| To: | "Jason L. Ellison" <infotek@datasync.com> |
|---|---|
| Subject: | Re: publications concerning port forwarding |
| From: | "Jamie Riden" <jamie.riden@gmail.com> |
| Date: | Wed, 11 Apr 2007 12:01:25 +0100 |
| Cc: | pen-test <pen-test@securityfocus.com> |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=nzAEoPTfifYJYPDJuJRznP+X4/P8jtUrlpGxX4jnt//ct0axRr+vPUHXAz8rg92yVE7CB2mr/drg4E9fyXRYuNAFDTy0Hl5SoLQjy4mag+qf4wZi3PNw3ycFawb7Mk1tKNERspjJ/2p7O8WgdTC4vHK2O0zinaA+3dYVxEbiYxw= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=aY+QVUDcw7Z3HQZVJOHNw/e4g8Ju1EGFZkz2Y1LujLK6zgDua99zEzoVLAEXv946vsu3Wa3yJJhby6Vq1mZVNVRINIXT7QBoSTjrxmf7KmWLRhCAP9nijn/XyF/jZp8AERbXOdKsW/Ox/niCrfOa7W2XdeVw4ibsHBeJ3inEJ1I= |
| In-reply-to: | <Pine.LNX.4.58.0704101707530.6970@shell.datasync.com> |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <Pine.LNX.4.58.0704101707530.6970@shell.datasync.com> |
| Resent-date: | Wed, 11 Apr 2007 11:31:06 -0600 (MDT) |
| Resent-from: | pen-test-return-1078483911@securityfocus.com |
| Resent-message-id: | <20070411173106.9BC951C2B56@outgoing2.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
On 10/04/07, Jason L. Ellison <infotek@datasync.com> wrote: List, I'm currently doing work for a large company as a consultant. Another consultant is installing a MS Exchange server and is now requesting for me to forward ports on the PIX from the Internet to internal servers. If they mean a couple of ports like IMAP and POP, then it's not great, but not such a security risk. If I remember Exchange though, it wants a huge swathe of ports opened up for goodness knows what. At a previous workplace, we used to allow 'native' access to Exchange, but only via our VPN server, not direct to the internet. Couldn't you suggest using Outlook Web Access, or whatever it's called? i.e. just open HTTPS through to the internal network. Not wonderful, but probably better. I assume that's what OWA is intended for, and it seems to be normal practice. cheers, Jamie -- Jamie Riden, CISSP / jamesr@europe.com / jamie@honeynet.org.uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RE: publications concerning port forwarding, Wiedemann, Adrian |
|---|---|
| Next by Date: | RE: publications concerning port forwarding, Jason Rahl |
| Previous by Thread: | RE: publications concerning port forwarding, Jason L. Ellison |
| Next by Thread: | RE: publications concerning port forwarding, Jason Rahl |
| Indexes: | [Date] [Thread] [Top] [All Lists] |