It is common among crackers that this is the type of attitude in admins that
they look for. Crackers have only time to deal with. And when they find such
unsecured servers, it was all worth it. You as the admin are always in the
battle between ease of use, functionality and security, as noted in the book
"Hackers Beware". The former is his enemy but your goal. Which brings me to
a silly question:
Are crackers job security?

-----Original Message-----
From: Evan Mann [mailto:emannquestinc.org]
Sent: Saturday, January 05, 2002 10:24 AM
To: 'Ogle Ron (Rennes) '; Evan Mann; ''focus-mssecurityfocus.com' '
Subject: RE: Securing OWA w/SSL on IIS5.0

Unfortunately, I am not at the luxury of taking the time or resources to do
things like you suggest. People always come up with some form of idea that
entails using Linux as the cheap route, but this also means one needs to
learn how to do these things in Linux, or go with a route that requires
spending money. In the end, it's just not worth it given the circumstance
and resources available. Some people may call you a bad admin for not doin
everything possible to make your OWA box as secure as possible, but when you
evaluate the use of the system, and the security measures you currently
have, it sometimes cones down the fact that it is simply not worth the
effort.

-----Original Message-----
From: Ogle Ron (Rennes)
To: 'Evan Mann'; 'focus-mssecurityfocus.com'
Sent: 1/4/2002 8:07 PM
Subject: RE: Securing OWA w/SSL on IIS5.0

I've looked at this issue myself for my organization. You have some
security issues that you have to solve. First SSL by itself doesn't
solve
completely your issues. With your current setup, you have some big
problems, you have IIS directly connected to the Internet and you can't
trust the client.

<---snipped-->

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]