I know that. That doesn't change the fact that it's a security hole that forces a large aamount of the security hassles onto each and every server rather than being able to focus on the network path leading to those servers.
-------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Eric Holtzclaw [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 07, 2003 1:53 PM > To: Exchange Discussions > Subject: RE: Exchange 2003 RPC over HTTP > > > This feature only works with Outlook 2003. > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 07, 2003 10:42 AM > To: Exchange Discussions > Subject: RE: Exchange 2003 RPC over HTTP > > > Well, that goes back to corporate rules - one cannot install our VPN > client on their home machine. > > Even though there is a gatekeeper in the mix, it is > fundamentally scary > to encapuslate RPC point to point. > > In our environment, all traffic coming off the VPN concentators goes > through a routing segment in which we do traffic analysis/intrusion > detection, as well as using a fairly high level of > authentication prior > to accepting the VPN connection to begin with. > > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: David Lemson [mailto:[EMAIL PROTECTED] > > Sent: Saturday, October 04, 2003 2:35 AM > > To: Exchange Discussions > > Subject: RE: Exchange 2003 RPC over HTTP > > > > > > Here's the way I look at it: > > Imagine that employee X uses Outlook on her machine at home to get > > access to her mail. Her machine at home is also used by her 12 year > > old son, who likes to install random files found on the net, > > including some > > trojans. If you make her VPN, then unless you are very > > clever with your > > firewall rules (and thus hinder usefulness of your VPN), > when she VPNs > > from that machine, it will now be within your corporate > > network and able > > to do all kinds of attacks. By replacing that with RPC > over HTTP, you > > keep that from happening. > > Andy's makes a very important point about the fact that no > RPC traffic > > makes it past the HTTPS server until the outside user has been > > authenticated. So the key is making sure that you have > > strong passwords > > so that the authentication that people are using from the remote > > machines to the HTTPS server is as tight as you need. > > > > David > > This postings is provided "AS IS" with no warranties, and > confers no > > rights. > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Webb, Andy > > Sent: Friday, October 03, 2003 1:52 PM > > To: Exchange Discussions > > Subject: RE: Exchange 2003 RPC over HTTP > > > > Note that ISA server is actually smart about being able to > > pass the RPC > > necessary for Exchange and not other malformated RPC traffic if I > > remember correctly. And you're not opening up RPC to the > net, rather > > https. The RPC traffic originates inside your network > after the HTTPS > > has been authenticated. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Roger > > Seielstad > > Sent: Friday, October 03, 2003 12:29 PM > > To: Exchange Discussions > > Subject: RE: Exchange 2003 RPC over HTTP > > > > The single biggest benefit of RPC over HTTP is that it's a > > single port. > > The single biggest problem with RPC over HTTP is that it's a single, > > well known port. > > > > The archives from last month (or maybe a few back) have > covered this > > discussion, but ultimately its not a terribly secure thing. > > > > -------------------------------------------------------------- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -----Original Message----- > > > From: Bridges, Samantha [mailto:[EMAIL PROTECTED] > > > Sent: Friday, October 03, 2003 12:24 PM > > > To: Exchange Discussions > > > Subject: Exchange 2003 RPC over HTTP > > > > > > > > > Hello All. > > > > > > I really think it is neat that Exchange 2003 can do RPC over HTTP, > > > however, I don't see this being very secure. Especially with the > > > latest vulnerabilities i.e....Blaster...etc.. > > > > > > What is your opinions about this new feature. Will anyone in the > > > discussion use the RPC over HTTP? If yes, how will you > > secure it? If > > > > > no, why? > > > > > > Hoping for some opinions and comments. > > > > > > Thank you, > > > > > > Samantha Bridges > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang=english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]