RE: E2k3 Security Question

2009-11-09 Thread Peter Johnson
ginal Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: 08 November 2009 23:29 To: MS-Exchange Admin Issues Subject: Re: E2k3 Security Question Yeah, that's a different thing than putting an FE in the DMZ. I'll ask him to reconsider his recommendation - we've had pre

RE: E2k3 Security Question

2009-11-09 Thread Mayo, Bill
- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Sunday, November 08, 2009 2:55 PM To: MS-Exchange Admin Issues Subject: Re: E2k3 Security Question Can you tell me more about the 'reverse proxy in front of OWA' and 'internet facing edge appliances'? Does they support

Re: E2k3 Security Question

2009-11-08 Thread Kurt Buff
Yeah, that's a different thing than putting an FE in the DMZ. I'll ask him to reconsider his recommendation - we've had preliminary discussions regarding this, but the final report isn't ready to be presented to management. I can live with introducing ISA into our environment, preferably in the DMZ

Re: E2k3 Security Question

2009-11-08 Thread Kurt Buff
rt SMTP.   > The firewall rules break it. > > - > Sent from my BlackBerry Wireless Handheld > > - Original Message - > From: Kurt Buff > To: MS-Exchange Admin Issues > Sent: Sun Nov 08 12:54:36 2009 > Subject: Re: E2k3 Security Question

Re: E2k3 Security Question

2009-11-08 Thread Don Andrews
. - Sent from my BlackBerry Wireless Handheld - Original Message - From: Kurt Buff To: MS-Exchange Admin Issues Sent: Sun Nov 08 12:54:36 2009 Subject: Re: E2k3 Security Question Can you tell me more about the 'reverse proxy in front of OWA' and 'inter

Re: E2k3 Security Question

2009-11-08 Thread Kurt Buff
t; front of OWA (this is E2K3).  I expect E2K7 to be similar. > > I realize this may not work for everyone but it is our model. > > - > Sent from my BlackBerry Wireless Handheld > > - Original Message - > From: Peter Johnson > To:

Re: E2k3 Security Question

2009-11-08 Thread Don Andrews
realize this may not work for everyone but it is our model. - Sent from my BlackBerry Wireless Handheld - Original Message - From: Peter Johnson To: MS-Exchange Admin Issues Sent: Sun Nov 08 11:12:04 2009 Subject: RE: E2k3 Security Question Microsoft&#

Re: E2k3 Security Question

2009-11-08 Thread Kurt Buff
Thanks for this. I had just found your blog entry in the list archives mere moments ago, after more searching. I'll take this in hand to the meetings we're having, and push back on it. Kurt On Sun, Nov 8, 2009 at 10:24, Simon Butler wrote: > That consultant needs to be asked how putting a fronte

RE: E2k3 Security Question

2009-11-08 Thread Simon Butler
That consultant needs to be asked how putting a frontend server improved the security of your network. When you get the answer, please post back, because no one has given me a good reason why. I ask everyone the same question when they ask how to do it, and no one can answer it. I can give yo

RE: E2k3 Security Question

2009-11-08 Thread Peter Johnson
Microsoft's recommendation has always been to put the Front end server/CAS role directly into your network behind the firewall rather than in the DMZ. The reasoning behind this is related to how many holes you have to punch in the internal firewall to allow RPC access from the FE/CAS roles to th