For a cheap solution, I would put a second network card in the OWA server and connect that card to a Linksys or Dlink firewall/router (usually about $30 after rebate). You will need to set up port mapping from the outside of the router to ports 80 and 443. I would also set the tcp/ip security on that network card to only allow those ports.
Tom -----Original Message----- From: Erick Thompson [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 2:28 PM To: Exchange Discussions Subject: RE: EX2003 OWA Front End or ISA Publishing for security When this is done, is this "enough" security? I'm looking at setting up OWA, and trying to figure out the best security setup. Money is a huge issue (non-profit org), so I'm looking at 1) Open port 80 to internal Exchange system 2) Open port 443 (SSL) to internal Exchange system 3) Set up a front end server 4) Use ISA publishing Where/how should/could a VPN fit into this? Any other issues I should think about? Thanks, Erick > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > Anthony Sollars > Sent: Tuesday, January 20, 2004 10:58 AM > To: Exchange Discussions > Subject: RE: EX2003 OWA Front End or ISA Publishing for security > > > Yes it sure is, this is the MS best practice. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ken > Cornetet > Sent: Tuesday, January 20, 2004 10:34 AM > To: Exchange Discussions > Subject: RE: EX2003 OWA Front End or ISA Publishing for security > > Yes, publishing OWA through ISA server (standalone, not part of a > domain) is more secure than using a FE server. Last I checked, this is > actually what Microsoft recommends. > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Jean-Francois Bourdeau > Sent: Tuesday, January 20, 2004 1:04 PM > To: Exchange Discussions > Subject: EX2003 OWA Front End or ISA Publishing for security > > > Hi > > I would like to know that most of you think about using ISA to Publish > OWA 2003 instead of having a Front End Server ? > > If we don't have a lot of user and that the only reason we won't a > Front End is for security, I try to convince my customer to user the > ISA they have. > > IF a Front End Server is compromise and a hacker have access to it, do > you agree with me that because that front end server talk to the back > end exchange, it's making life easy for the hacker to access the > internal exchange and internal network ? > > Web Publishing through ISA is a lot more secure I think ? > > Thanks > > JF > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
