|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jamie Riden (jamie.riden
gmail.com)
Date: Wed Apr 11 2007 - 06:01:25 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 10/04/07, Jason L. Ellison <infotekdatasync.com> wrote:
> List,
>
> I'm currently doing work for a large company as a consultant. Another
> consultant is installing a MS Exchange server and is now requesting for me
> to forward ports on the PIX from the Internet to internal servers.
If they mean a couple of ports like IMAP and POP, then it's not great,
but not such a security risk. If I remember Exchange though, it wants
a huge swathe of ports opened up for goodness knows what. At a
previous workplace, we used to allow 'native' access to Exchange, but
only via our VPN server, not direct to the internet.
Couldn't you suggest using Outlook Web Access, or whatever it's
called? i.e. just open HTTPS through to the internal network. Not
wonderful, but probably better. I assume that's what OWA is intended
for, and it seems to be normal practice.
cheers,
Jamie
--
Jamie Riden, CISSP / jamesreurope.com / jamiehoneynet.org.uk
UK Honeynet Project: http://www.ukhoneynet.org/
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]