Would a PPTP VPN to accomplish this?
This would require a single pair of holes in the wall,
one for 1723/tcp to support connection setup
one for gre protocol to support connection data
>Since i got the wonderfull incumbency of setting up a secure webmail
>for my org, i've been thinking how this "free-webmail-service people"
>design their sites... The problem is we need to implement it using
>"outlook-web", "pdc" and "exchange". Considering the way they
>communicate, it seems to microsoft God has made the world flat.
>But then came firewalls and firewalls divided "outlook-web" from
>"pdc and exchange", and they were never more able to talk without a
>big hole between our external and internal nets.
>
>The first alternative was reverse-proxying the connection to our
>internal net, where outlook-web, pdc and exchange all live.
>If someone exploits outlook-web, he gets the internal net, thats
>exactly what we're trying to avoid.
>
>The sec alternative was DMZing the outlook-web. But still we got the
>[135,137,138,139,1024-65535] tcp/udp hole pointing to pdc and
>exchange. So if outlook-web is taked, pdc and exchange are exposed.
>Looks better, but does it look secure ?
>
>I've been looking IMP from horde.org [free webmail] and it looks good
>'cos you only need IMAP opened from dmz to internal net, anybody has
>been using it successfully ?
>
>That's it. I need message-retrieving, i need authentication, i need
>web interface, and i need it to be secure.
>Please, don't tell me i need to pray...
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
