Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Exchange 2003 SP2 risks

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Exchange 2003 SP2 risks Page: [1]
Login
Message << Older Topic   Newer Topic >>
Exchange 2003 SP2 risks - 31.Jul.2008 3:55:12 PM   
paulo.oliveira

 

Posts: 792
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline 		Hi,

I have a non-web server publish rule allowing https protocol to my exchange 2003 sp2 server. I´m using it as OWA and RPC/HTTPS. It works perfectly!
I´m aware that there´s a mail server publishing rule and is more secure publish it using this type of rule.

I want to know what the security risks using non-web server publishing rule instead of mail´s. Anyone can help me understand?

Regards,
Paulo Oliveira.
Post #: 1
RE: Exchange 2003 SP2 risks - 12.Aug.2008 8:21:18 AM   
paulo.oliveira

 

Posts: 792
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline 		Hi,

no one have any ideas?

Regards,
Paulo Oliveira.

(in reply to paulo.oliveira)
Post #: 2
RE: Exchange 2003 SP2 risks - 13.Aug.2008 8:36:09 AM   
Jason Jones

 

Posts: 2119
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		Hi Paulo,

As an obvious ISA advocate, I am very surprised you run this config as it negates a lot of benefits ISA can provide as a reverse proxy.

At the moment, you may as well be providing access to Exchnage using a simple NAT firewall as ISA is not providing any additional protoection apart from filtering ports to only allow inbound HTTPS.

Some of the key benefits you are losing:

Pre-auth by ISA - no anonymous access to your Exchange servers
Proxied conections - connections are terminated by ISA and then new connections are intiitiated by ISA. Theefore external connections do not "touch" exchange directly and non-HTTP usage cannot be tunnled over HTTPS.
HTTP Filter protection - you can filter to ensure that access is specificaly for Exhcange and limit the use of the HTTP protocol to just allow OWA functionality and not all other HTTP features that are not needed.
etc...

This is just a basic list (becuase I am lazy) but if you read any of the MS material with regard to ISA publishing for Exchange (or Tom's articles) you should be able to add a lot more to that list.

Time to protect you Exchange servers properly I think and start using web publishing!

Cheers

JJ


_____________________________

Jason Jones (MVP)

Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/

Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to paulo.oliveira)
Post #: 3
RE: Exchange 2003 SP2 risks - 13.Aug.2008 11:15:32 AM   
paulo.oliveira

 

Posts: 792
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline 		Hi Jason,

thanks for reply.
For sure I´ll publish my exchange using web publishing rules, just wanted understand the risks of this configuration.

Regards,
Paulo Oliveira.

(in reply to Jason Jones)
Post #: 4
RE: Exchange 2003 SP2 risks - 13.Aug.2008 12:10:55 PM   
Jason Jones

 

Posts: 2119
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		You know it makes sense!

_____________________________

Jason Jones (MVP)

Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/

Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to paulo.oliveira)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Exchange 2003 SP2 risks Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts