-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Volker Tanger [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 29, 2000 9:21 AM
>
> I hope you won't want to let them use MAPI via the internet?!
> Because if so,
> you will need to allow them NBT into the DMZ and to your DC
> (read: NBT into
> internal network). If so, a firewall won't help you much.
Wrong. You don't need NetBIOS to connect with MAPI. Exchange uses
three dynamic ports (Directory, Information Store, and Admin
interface) which can be set to static ports with Registry settings.
So you only need the Directory port, the Info Store, and the Remote
Procedure port 135 to find these two ports (even when they are
static) in order to connect with Outlook.
If you configure Outlook to encrypt the traffic, no one will be able
to read your email (at least not without some effort in decrypting
it). The scary piece is the RPC port, but you can implement safe
guards against attacks on that (simple session or user
authentication, together with the other ports, and hopefully using
OTP's).
I agree, though, that a) a VPN is better suited due to stronger
encryption, and b) Outlook Web Access makes more sense for
efficiency. Connecting with MAPI means that every email has to be
transferred from the server to the client. If your users send each
other large files (documents or the all-time popular movie files),
you suck up bandwidth, and the users have to wait until their
documents are downloaded. Using Web Access, checking email is faster.
Make sure you use SSL to connect to the OWA server.
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBOaxa50RKym0LjhFcEQKHdwCeI7rBXccFJSjpB5CEDWG+WXmSx1MAoOqd
+934i7zx1HCOQDJN1hx3vNiJ
=RK9A
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
