The underlying issue, however, is that you're passing a fundamentally untrustworthy protocol (RPC) over a significantly more trusted[1] protocol (http/https).
This is simply an issue of obfuscating the real network traffic to get around some significant shortcomings of the RPC protocol. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. [1] Not that HTTP is any more trustworthy. It is, however, less promiscuous as a protocol - it has a smaller footprint of what it can and can't do. > -----Original Message----- > From: Webb, Andy [mailto:[EMAIL PROTECTED] > Sent: Friday, October 03, 2003 4:52 PM > To: Exchange Discussions > Subject: RE: Exchange 2003 RPC over HTTP > > > Note that ISA server is actually smart about being able to > pass the RPC > necessary for Exchange and not other malformated RPC traffic if I > remember correctly. And you're not opening up RPC to the net, rather > https. The RPC traffic originates inside your network after the HTTPS > has been authenticated. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Roger > Seielstad > Sent: Friday, October 03, 2003 12:29 PM > To: Exchange Discussions > Subject: RE: Exchange 2003 RPC over HTTP > > The single biggest benefit of RPC over HTTP is that it's a > single port. > The single biggest problem with RPC over HTTP is that it's a single, > well known port. > > The archives from last month (or maybe a few back) have covered this > discussion, but ultimately its not a terribly secure thing. > > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Bridges, Samantha [mailto:[EMAIL PROTECTED] > > Sent: Friday, October 03, 2003 12:24 PM > > To: Exchange Discussions > > Subject: Exchange 2003 RPC over HTTP > > > > > > Hello All. > > > > I really think it is neat that Exchange 2003 can do RPC over HTTP, > > however, I don't see this being very secure. Especially with the > > latest vulnerabilities i.e....Blaster...etc.. > > > > What is your opinions about this new feature. Will anyone in the > > discussion use the RPC over HTTP? If yes, how will you > secure it? If > > > no, why? > > > > Hoping for some opinions and comments. > > > > Thank you, > > > > Samantha Bridges > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
