Go Back   AnandTech Forums > Software > Software for Windows

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Home and Garden
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2014
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 01-07-2013, 05:53 PM   #26
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

Quote:
Originally Posted by bgstcola View Post
haha yea that came out kinda wrong. I just meant stuff that would be worth a lot of money to hackers or pose national security threats etc.

Anyways, I'm a teacher and I work a lot at home and need to check my mail often. I can't figure out if I'm an idiot because I wont just accept to use OWA or if you're suggesting that my IT-department is incompetent for not letting me use VPN. Maybe both?

btw: they said that they already had VPN because they had citrix. I hate citrix
But you do have a lot of information that could let bad guys steal identities of your students and fellow employees. Security should be on by default with you only letting a known set of people have access to what they need, although sadly very few people understand that.

Citrix isn't a VPN. A real VPN would give you some level of internal network access remotely so that you could setup Outlook to access the Exchange server, provided that was part of the network access that's granted. That and the fact that they mentioned POP3 when you said Outlook Anywhere makes me lean towards them being incompetent and not just blowing smoke up your ass to make you go away.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Old 01-07-2013, 07:04 PM   #27
bgstcola
Member
 
Join Date: Aug 2010
Posts: 99
Default

But would you say it would be a bad idea for a school to allow the teachers VPN access? or Outlook Anywher?
bgstcola is offline   Reply With Quote
Old 01-07-2013, 07:34 PM   #28
Ferzerp
Diamond Member
 
Join Date: Oct 1999
Posts: 5,493
Default

Quote:
Originally Posted by bgstcola View Post
But would you say it would be a bad idea for a school to allow the teachers VPN access? or Outlook Anywher?

Doesn't matter what anyone here would say.

Apparently the security policy that you've agreed to as a provision of being allowed to have an account says that it isn't allowed.

You did sign some paperwork did you not?
Ferzerp is online now   Reply With Quote
Old 01-07-2013, 07:48 PM   #29
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

Quote:
Originally Posted by bgstcola View Post
But would you say it would be a bad idea for a school to allow the teachers VPN access? or Outlook Anywher?
Not as long as it's done properly. But I'm also not the party responsible for that data. I was just responding to your idea that you don't have any data worth stealing. Everyone has data worth stealing from their country's equivalent to a US social security number to just bandwidth to be used for DDoS attacks.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Old 01-08-2013, 09:00 AM   #30
Dstoop
Member
 
Join Date: Sep 2012
Posts: 151
Default

Quote:
Originally Posted by bgstcola View Post
Dstoop, I'm not sure I understand. Do you say that it is reasonable that I can't connect to Exchange *without* VPN but that there isn't any real security reason not to allow VPN?

I work at a school so it's not like we need any special kind of security.

Nothinman, ActiveSync works fine but it is of no use on my desktop pc.
Correct, accessing the exchange server directly with no VPN = huge security holes. Accessing with VPN is considered "as secure as it can be" and is a popular corporate solution due to the added security checks that can be done on your system when creating the VPN connection.

As you work at a school, odds are the IT department simply doesn't have any of the backend configured to allow VPN access. It's not a matter of simply provisioning you a VPN account, that takes two seconds. They would have to do all the legwork of properly configuring VPN access on their end, just so you don't have to type in your OWA password.

Quote:
The proliferation of "cloud computing" and hosted Exchange providers these days says otherwise. I could see how 1 can be an issue if your users have poor passwords or you don't have a dedicated edge server to isolate access. But 2 shouldn't be an issue now since MS has done so much to lock down access to its accounts from outside processes. I'm not saying that it's impossible, but that it's a lot less likely and considered an acceptable risk these days.
Yes, MS may have done a lot on both the client side and the server side over the years through numerous improvements built right into the latest software, Exchange, OS, etc. But the users home PC is an untrusted environment. All those improvements mean jack squat if your employee is still running Windows XP (no service packs), hasn't run windows update ever, and is still running IE6 and Office XP.

As for cloud computing and hosted exchange, we're talking apples and oranges. These services are acceptable and reasonably secure *because* they do have the infrastructure backing them like properly configured edge servers and high-end security devices, virus scanners, IDS, etc. Hell, the appeal of these services is that your company doesn't have to deal with any of that, you're paying a premium for all of that to be somebody else's problem (and somebody else's expense). The OP doesn't have any of that. Most small businesses, in this case a school, doesn't have all that fancy security mumbo-jumbo to work under the assumption that the connecting client is as compromised as it possibly can be. If they did, we wouldn't be having this conversation because they'd have just given him a VPN login and called it a day. The OP circumventing the school's security procedures and policies is putting a security hole in the school's network that shouldn't be there. I agree that the odds of anything truly negative or damaging coming from it are pretty slim, but that still doesn't make it a good idea to do anyway.
Dstoop is offline   Reply With Quote
Old 01-08-2013, 09:18 AM   #31
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

Quote:
Originally Posted by Dstoop
Yes, MS may have done a lot on both the client side and the server side over the years through numerous improvements built right into the latest software, Exchange, OS, etc. But the users home PC is an untrusted environment. All those improvements mean jack squat if your employee is still running Windows XP (no service packs), hasn't run windows update ever, and is still running IE6 and Office XP.
Any Windows PC should be considered untrusted regardless of location. Virtually every malware cleaning or PC reload because of malware has been on a company PC with some brand of corporate A/V. And corporations are the ones still clinging to XP so that's largely irrelevant.

Quote:
Originally Posted by Dstoop
As for cloud computing and hosted exchange, we're talking apples and oranges. These services are acceptable and reasonably secure *because* they do have the infrastructure backing them like properly configured edge servers and high-end security devices, virus scanners, IDS, etc
Not really. Every vendor is pushing "Private clouds" too which usually includes Outlook Anywhere and publicly available VDI or RDS. And if you don't have properly configured security and networking equipment you're fucked anyway. Internal security is just as important if not more-so than external because people are constantly bringing in personal devices and connecting them to the network even if it's just via wireless. Much to the dismay of security people, BYOD is gaining traction and is going to be a huge benefit and problem going forward.

Quote:
Originally Posted by Dstoop
Most small businesses, in this case a school, doesn't have all that fancy security mumbo-jumbo to work under the assumption that the connecting client is as compromised as it possibly can be. If they did, we wouldn't be having this conversation because they'd have just given him a VPN login and called it a day.
And yet Windows SBS Server and Server Essentials come with all of those capabilities because it's what people want and what has been the norm for a while now. If a school isn't budgeting enough to their IT department for security, that's a completely separate problem and can't be fixed by technology.

Quote:
Originally Posted by Dstoop
The OP circumventing the school's security procedures and policies is putting a security hole in the school's network that shouldn't be there. I agree that the odds of anything truly negative or damaging coming from it are pretty slim, but that still doesn't make it a good idea to do anyway.
Security is all about trade-offs and most business people will consider a risk that's "pretty slim" that would provide significant productivity benefits a no-brainer.

But we agree that the OP shouldn't be attempting to workaround his employers security regardless of how stupid the reasoning or poor the implementation.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Old 01-09-2013, 04:55 PM   #32
blurredvision
Lifer
 
blurredvision's Avatar
 
Join Date: Oct 2000
Posts: 17,745
Default

Geez, what a cluster of a thread. OP, here's what you do. While at work, go into your email profile settings and find what the Exchange server is set to. Then, go home, go into the Control Panel and then select the "Mail" icon. Go into Profiles and create a new profile. Then, set up a new email account under that profile.

Select the option to configure your settings manually. Choose an Exchange account. Then, enter the Exchange server as it was on your computer, enter your first and last name, then click on More Settings. Go to the Connection tab, enable the Outlook Anywhere/proxy setting towards the bottom and go into the settings. For the web address, enter your OWA address, typically something like "mail.company.com" or "owa.company.com". Then, check "on fast" and "on slow", then select Basic Authentication at the bottom.

Click OK, Click OK, then click "Check Name" where you entered the server and your name. If you did it correctly, it should hopefully prompt you for a username and password. Enter it just as you would on the OWA website.

There are many things that would cause this not to work, but this is the most basic way to get your email at home in Outlook.
blurredvision is offline   Reply With Quote
Old 01-14-2013, 11:33 AM   #33
bgstcola
Member
 
Join Date: Aug 2010
Posts: 99
Default

Thanks I ended up forwarding my work mail to a Google Apps account and then I use eM Client to connect to the Google accounts. I don't get the address book and the calendar but besides this it works pretty good.

Maybe I will try the last suggestions but I really like the way eM Client integrates with Google Apps and if I did go back to Outlook I would lose that. I just there was some way to get the calendar to work in eM Client. You can't have everything I guess.

Anyways thanks again for all the suggestions.
bgstcola is offline   Reply With Quote
Old 01-14-2013, 12:27 PM   #34
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

Quote:
Originally Posted by bgstcola View Post
Thanks I ended up forwarding my work mail to a Google Apps account and then I use eM Client to connect to the Google accounts. I don't get the address book and the calendar but besides this it works pretty good.

Maybe I will try the last suggestions but I really like the way eM Client integrates with Google Apps and if I did go back to Outlook I would lose that. I just there was some way to get the calendar to work in eM Client. You can't have everything I guess.

Anyways thanks again for all the suggestions.
So now all of your internal, work email is being stored, scanned, etc by Google? That's probably the worst possible solution.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Old 01-15-2013, 12:38 PM   #35
Dstoop
Member
 
Join Date: Sep 2012
Posts: 151
Default

Quote:
Originally Posted by Nothinman View Post
So now all of your internal, work email is being stored, scanned, etc by Google? That's probably the worst possible solution.
And they wonder why deskside support is the most stressful job in all of IT

This is the kind of thing those IT techs are obligated to report when they see it while fixing something else on someones workstation, and the kind of thing people get fired for.
Dstoop is offline   Reply With Quote
Old 01-17-2013, 08:51 AM   #36
bgstcola
Member
 
Join Date: Aug 2010
Posts: 99
Default

Well they already know that I'm forwarding my mail because they helped me doing it.

I really think this is a cultural difference. In Denmark it is highly unlikely that you would get fired for stuff like this.
bgstcola is offline   Reply With Quote
Old 01-17-2013, 09:31 AM   #37
Dstoop
Member
 
Join Date: Sep 2012
Posts: 151
Default

Quote:
Originally Posted by bgstcola View Post
Well they already know that I'm forwarding my mail because they helped me doing it.

I really think this is a cultural difference. In Denmark it is highly unlikely that you would get fired for stuff like this.
Your specific company may care less than most, but i'm pretty confident that computer security best practices and the potential for confidential company data to be externally leaked are worldwide concerns in the business world.
Dstoop is offline   Reply With Quote
Old 01-17-2013, 09:40 AM   #38
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

Quote:
Originally Posted by bgstcola View Post
Well they already know that I'm forwarding my mail because they helped me doing it.

I really think this is a cultural difference. In Denmark it is highly unlikely that you would get fired for stuff like this.
Well that confirms it, they're incompetent.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 08:47 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.