Home page logo
/

basics logo Security Basics mailing list archives

Re: Is Outlook Anywhere secure?
From: Andre Pawlowski <sqall () h4des org>
Date: Thu, 02 Sep 2010 13:58:18 +0200

After I searched a lot in the net about this topic I often found my
eMail in this list.

Now I have done my research and configuration to this topic and want to
give others a hint where to look. I wrote informations and
configurations about this topic in my blog (only in german)

http://blog.h4des.org/index.php?/archives/279-TMG-als-Proxy-Outlook-Anywhere-hardening.html

So feel free to use it and feel free to ask if something bothers you.

Regards

Andre Pawlowski

-------------------------------------------------------------------

Die Schriftsteller k├Ânnen nicht so schnell schreiben, wie die
Regierungen Kriege machen, denn das Schreiben verlangt Denkarbeit.
        -Bertolt Brecht

On 08/14/2010 04:26 PM, Mike A. wrote:
Hi Andre,

I found this article, which most likely answer your questions:


http://araihan.wordpress.com/2010/04/09/forefront-tmg-2010-publishing-exchange-server/

Mike

On Fri, Aug 13, 2010 at 3:12 AM, Andre Pawlowski <sqall () h4des org> wrote:

Hi list,

I have to build an Exchange 2010 service for my company and have some
concerns about Outlook Anywhere (RPC over HTTPS). With Outlook Anywhere
everyone of our company should have access to their Exchange Mailboxes
through the internet.

So my question is: Is Outlook Anywhere secure? I mean, you shouldn't
open RPC on your server for the outside and in my understanding RPC
tunneled through HTTPS is just the same.

We want to use TMG for checking the incoming traffic to the Exchange
servers. But I doesn't find anything about that the TMG checks the
incoming RPC in the Outlook Anywhere connection. I only read the TMG
extracts the RPC over HTTPS and forwards the RPC to the Exchange servers.

Has anyone an idea or some hints for me?

--

Andre Pawlowski

-------------------------------------------------------------------

If you could be God's worst enemy or nothing, which would you choose?
       -Chuck Palahniuk

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.


http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Re: Is Outlook Anywhere secure? Andre Pawlowski (Sep 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]