IF its externally available. -----Original Message----- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:48 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open.
The VPNs are gateways but nothing stops them from putting the OWA address in a kiosk browser. -----Original Message----- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. What if I'm at an airport kiosk? If I have access to VPN, I'll probably want to use Outlook. -----Original Message----- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, "Andy David" <[EMAIL PROTECTED]> wrote: > "If it's not ISA, its crap!" > > No SSL? OY. > > I wouldn't bother with a deny list. > > > > -----Original Message----- > From: Stephan Barr [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 17, 2008 3:35 PM > To: MS-Exchange Admin Issues > Subject: Exchange 2000 OWA is open. > > I just picked up a client that has a Windows 2000 environment with > Exchange 2000,everything fully patched and running well. 150 users, > everything is behind Netgear FVS328s WAN wide, there are VPNs to five > remote sites and the domain is WAN wide. Employees occasionally connect > via HTTP to Exchange OWA using Windows Integrated Authentication; no > SSL. > > There is evidence in the Exchange security log that unwanted folks are > trying to gain access via OWA and they want it to stop. I've been > reviewing the IIS log for foreign IPs and adding those to the deny list > but that doesn't seem to do the trick. The customer does have a license > for a second Exchange server. The IIS lockdown tool has not been > executed on the Exchange server. > > What would you recommend to reduce/eliminate OWAs exposure? > > Cheers. > ----- Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~