RPC/HTTPS Security Question... (Full Version)

All Forums >> [ISA 2006 Publishing] >> Exchange Publishing



Message


charlieit -> RPC/HTTPS Security Question... (3.Nov.2009 1:18:05 PM)

I have OWA working beautifully using ISA 2006. I also have RPC over HTTPS working for Outlook clients who connect using VPN.

Question: Is it an "acceptable" security practice to allow Outlook clients to connect (using RPC over HTTP) WITHOUT using VPN? I don't feel as if it should be--because the only security OWA really provides is an encrypted username/password (which is what RPC over HTTP is doing)...right?

If it IS an acceptable practice, does anyone know where I can find how to setup ISA to do this?

Thanks,

Charlie




paulo.oliveira -> RE: RPC/HTTPS Security Question... (4.Nov.2009 3:54:20 PM)

Hi,

from my point of view it is a good security, specially when you have ISA in place. Besides the SSL encryption, you still have the advantage of ISA features like pre-authentication and application layer inspection.

On this web site there´s a lot of articles regarding this subject. Or you can take a look at Technet web site also.

Regards,
Paulo Oliveira.




Page: [1]