Re: SP2 and OWA
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 27 Aug 2006 13:42:49 -0400
In news:qghse211nllo5nvv9b3h68uh0v04i452m9@xxxxxxx,
Rich Matheisen [MVP] <richnews@xxxxxxxxxxxxxxxxxxxxx> typed:
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
In news:g8spe2pbtvt0k7tl7itmtpeubsjq7pkubp@xxxxxxx,^^
Rich Matheisen [MVP] <richnews@xxxxxxxxxxxxxxxxxxxxx> typed:
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
[ snip ]
Okay . . . I'll bite. Why is allowing HTTP into your network less
secure than allowing HTTPS (ignoring the "sniffing passwords"
bit)?
Well, I can see I inadvertently started something here,
Nope. You didn't . . . I did. I just hijacked your thread to do it.
I'll allow it this time, Mathiesen. <stern look>
|
+-- ei <waves back>
<whoops>. I fat-fingered that. Now I'm in even more trouble.
Just like Old MacDonald had a farm, e-i, e-i, . . .
Unless, of course, I return to the "old country" where it's "ie".
Blame my grandfather for that misspelling.
Or the nice fellows at Ellis Island? Although on the tour I took of it a few
years back, it was explained that the immigration agents didn't actually
rename people by fiat.
but my first
reaction is that what you ask me to ignore is one of the main
reasons I want SSL!
That's okay, but you said allowing HHTP into your network was a
risk, not that exposing passwords was a risk (which is a given). I'm
interested in knowing how HTTP is more of a risk than HTTPS and I
want to exclude the obvious from the disscussion.
Ah, yes. I fear I am out of my depth here (I'm not much of a web
server person), so it's entirely possible I've been living in a
fool's paradise, but doesn't forcing SSL encrypt more than just the
authentication process to help protect against eavesdropping?
Sure. But that eavedropping is what makes it possible to detect
nefarious behavior. Using HTTPS hides the contents of the channel
between ther two end points (like SSL and TLS).
I wouldn't know how to eavesdrop on the bad guys, nor the good guys. I guess
I rely on my password policies and user training, and hope for the best.
[ snip ]
Do they also have a web site?
Not internally hosted, no...unless it's in a DMZ, and it probably
wouldn't even be running IIS then :)
Doesn't matter. HTTP/HTTPS hasn't been appropriated by MS yet. :-P
Oh, no, of course not. I just mean I don't think IIS is widely viewed as the
best of all possible webservers.
.
- Follow-Ups:
- Re: SP2 and OWA
- From: Rich Matheisen [MVP]
- Re: SP2 and OWA
- References:
- Re: SP2 and OWA
- From: Lanwench [MVP - Exchange]
- Re: SP2 and OWA
- From: Rich Matheisen [MVP]
- Re: SP2 and OWA
- From: Lanwench [MVP - Exchange]
- Re: SP2 and OWA
- From: Rich Matheisen [MVP]
- Re: SP2 and OWA
- From: Lanwench [MVP - Exchange]
- Re: SP2 and OWA
- From: Rich Matheisen [MVP]
- Re: SP2 and OWA
- Prev by Date: Re: How can BB receive mail from two sub domains?
- Next by Date: Re: Problem with Exchange on NAS
- Previous by thread: Re: SP2 and OWA
- Next by thread: Re: SP2 and OWA
- Index(es):
Relevant Pages
|
