All, We've got a consultant in-house doing an infrastructure review. One of the things he's recommending for security reasons is that instead of doing SSL direct to our single Exchange servers on our production LANs, we should put front-end servers into our DMZ.
I tend to believe that direct SSL (for OWA or RPC/HTTPS) is no less secure than a front-end in a DMZ, but I do confess ignorance, and would like to know more, and have ammunition one way or the other before getting bent out of shape. Where can I find some documents regarding the relative security of these two approaches, and evaluate this for myself before agreeing or disagreeing with him on this? I've been cruising the history of this list, and doing some googling, but can't see a direct discussion of this topic. Thanks, Kurt
