Re: Exchange 2003 Front End/Back End Servers & Passwords
From: Andrew (Andrew_at_discussions.microsoft.com)
Date: 12/16/04
- Next message: Ben Winzenz [Exchange MVP]: "Re: Pre-deployment question"
- Previous message: Chris Williams \(Sirana\): "Re: Mailbox logons complete history...???"
- In reply to: Lanwench [MVP - Exchange]: "Re: Exchange 2003 Front End/Back End Servers & Passwords"
- Next in thread: Peter Marshall: "Re: Exchange 2003 Front End/Back End Servers & Passwords"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 16 Dec 2004 07:17:02 -0800
Peter,
If you have a decent firewall, try what my org does.....have the remote
clients use VPN, then you can control the password policy via AD, and they
get a secure connection to your network.
Alternatively, have them authenticate via your firewall and create a rule
for OWA.
Thanks, Andrew
"Lanwench [MVP - Exchange]" wrote:
> Peter Marshall wrote:
> >> Not sure how as they'll be getting authenticated on your domain. I
> >> think the FE server shouldn't be in your DMZ anyway - you'll have to
> >> open up a lot of ports between DMZ and LAN in order for the server
> >> to communicate. Sort of negates the purpose of a DMZ.
> >
> > The authentication was my concern - might be more sensible to post to
> > an Active Directory list. The DMZ/LAN link will have to be firewall
> > controlled, in the same way that we have the Web Server/Db Servers
> > setup.
> >
>
> Yes - but in order for Exchange on the FE to communicate with the back end,
> you have to open up a LOT between the DMZ and LAN. Do you have ISA?
>
> >
> >> You should be using good passwords on your LAN anyway - doesn't
> >> matter that it's small and trusted. 8 char. minimum, complex
> >> passwords, regular forced changes.
> >
> > True, for small & trusted team, read lazy!
>
> Yep - but this is important, and I'd take the issue up with management. If
> inbound access is a need, this needs to be addressed.
> >
> >
> >> That said - with a small network, are you sure you even need a FE/BE
> >> config?
> >
> > Its the security aspects of it I'm worried about - don't want to open
> > up the email server to the world any more than I have to.
>
> Yes, but you're still opening up more than you want if you poke holes
> between DMZ and LAN and aren't using a good password policy.
>
>
>
- Next message: Ben Winzenz [Exchange MVP]: "Re: Pre-deployment question"
- Previous message: Chris Williams \(Sirana\): "Re: Mailbox logons complete history...???"
- In reply to: Lanwench [MVP - Exchange]: "Re: Exchange 2003 Front End/Back End Servers & Passwords"
- Next in thread: Peter Marshall: "Re: Exchange 2003 Front End/Back End Servers & Passwords"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
