|
Firewall Wizards
mailing list archives
Re: PIX -> ISA -> OWA Configuration
From: Chris Blask <chris () blask org>
Date: Mon, 09 May 2005 21:44:26 -0400
Hi folks!
At 10:47 AM 5/7/2005, Victor Williams wrote:
Personally, I didn't see any reason to state the obvious when it was there
for everyone to see.
There is no *safe* or *best* way to deploy that architecture as far as I'm
concerned. The sooner everyone just accepts that, the better off everyone
will be.
Everyone that counts (the folks who pay for all this stuff) don't give a
mongoose's hooter what architecture is used, they just want their apps to
work where they need them. On this one I agree with them whole-heartedly:
I'd like to be able to read my email displayed on the fannies of migratory
waterfowl. I'll settle for bioptic HUD glasses that can overlay the text
as opposed to actually laser-printing on loons, but it better be no less
secure than a workstation in a cube however it gets done.
I've found personally that a correctly implemented VPN solution is 1000
times better than trying to get OWA deployed and *safe*.
The only problem with VPNs are kiosks and other Not-My-Computer
situations. Webmail will be implemented (even, I shudder to say, OWA)
because we haven't yet made VPNs fully portable.
If you have to use OWA, I'd use one of the mail firewalls out there
(BorderWare or IronMail, for example) in front of it. Something like that
gives you a break in the chain between your MaxiSoft servers and the World,
and a dev team to maintain it and pester when you feel antsy.
-cheers!
-chris
Chris Blask
chris () blask org
blaskworks.blogspot.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
