This feature only works with Outlook 2003. -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 10:42 AM To: Exchange Discussions Subject: RE: Exchange 2003 RPC over HTTP
Well, that goes back to corporate rules - one cannot install our VPN client on their home machine. Even though there is a gatekeeper in the mix, it is fundamentally scary to encapuslate RPC point to point. In our environment, all traffic coming off the VPN concentators goes through a routing segment in which we do traffic analysis/intrusion detection, as well as using a fairly high level of authentication prior to accepting the VPN connection to begin with. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: David Lemson [mailto:[EMAIL PROTECTED] > Sent: Saturday, October 04, 2003 2:35 AM > To: Exchange Discussions > Subject: RE: Exchange 2003 RPC over HTTP > > > Here's the way I look at it: > Imagine that employee X uses Outlook on her machine at home to get > access to her mail. Her machine at home is also used by her 12 year > old son, who likes to install random files found on the net, > including some > trojans. If you make her VPN, then unless you are very > clever with your > firewall rules (and thus hinder usefulness of your VPN), when she VPNs > from that machine, it will now be within your corporate > network and able > to do all kinds of attacks. By replacing that with RPC over HTTP, you > keep that from happening. > Andy's makes a very important point about the fact that no RPC traffic > makes it past the HTTPS server until the outside user has been > authenticated. So the key is making sure that you have > strong passwords > so that the authentication that people are using from the remote > machines to the HTTPS server is as tight as you need. > > David > This postings is provided "AS IS" with no warranties, and confers no > rights. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Webb, Andy > Sent: Friday, October 03, 2003 1:52 PM > To: Exchange Discussions > Subject: RE: Exchange 2003 RPC over HTTP > > Note that ISA server is actually smart about being able to > pass the RPC > necessary for Exchange and not other malformated RPC traffic if I > remember correctly. And you're not opening up RPC to the net, rather > https. The RPC traffic originates inside your network after the HTTPS > has been authenticated. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Roger > Seielstad > Sent: Friday, October 03, 2003 12:29 PM > To: Exchange Discussions > Subject: RE: Exchange 2003 RPC over HTTP > > The single biggest benefit of RPC over HTTP is that it's a > single port. > The single biggest problem with RPC over HTTP is that it's a single, > well known port. > > The archives from last month (or maybe a few back) have covered this > discussion, but ultimately its not a terribly secure thing. > > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Bridges, Samantha [mailto:[EMAIL PROTECTED] > > Sent: Friday, October 03, 2003 12:24 PM > > To: Exchange Discussions > > Subject: Exchange 2003 RPC over HTTP > > > > > > Hello All. > > > > I really think it is neat that Exchange 2003 can do RPC over HTTP, > > however, I don't see this being very secure. Especially with the > > latest vulnerabilities i.e....Blaster...etc.. > > > > What is your opinions about this new feature. Will anyone in the > > discussion use the RPC over HTTP? If yes, how will you > secure it? If > > > no, why? > > > > Hoping for some opinions and comments. > > > > Thank you, > > > > Samantha Bridges > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]