - 14:57:45 CDT
Why don't you dual home your mail server with a NIC in your DMZ, and
limit it to ports (110 and 25)? There's not much damage (anything?) that
can be done with POP access limited this way, as long as there are no
web servers in the same DMZ with it.
Also, perhaps a better alternative would be to put your exchange server
in your DMZ, (since the internal network would be less directly
accessible) but then again, I would be concerned about the account data
and email that could be compromised.....
Just some thoughts!
From: Byron Kennedy [mailto:byronmarkettools.com]
Sent: Friday, August 17, 2001 11:59 AM
To: 'Mark Parry'; Stephen K. Watling; focus-mssecurityfocus.com
Subject: RE: Accessing Exchange 2000 Remotely
Agreed. What about secure-pop (over ssl) until you get the VPN up?
From: Mark Parry [mailto:markfirstworld.net]
Sent: Thursday, August 16, 2001 6:44 PM
To: Stephen K. Watling; focus-mssecurityfocus.com
Subject: Re: Accessing Exchange 2000 Remotely
I think you need a VPN.
----- Original Message -----
From: "Stephen K. Watling" <steve.watlingneumark.com>
Sent: Thursday, August 16, 2001 4:47 PM
Subject: Accessing Exchange 2000 Remotely
We are running a MS Exchange 2000 server behind our firewall. We do not
have any problems with our users accessing it from within our LAN (of
course), however, we do have a number of employees who work remotely, at
least part of the time. In order to accommodate them, we enabled
Outlook Web Access across an SSL connection. Our remote users have
requested that we go a step further and enable POP3 access to the
system. Now, I am against doing this, because I question the security
aspects of this. I have suggested we enable IMAP4 over SSL to allow
remote access. However, our users are sticking to their guns on POP3
access. We are working on implementing VPN access, but due to
logistical constraints, we will not be able to implement it for a few
months. We would like to find an interim solution as soon as possible.
Question: What is the most secure/flexible method of accessing an
Exchange 2000 server from across the Internet? Is there a more secure
option that I just don't see?
Thank you in advance for your assistance,
Neumark Technology Group, Inc.