Hi Daniel,
If you don't want to go to the trouble of setting up everything on a DMZ (or
if it's too expensive for you or your client) you could go about it like
this.
Open 443 in your firewall to a SSL Relay (eg Apache w/ mod ssl & open ssl).
This means that all traffic passing over a public network / internet is
encrypted, while everything on your private LAN is plain text (you could go
for a SSL session on this side of the conversation as well for extra
security, but it probably isn't worth it). The SSL Relay will also work as
an Application Layer Gateway so that only HTTP can pass through it. The SSL
Relay then talks to the OWA server which talks to the PDC and Exchange
server.
I think that your real security concern is the firewall and how good it is
at it's job. If you already trust that the firewall provides adequate
security then all you have to worry about are application layer exploits.
Application layer exploits are always going to be a fact of life, so keeping
up to date with patches, and new vulnerabilities would have to be a top
priority.
Cheers,
Alex
----------------------------------------------------------------------------
-----------------------------
Go easy on me, I had my mohawk shaved on the weekend....
----------------------------------------------------------------------------
-----------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
