Re: SP2 and OWA
- From: "Rich Matheisen [MVP]" <richnews@xxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 21 Aug 2006 14:18:14 -0400
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
In news:CE8F0A9B-B573-4D71-84B2-0EE8410753F7@xxxxxxxxxxxxx,
yba02 <yba02@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Hi,
I have Exchange 2k3 SP2.
Does SP2 necessitate SSL enforcement on FBA for OWA? In other words,
can I configure OWA without using SSL in presence of SP2?
Thanks
Yba
Sure, I think so - but why would you want to do that? SSL is a must in my
book. Allowing HTTP traffic into your network is a really bad idea.
Okay . . . I'll bite. Why is allowing HTTP into your network less
secure than allowing HTTPS (ignoring the "sniffing passwords" bit)?
I can use an IPS to examine HTTP. I can't look at the contents of the
data if it's encrypted.
Traffic between a F-E and B-E server is HTTP, not HTTPS.
In a switched network, those data aren't broadcast to everyone.
If security is a concern, why not use IPSec and limit the IP addresses
from which you'll accept HTTP/HTTPS? Or another firewall?
I'm sincerely interested in hearing the reasons. Really.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx
.
- Follow-Ups:
- Re: SP2 and OWA
- From: Lanwench [MVP - Exchange]
- Re: SP2 and OWA
- From: Ben Winzenz [Exchange MVP]
- Re: SP2 and OWA
- References:
- Re: SP2 and OWA
- From: Lanwench [MVP - Exchange]
- Re: SP2 and OWA
- Prev by Date: OMA
- Next by Date: Re: Exchange 2003 Standby Server
- Previous by thread: Re: SP2 and OWA
- Next by thread: Re: SP2 and OWA
- Index(es):
Relevant Pages
|
