Hosting Provided By

Re: Exchange/MAPI/RPC

From: Simara <simara(at)formdesign.com>
Date: Thu Mar 13 2003 - 05:17:28 EST

It is not recommend to publish any RPC interface on Windows Servers, there are tons of exploits that could be executed, and besides, the kind of RPC outlook uses is really heavy on the network, so I wont recommend it, use a VPN. On the other side of the story, the new Exchange Server and Office suite, both due in about 3 months, will bring a new solution: Http-RPC, using the standard Web Access as a connection for the Outlook 2003, and it is secure, no RPC ports open, and I already teste it and its sweet (really fast), the HTTP RPC is nota full RPC publishing, just what you need.

Tested on both beta 2 version of each product.

Alex
----- Original Message -----
From: "Willis Johnson" <willisj@microsoft.com> To: <focus-ms@securityfocus.com>
Sent: Tuesday, March 11, 2003 4:17 PM
Subject: RE: Exchange/MAPI/RPC

There's a case study describing how Microsoft secures remote users at this website:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsol utions/msit/security/srutcase.asp

Willis Johnson
Microsoft

ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data! It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! http://www.spidynamics.com/mktg/sqlinjection33 Received on Fri Mar 14 17:12:15 2003

This message: [ Message body ]
Next message: Laura A. Robinson: "RE: AD replication - IP site to site encryption?"
Previous message: Willis Johnson: "RE: SQL Service Pack doesn't upgrade SQL Server"
In reply to: Willis Johnson: "RE: Exchange/MAPI/RPC"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:27 EDT