Hi there,
Could someone please provide me with products or solutions that can secure
WA authentication?
The client is already utilizing smartcards with certs for the internal
network authentication.
The problem is that the client needs another form of authentication against
the WA instead of passwords or smartcards.
The end-users must also be able to use public computers to authenticate
against WA. (i.e. no card readers etc)
Something like TP? Maybe one of you had the same scenario and can point me
to the solutions / products you used!
Regards
Full-Disclosure - We believe in it.
Charter:
Hosted and sponsored by Secunia - http://secunia.com/

possibility is to consider doing a two-stage authentication
scheme, where the user first authenticates with (say) an RSA SecurID
token, and then after authenticating there gets forwarded to the usual
WA login page (all SSL encrypted of course!). I've seen this used
with good results.
-Brendan

8/25/06, Lohan Spies <lohan.spies (AT) gmail (DOT) comwrote:
>
>
>
Hi there,
>
>
>
Could someone please provide me with products or solutions that can secure
WA authentication?
>
>
>
The client is already utilizing smartcards with certs for the internal
network authentication.
>
>
>
The problem is that the client needs another form of authentication against
the WA instead of passwords or smartcards.
>
>
>
The end-users must also be able to use public computers to authenticate
against WA. (i.e. no card readers etc)
>
>
>
Something like TP? Maybe one of you had the same scenario and can point me
to the solutions / products you used!
>
>
>
Regards

Full-Disclosure - We believe in it.
Charter:

Hosted and sponsored by Secunia - http://secunia.com/
--

Full-Disclosure - We believe in it.
Charter:
Hosted and sponsored by Secunia - http://secunia.com/

Secure WA:
Full-Disclosure - We believe in it.
Charter:
Hosted and sponsored by Secunia - http://secunia.com/

8/26/06, <<massimo (AT) grandmedia (DOT) siwrote:
--
Secure WA:
Really? go for it:
-JP<who thinks sendmail is a little less secure>
Full-Disclosure - We believe in it.
Charter:
Hosted and sponsored by Secunia - http://secunia.com/

PGP SIGNED MESSAGE
Hash: SHA1

Dude, which is more secure in your opinion. A base install of sendmail
or a base install of WA/exchange?

Dude VanWinkle wrote:
8/26/06, <<massimo (AT) grandmedia (DOT) siwrote:
>>
>>
>Secure WA:
>
>
Really? go for it:
--
-JP<who thinks sendmail is a little less secure>

Full-Disclosure - We believe in it.
Charter:
Hosted and sponsored by Secunia - http://secunia.com/

- --
Regards,
Adriel T. Desautels
SN Research Team
: 617-924-4510 || Mobile : 857-636-8882

Vulnerability Research and Exploit Development

PGP SIGNATURE
Version: GnuPG v1.4.3 (Darwin)

U2iIJxk4XKV7BVfk13Y0=
=a8uR
PGP SIGNATURE

Full-Disclosure - We believe in it.
Charter:
Hosted and sponsored by Secunia - http://secunia.com/

8/26/06, Adriel Desautels <simon (AT) snosoft (DOT) comwrote:
PGP SIGNED MESSAGE
Hash: SHA1

Dude, which is more secure in your opinion. A base install of sendmail
or a base install of WA/exchange?

sorry, that was a bad comparison/joke. They are two different
products. is a mailserver, the other a webpage. To answer your
question, leaving any SMTP server open to the web with only its base
install is asking for trouble. A secure messaging infrastructure has
layers just like any secure system. Firewall, SMTP Gateway, front end,
then back end server is my preference, in that order, with the SMTP
gateway being a different S than your back end servers.

WA is pretty nifty though, with almost every feature of the MAPI
client. The only real fault I know about is the fact that you can
guess passwords eternally without locking out user accounts. Also, as
with any web front end, you can access it from anywhere. This means
two things:

1: You cant control the security of the client machines. Whether it is
a home PC, internet kiosk, or wifi connection at starbucks, the
connection is going to be made from an infected machine sooner or
later.

2: Using two factor authentication has to be done with SecureID, as
most Kiosks and public use PC's dont have card readers.

If two factor authentication is not a possibility (due to cost or some
such) then make sure to watch your logs for massive amounts of
authentication attempts or even an unsusal amount of attempts for the
same account.
-JP

Full-Disclosure - We believe in it.
Charter:
Hosted and sponsored by Secunia - http://secunia.com/

Sat, 26 Aug 2006 14:30:22 EDT, Dude VanWinkle said:

question, leaving any SMTP server open to the web with only its base
install is asking for trouble.

Especially if it's set up by somebody who doesn't understand that not
all the Internet is http: :)

(Sorry, I couldn't resist. :)

Full-Disclosure - We believe in it.
Charter:
Hosted and sponsored by Secunia - http://secunia.com/
PGP SIGNATURE
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

gjrmM0UeNpz81rDAocV9kME=
=PyVn
PGP SIGNATURE