• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: error in publishing a mail server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> RE: error in publishing a mail server Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: error in publishing a mail server - 25.Jul.2005 4:09:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi nnmmss,

I would first test the following scenario:
1. make sure that the web mail server asks only for Basic authentication or uses a form.
2. make sure that *no* authentication is requested at the incoming web request listener of ISA server.

HTH,
Stefaan

(in reply to nnmmss)
Post #: 21
RE: error in publishing a mail server - 26.Jul.2005 8:34:00 AM   
nnmmss

 

Posts: 96
Joined: 30.Nov.2004
Status: offline
Hi dear stefaan

you helped me alot during this experience. this part was also successful. now i have one question, if set for incoming web request listener of ISA server doesn't need authentication, is it secure? can anonymous users use My ISA server as their proxy server?

Thanks alot

(in reply to nnmmss)
Post #: 22
RE: error in publishing a mail server - 26.Jul.2005 4:38:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi nnmmss,

first of all, if you web publish an internal web server and don't ask for authentication on the ISA level, then any Internet user can access only that published web server. That means they will get the authentication prompt from the Web server.

Nevertheless you can enhance a lot the security. I strongly suggest you upgrade to ISA server 2004 in such a scenario. You can then use:
1. HTTPS bridging or HTTPS to HTTP bridging if the web server don't support HTTPS.
2. pre-authenticate at the ISA level and if succesful then automatically forward the credentials to the Web server so the users need not to authenticate twice.
3. use the HTTP filter to scan the HTTP traffic, even if the outside and inside connection is HTTPS.
4. use an add-on product such as Collective Software FlexAuth from http://www.collectivesoftware.com/ and implement forms based authentication on the outside (just like OWA) to enhance the authentication process.
5. ...

Note: some of the above points can already be implemented with ISA 2000.

HTH,
Stefaan

(in reply to nnmmss)
Post #: 23

Page:   <<   < prev  1 [2] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> RE: error in publishing a mail server Page: <<   < prev  1 [2]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts