RE: Exchange 2000 OWA is open.
Sure, but you'll need a 2003 server to install it on. It's not typically part of the internal AD domain. Isn't it called Forefront Security now or something? -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. Will ISA 2006 work in a Windows 2000 environment? -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:39 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
The VPNs are gateways but nothing stops them from putting the OWA address in a kiosk browser. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. What if I'm at an airport kiosk? If I have access to VPN, I'll probably want to use Outlook. -Original Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Exchange 2000 OWA is open.
I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
Add a second server. Install Exchange on it Configure it as a front end exchange server. Enable forms-based authentication and SSL on this front end box. Get a SSL cert either from Entrust, Verisign, etc or configure your own in-house Certificate Authority and get a cert from that server. Enable http https redirection to the front end server. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:39 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
Will ISA 2006 work in a Windows 2000 environment? -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:39 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
What if I'm at an airport kiosk? If I have access to VPN, I'll probably want to use Outlook. -Original Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
I believe you are correct that ISA is now a part of Forefront along with the new application gateway, which is really nice. Excellent way to present OWA. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:49 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. Sure, but you'll need a 2003 server to install it on. It's not typically part of the internal AD domain. Isn't it called Forefront Security now or something? -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. Will ISA 2006 work in a Windows 2000 environment? -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:39 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Exchange 2000 OWA is open.
There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. As long as OWA is freely accessible, it WILL be attacked. If the business owners want it to stop, OWA _HAS_ to not be available publicly. An SSL VPN would take care of this, as it forces the authentication through a web accessible technology before anything else can occur. ISA would do something similar. In both cases, you're just moving the point of attack. On 1/17/08 12:48, Stephan Barr [EMAIL PROTECTED] wrote: The VPNs are gateways but nothing stops them from putting the OWA address in a kiosk browser. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. What if I'm at an airport kiosk? If I have access to VPN, I'll probably want to use Outlook. -Original Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
ISA 2000, ISA 2004, ISA 2006. Newer is better? -Original Message- From: Tim Vander Kooi [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:04 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. Donning Dr. Tom mask If it ain't ISA it sucks, but ISA is perfection on a shiny plastic platter! Removing Dr. Tom mask In all seriousness, ISA is your best solution for this situation. TVK -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Exchange 2000 OWA is open.
Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
Thanks for the replies you guys. Very much appreciated. Cheers. -Original Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
We do that via reverse proxy and hardware token. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. What if I'm at an airport kiosk? If I have access to VPN, I'll probably want to use Outlook. -Original Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
IF its externally available. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 12:48 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. The VPNs are gateways but nothing stops them from putting the OWA address in a kiosk browser. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 2:45 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2000 OWA is open. What if I'm at an airport kiosk? If I have access to VPN, I'll probably want to use Outlook. -Original Message- From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:43 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2000 OWA is open. Stephan, Require a VPN connection before allowing connection to OWA. OWA is just an application riding on top of a web server. So long as the web server is accessible, it _will_ get attacked. On 1/17/08 12:39, Andy David [EMAIL PROTECTED] wrote: If it's not ISA, its crap! No SSL? OY. I wouldn't bother with a deny list. -Original Message- From: Stephan Barr [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 3:35 PM To: MS-Exchange Admin Issues Subject: Exchange 2000 OWA is open. I just picked up a client that has a Windows 2000 environment with Exchange 2000,everything fully patched and running well. 150 users, everything is behind Netgear FVS328s WAN wide, there are VPNs to five remote sites and the domain is WAN wide. Employees occasionally connect via HTTP to Exchange OWA using Windows Integrated Authentication; no SSL. There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. I've been reviewing the IIS log for foreign IPs and adding those to the deny list but that doesn't seem to do the trick. The customer does have a license for a second Exchange server. The IIS lockdown tool has not been executed on the Exchange server. What would you recommend to reduce/eliminate OWAs exposure? Cheers. - Salvador Manzo [ 620 W. 35th St - Los Angeles, CA 90089 e. [EMAIL PROTECTED] ] Auxiliary Services IT, Datacenter University of Southern California 818-612-5112 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Exchange 2000 OWA is open.
There is evidence in the Exchange security log that unwanted folks are trying to gain access via OWA and they want it to stop. Put it on a non-standard port and distribute shortcuts via logon scripting. That'll stop most of the worms at least (is it still codered you're seeing). You could also invest in an IPS box to put in front of everything (e.g. TippingPoint, SecureWorks iSensor, etc...). ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~