ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Installing VPN access on Windows Server 2016

    Scheduled Pinned Locked Moved Starwind
    virtual private networkvpnwindows server 2016ws2016protocolsnetworkremote connection
    70 Posts 7 Posters 16.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Carnival Boy
      last edited by

      I need an example that's not from 2004!

      scottalanmillerS 2 Replies Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Carnival Boy
        last edited by

        @Carnival-Boy said in Installing VPN access on Windows Server 2016:

        I need an example that's not from 2004!

        Why? If you know what the vector is, you know that the age of the example can't matter.

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller
          last edited by

          Or do you believe that the entire concept of hacking has been solved and doesn't exist today?

          C 1 Reply Last reply Reply Quote 2
          • C
            Carnival Boy @scottalanmiller
            last edited by Carnival Boy

            @scottalanmiller said in Installing VPN access on Windows Server 2016:

            Or do you believe that the entire concept of hacking has been solved and doesn't exist today?

            Oh, just forget it.

            scottalanmillerS DashrenderD 2 Replies Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Carnival Boy
              last edited by

              @Carnival-Boy said in Installing VPN access on Windows Server 2016:

              @scottalanmiller said in Installing VPN access on Windows Server 2016:

              Or do you believe that the entire concept of hacking has been solved and doesn't exist today?

              Oh, just forget it.

              Okay, so we've established, it's important to have proxies in front of services for good security and SMTP is a common, well known attack vector that is easily mitigated and even MS recommends this for exactly that reason. Moving on...

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                Same reason we always have something like Nginx sitting in front of less battle tested servers like Node.js system calls. Nearly zero effort for a massive increase in stability and security. Things work without doing it, but it's considered the standard implementation pattern and approach.

                1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @Carnival Boy
                  last edited by

                  @Carnival-Boy said in Installing VPN access on Windows Server 2016:

                  @scottalanmiller said in Installing VPN access on Windows Server 2016:

                  Or do you believe that the entire concept of hacking has been solved and doesn't exist today?

                  Oh, just forget it.

                  There's nothing to forget.

                  If you want security in depth, you need not only the security provided in Exchange, you also put a SMTP proxy in front to get another layer.

                  The same goes for normal port 80/443 stuff. The default settings of Exchange's implementation on IIS is by some considered lax. Install a much more locked down HTML proxy in front of it that prevents specific commands not needed by Exchange, plus a web server that has different flaws than Exchange IIS has, and you've again created a defense in depth.

                  scottalanmillerS C 2 Replies Last reply Reply Quote 3
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @Dashrender said in Installing VPN access on Windows Server 2016:

                    I also have a reverse proxy in front of Exchange for ActiveSync and OWA.

                    What do you use for a reverse proxy?

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Dashrender
                      last edited by

                      @Dashrender said in Installing VPN access on Windows Server 2016:

                      The same goes for normal port 80/443 stuff. The default settings of Exchange's implementation on IIS is by some considered lax. Install a much more locked down HTML proxy in front of it that prevents specific commands not needed by Exchange, plus a web server that has different flaws than Exchange IIS has, and you've again created a defense in depth.

                      Exactly, put Nginx in front of OWA, as an example, and the degree to which it is harder to try to brute force an attack on OWA is extreme. Plus it can make HTTP Header handling more flexible.

                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @scottalanmiller
                        last edited by

                        @scottalanmiller said in Installing VPN access on Windows Server 2016:

                        @Dashrender said in Installing VPN access on Windows Server 2016:

                        I also have a reverse proxy in front of Exchange for ActiveSync and OWA.

                        What do you use for a reverse proxy?

                        His is ancient. ISA

                        scottalanmillerS 1 Reply Last reply Reply Quote 1
                        • JaredBuschJ
                          JaredBusch @scottalanmiller
                          last edited by

                          @scottalanmiller said in Installing VPN access on Windows Server 2016:

                          @Dashrender said in Installing VPN access on Windows Server 2016:

                          The same goes for normal port 80/443 stuff. The default settings of Exchange's implementation on IIS is by some considered lax. Install a much more locked down HTML proxy in front of it that prevents specific commands not needed by Exchange, plus a web server that has different flaws than Exchange IIS has, and you've again created a defense in depth.

                          Exactly, put Nginx in front of OWA, as an example, and the degree to which it is harder to try to brute force an attack on OWA is extreme. Plus it can make HTTP Header handling more flexible.

                          You cannot put Nginx in front of Exchange for free.

                          scottalanmillerS 1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller @JaredBusch
                            last edited by

                            @JaredBusch said in Installing VPN access on Windows Server 2016:

                            @scottalanmiller said in Installing VPN access on Windows Server 2016:

                            @Dashrender said in Installing VPN access on Windows Server 2016:

                            I also have a reverse proxy in front of Exchange for ActiveSync and OWA.

                            What do you use for a reverse proxy?

                            His is ancient. ISA

                            Wow, when did they end that? 2006? I can't remember the last version number, but it was some time ago.

                            I used it a lot back when it was Proxy Server 2.0!!

                            1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller @JaredBusch
                              last edited by

                              @JaredBusch said in Installing VPN access on Windows Server 2016:

                              @scottalanmiller said in Installing VPN access on Windows Server 2016:

                              @Dashrender said in Installing VPN access on Windows Server 2016:

                              The same goes for normal port 80/443 stuff. The default settings of Exchange's implementation on IIS is by some considered lax. Install a much more locked down HTML proxy in front of it that prevents specific commands not needed by Exchange, plus a web server that has different flaws than Exchange IIS has, and you've again created a defense in depth.

                              Exactly, put Nginx in front of OWA, as an example, and the degree to which it is harder to try to brute force an attack on OWA is extreme. Plus it can make HTTP Header handling more flexible.

                              You cannot put Nginx in front of Exchange for free.

                              What feature from the paid version is needed?

                              JaredBuschJ 2 Replies Last reply Reply Quote 0
                              • JaredBuschJ
                                JaredBusch @scottalanmiller
                                last edited by

                                @scottalanmiller said in Installing VPN access on Windows Server 2016:

                                @JaredBusch said in Installing VPN access on Windows Server 2016:

                                @scottalanmiller said in Installing VPN access on Windows Server 2016:

                                @Dashrender said in Installing VPN access on Windows Server 2016:

                                The same goes for normal port 80/443 stuff. The default settings of Exchange's implementation on IIS is by some considered lax. Install a much more locked down HTML proxy in front of it that prevents specific commands not needed by Exchange, plus a web server that has different flaws than Exchange IIS has, and you've again created a defense in depth.

                                Exactly, put Nginx in front of OWA, as an example, and the degree to which it is harder to try to brute force an attack on OWA is extreme. Plus it can make HTTP Header handling more flexible.

                                You cannot put Nginx in front of Exchange for free.

                                What feature from the paid version is needed?

                                I do not recall the name of the feature, but i had a thread on the subject on here 2 years ago.

                                Because I tried to put Nginx in front.

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @JaredBusch
                                  last edited by

                                  @JaredBusch said in Installing VPN access on Windows Server 2016:

                                  @scottalanmiller said in Installing VPN access on Windows Server 2016:

                                  @JaredBusch said in Installing VPN access on Windows Server 2016:

                                  @scottalanmiller said in Installing VPN access on Windows Server 2016:

                                  @Dashrender said in Installing VPN access on Windows Server 2016:

                                  The same goes for normal port 80/443 stuff. The default settings of Exchange's implementation on IIS is by some considered lax. Install a much more locked down HTML proxy in front of it that prevents specific commands not needed by Exchange, plus a web server that has different flaws than Exchange IIS has, and you've again created a defense in depth.

                                  Exactly, put Nginx in front of OWA, as an example, and the degree to which it is harder to try to brute force an attack on OWA is extreme. Plus it can make HTTP Header handling more flexible.

                                  You cannot put Nginx in front of Exchange for free.

                                  What feature from the paid version is needed?

                                  I do not recall the name of the feature, but i had a thread on the subject on here 2 years ago.

                                  Because I tried to put Nginx in front.

                                  Have you tried this recent guide?

                                  http://blog.adamjoshuasmith.com/deploying-exchange-2016-behind-nginx-free/

                                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Installing VPN access on Windows Server 2016:

                                    @JaredBusch said in Installing VPN access on Windows Server 2016:

                                    @scottalanmiller said in Installing VPN access on Windows Server 2016:

                                    @JaredBusch said in Installing VPN access on Windows Server 2016:

                                    @scottalanmiller said in Installing VPN access on Windows Server 2016:

                                    @Dashrender said in Installing VPN access on Windows Server 2016:

                                    The same goes for normal port 80/443 stuff. The default settings of Exchange's implementation on IIS is by some considered lax. Install a much more locked down HTML proxy in front of it that prevents specific commands not needed by Exchange, plus a web server that has different flaws than Exchange IIS has, and you've again created a defense in depth.

                                    Exactly, put Nginx in front of OWA, as an example, and the degree to which it is harder to try to brute force an attack on OWA is extreme. Plus it can make HTTP Header handling more flexible.

                                    You cannot put Nginx in front of Exchange for free.

                                    What feature from the paid version is needed?

                                    I do not recall the name of the feature, but i had a thread on the subject on here 2 years ago.

                                    Because I tried to put Nginx in front.

                                    Have you tried this recent guide?

                                    http://blog.adamjoshuasmith.com/deploying-exchange-2016-behind-nginx-free/

                                    It relies on Nginx Extras and requires a Debian proxy.

                                    I found this back in December in this thread: https://www.mangolassi.it/topic/7184/problems-with-exchange-2010-and-nginx-reverse-proxy/18

                                    1 Reply Last reply Reply Quote 0
                                    • JaredBuschJ
                                      JaredBusch
                                      last edited by

                                      I never did get time to try it, I guess I should. I just hate relying on Ubuntu.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @JaredBusch
                                        last edited by

                                        @JaredBusch said in Installing VPN access on Windows Server 2016:

                                        I never did get time to try it, I guess I should. I just hate relying on Ubuntu.

                                        Probably works elsewhere. I don't have any on prem Exchange to test on.

                                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                                        • JaredBuschJ
                                          JaredBusch @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in Installing VPN access on Windows Server 2016:

                                          @JaredBusch said in Installing VPN access on Windows Server 2016:

                                          I never did get time to try it, I guess I should. I just hate relying on Ubuntu.

                                          Probably works elsewhere. I don't have any on prem Exchange to test on.

                                          I have two. One Exchange 2010 and one Exchange 2013. So I guess I need to just download 17.03 and spin up a VM at each site.

                                          1 Reply Last reply Reply Quote 1
                                          • JaredBuschJ
                                            JaredBusch @scottalanmiller
                                            last edited by JaredBusch

                                            @scottalanmiller said in Installing VPN access on Windows Server 2016:

                                            @JaredBusch said in Installing VPN access on Windows Server 2016:

                                            @scottalanmiller said in Installing VPN access on Windows Server 2016:

                                            @Dashrender said in Installing VPN access on Windows Server 2016:

                                            The same goes for normal port 80/443 stuff. The default settings of Exchange's implementation on IIS is by some considered lax. Install a much more locked down HTML proxy in front of it that prevents specific commands not needed by Exchange, plus a web server that has different flaws than Exchange IIS has, and you've again created a defense in depth.

                                            Exactly, put Nginx in front of OWA, as an example, and the degree to which it is harder to try to brute force an attack on OWA is extreme. Plus it can make HTTP Header handling more flexible.

                                            You cannot put Nginx in front of Exchange for free.

                                            What feature from the paid version is needed?

                                            Found it..
                                            0_1496330564717_upload-a58ff151-299b-4800-9275-12cf6b35d952

                                            So apparently something in the nginx-extras package on Debian handles this.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 2 / 4
                                            • First post
                                              Last post