Alex Hague wrote:
>
> You don't need to authenticate to the reverse proxy as OWA will do
> all the authentication using NTLM. In the event that a buffer
> overflow vunerability exists in one of the OWA pages you will still
> need to be authenticated to execute the vunerability, thus only
> your users could execute it....
Well, the only problem I'm getting at is the old KISS rule, really.
If you do not authenticate at the reverse proxy, what is the reason
for it? To protect against HTTP and/or SSL layer vulnerabilities in
IIS? (I don't think this is the main problem, really, but I guess
every little bit helps -- I'm just worried about the complexity
increasing disproportionatelly to the security gained)
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
