intranet & wan (Web) access to MSCRM: Any security issues to consider?

Hello all,

are there any properties of mscrm -when deployed for access through a 
company intranet or WAN- that you would consider a big security issue? The 
aim is web access in a multi site company environment in first place, 
dial-in SFO access would come second.

Any big problem causing or unresolvable 
server/browser/firewall/scripting/activex/vpn  etc.. drawbacks?

Answers could be "mscrm is definitively NOT usable IF [..]" or "does only 
work IF [..]" ;-)

Sorry for beeing unspecific at this point and thanks anyway for your 
appreciated comments!

Achim 


0
Achim
1/31/2005 3:46:53 PM
crm 35858 articles. 1 followers. Follow

6 Replies
630 Views

Similar Articles

[PageSpeed] 31

No major security issues, mainly because by default you have integrated 
windows authentication.

In terms of SFO through dialup, don't try and synchronize the data. It takes 
forever on a LAN connection, I'd be afraid to see how it is on dialup. 
However, for web access, it should be OK, if a little slow. Again, it's just 
SFO's "going offline" that would kill you.

As for the firewall, all you need is port 80 and 443 open to the CRM web 
server.

did I miss anything? <big grin>


"Achim Gounar" wrote:

> Hello all,
> 
> are there any properties of mscrm -when deployed for access through a 
> company intranet or WAN- that you would consider a big security issue? The 
> aim is web access in a multi site company environment in first place, 
> dial-in SFO access would come second.
> 
> Any big problem causing or unresolvable 
> server/browser/firewall/scripting/activex/vpn  etc.. drawbacks?
> 
> Answers could be "mscrm is definitively NOT usable IF [..]" or "does only 
> work IF [..]" ;-)
> 
> Sorry for beeing unspecific at this point and thanks anyway for your 
> appreciated comments!
> 
> Achim 
> 
> 
> 
0
Utf
1/31/2005 6:17:12 PM
No major security issues, mainly because the CRM web site uses Windows 
authentication. No other access is allowed, and no other browsers are allowed 
besides IE.

As for dialup, the biggest slowdown would be if you decided to 'go offline' 
with your DB. At my office, it takes forever on a 100Mbit LAN, I'd be afraid 
on what it would do on a dialup. <big grin>

Firewall access, all you need is port 80 and 443 to the CRM web server.

How's that? <big grin>

Dave

"Achim Gounar" wrote:

> Hello all,
> 
> are there any properties of mscrm -when deployed for access through a 
> company intranet or WAN- that you would consider a big security issue? The 
> aim is web access in a multi site company environment in first place, 
> dial-in SFO access would come second.
> 
> Any big problem causing or unresolvable 
> server/browser/firewall/scripting/activex/vpn  etc.. drawbacks?
> 
> Answers could be "mscrm is definitively NOT usable IF [..]" or "does only 
> work IF [..]" ;-)
> 
> Sorry for beeing unspecific at this point and thanks anyway for your 
> appreciated comments!
> 
> Achim 
> 
> 
> 
0
Utf
1/31/2005 6:17:57 PM
Dave,

thanks a lot! One of the typical questions has been "does it make use of 
active-x?" (meaning "we don't want this"). If I am right, this merely 
affects non-core functionalities for example the data import addon..right?

Achim

"Dave McGuire" <onayamspaydavid_mcguire@hotmail.com> schrieb im Newsbeitrag 
news:DBEC7761-19E6-4DE7-8EC2-410272F97962@microsoft.com...
> No major security issues, mainly because the CRM web site uses Windows
> authentication. No other access is allowed, and no other browsers are 
> allowed
> besides IE.
>
> As for dialup, the biggest slowdown would be if you decided to 'go 
> offline'
> with your DB. At my office, it takes forever on a 100Mbit LAN, I'd be 
> afraid
> on what it would do on a dialup. <big grin>
>
> Firewall access, all you need is port 80 and 443 to the CRM web server.
>
> How's that? <big grin>
>
> Dave
>
> "Achim Gounar" wrote:
>
>> Hello all,
>>
>> are there any properties of mscrm -when deployed for access through a
>> company intranet or WAN- that you would consider a big security issue? 
>> The
>> aim is web access in a multi site company environment in first place,
>> dial-in SFO access would come second.
>>
>> Any big problem causing or unresolvable
>> server/browser/firewall/scripting/activex/vpn  etc.. drawbacks?
>>
>> Answers could be "mscrm is definitively NOT usable IF [..]" or "does only
>> work IF [..]" ;-)
>>
>> Sorry for beeing unspecific at this point and thanks anyway for your
>> appreciated comments!
>>
>> Achim
>>
>>
>> 


0
Achim
2/1/2005 7:45:56 AM
No, IIRC, ActiveX is a pretty important part of this. If they're looking to 
avoid the use of activeX because of security, then show them that you 
manually put their CRM site into 'trusted sites'.

"Achim Gounar" wrote:

> Dave,
> 
> thanks a lot! One of the typical questions has been "does it make use of 
> active-x?" (meaning "we don't want this"). If I am right, this merely 
> affects non-core functionalities for example the data import addon..right?
> 
> Achim
> 
> "Dave McGuire" <onayamspaydavid_mcguire@hotmail.com> schrieb im Newsbeitrag 
> news:DBEC7761-19E6-4DE7-8EC2-410272F97962@microsoft.com...
> > No major security issues, mainly because the CRM web site uses Windows
> > authentication. No other access is allowed, and no other browsers are 
> > allowed
> > besides IE.
> >
> > As for dialup, the biggest slowdown would be if you decided to 'go 
> > offline'
> > with your DB. At my office, it takes forever on a 100Mbit LAN, I'd be 
> > afraid
> > on what it would do on a dialup. <big grin>
> >
> > Firewall access, all you need is port 80 and 443 to the CRM web server.
> >
> > How's that? <big grin>
> >
> > Dave
> >
> > "Achim Gounar" wrote:
> >
> >> Hello all,
> >>
> >> are there any properties of mscrm -when deployed for access through a
> >> company intranet or WAN- that you would consider a big security issue? 
> >> The
> >> aim is web access in a multi site company environment in first place,
> >> dial-in SFO access would come second.
> >>
> >> Any big problem causing or unresolvable
> >> server/browser/firewall/scripting/activex/vpn  etc.. drawbacks?
> >>
> >> Answers could be "mscrm is definitively NOT usable IF [..]" or "does only
> >> work IF [..]" ;-)
> >>
> >> Sorry for beeing unspecific at this point and thanks anyway for your
> >> appreciated comments!
> >>
> >> Achim
> >>
> >>
> >> 
> 
> 
> 
0
Utf
2/1/2005 11:11:03 AM
Hi,

seems like the crm server hosts one active-x control (cab file) that is the 
one for the mass import function. When starting crm , the user is asked 
whether he wants to download the component. Saying "no" does not prevent 
from working with the app. So seems like "activeX elements download" can 
safely be turned off. Of course, scripting and running components must be 
enabled.

I tested only on stations where crm never run before. However, the software 
updates on that clients were on the latest level..

So don't know if this is a generalized matter of fact?

Achim
"Dave McGuire" <onayamspaydavid_mcguire@hotmail.com> schrieb im Newsbeitrag 
news:D708E1F0-85CB-4C5A-B1B0-1BECA6729238@microsoft.com...
> No, IIRC, ActiveX is a pretty important part of this. If they're looking 
> to
> avoid the use of activeX because of security, then show them that you
> manually put their CRM site into 'trusted sites'.
>
> "Achim Gounar" wrote:
>
>> Dave,
>>
>> thanks a lot! One of the typical questions has been "does it make use of
>> active-x?" (meaning "we don't want this"). If I am right, this merely
>> affects non-core functionalities for example the data import 
>> addon..right?
>>
>> Achim
>>
>> "Dave McGuire" <onayamspaydavid_mcguire@hotmail.com> schrieb im 
>> Newsbeitrag
>> news:DBEC7761-19E6-4DE7-8EC2-410272F97962@microsoft.com...
>> > No major security issues, mainly because the CRM web site uses Windows
>> > authentication. No other access is allowed, and no other browsers are
>> > allowed
>> > besides IE.
>> >
>> > As for dialup, the biggest slowdown would be if you decided to 'go
>> > offline'
>> > with your DB. At my office, it takes forever on a 100Mbit LAN, I'd be
>> > afraid
>> > on what it would do on a dialup. <big grin>
>> >
>> > Firewall access, all you need is port 80 and 443 to the CRM web server.
>> >
>> > How's that? <big grin>
>> >
>> > Dave
>> >
>> > "Achim Gounar" wrote:
>> >
>> >> Hello all,
>> >>
>> >> are there any properties of mscrm -when deployed for access through a
>> >> company intranet or WAN- that you would consider a big security issue?
>> >> The
>> >> aim is web access in a multi site company environment in first place,
>> >> dial-in SFO access would come second.
>> >>
>> >> Any big problem causing or unresolvable
>> >> server/browser/firewall/scripting/activex/vpn  etc.. drawbacks?
>> >>
>> >> Answers could be "mscrm is definitively NOT usable IF [..]" or "does 
>> >> only
>> >> work IF [..]" ;-)
>> >>
>> >> Sorry for beeing unspecific at this point and thanks anyway for your
>> >> appreciated comments!
>> >>
>> >> Achim
>> >>
>> >>
>> >>
>>
>>
>> 


0
Achim
2/3/2005 2:22:36 PM
I can't answer the ActiveX question. I will admit I intentionally dropped 
"Trusted Sites" security to Low.

Dave

"Achim Gounar" wrote:

> Hi,
> 
> seems like the crm server hosts one active-x control (cab file) that is the 
> one for the mass import function. When starting crm , the user is asked 
> whether he wants to download the component. Saying "no" does not prevent 
> from working with the app. So seems like "activeX elements download" can 
> safely be turned off. Of course, scripting and running components must be 
> enabled.
> 
> I tested only on stations where crm never run before. However, the software 
> updates on that clients were on the latest level..
> 
> So don't know if this is a generalized matter of fact?
> 
> Achim
> "Dave McGuire" <onayamspaydavid_mcguire@hotmail.com> schrieb im Newsbeitrag 
> news:D708E1F0-85CB-4C5A-B1B0-1BECA6729238@microsoft.com...
> > No, IIRC, ActiveX is a pretty important part of this. If they're looking 
> > to
> > avoid the use of activeX because of security, then show them that you
> > manually put their CRM site into 'trusted sites'.
> >
> > "Achim Gounar" wrote:
> >
> >> Dave,
> >>
> >> thanks a lot! One of the typical questions has been "does it make use of
> >> active-x?" (meaning "we don't want this"). If I am right, this merely
> >> affects non-core functionalities for example the data import 
> >> addon..right?
> >>
> >> Achim
> >>
> >> "Dave McGuire" <onayamspaydavid_mcguire@hotmail.com> schrieb im 
> >> Newsbeitrag
> >> news:DBEC7761-19E6-4DE7-8EC2-410272F97962@microsoft.com...
> >> > No major security issues, mainly because the CRM web site uses Windows
> >> > authentication. No other access is allowed, and no other browsers are
> >> > allowed
> >> > besides IE.
> >> >
> >> > As for dialup, the biggest slowdown would be if you decided to 'go
> >> > offline'
> >> > with your DB. At my office, it takes forever on a 100Mbit LAN, I'd be
> >> > afraid
> >> > on what it would do on a dialup. <big grin>
> >> >
> >> > Firewall access, all you need is port 80 and 443 to the CRM web server.
> >> >
> >> > How's that? <big grin>
> >> >
> >> > Dave
> >> >
> >> > "Achim Gounar" wrote:
> >> >
> >> >> Hello all,
> >> >>
> >> >> are there any properties of mscrm -when deployed for access through a
> >> >> company intranet or WAN- that you would consider a big security issue?
> >> >> The
> >> >> aim is web access in a multi site company environment in first place,
> >> >> dial-in SFO access would come second.
> >> >>
> >> >> Any big problem causing or unresolvable
> >> >> server/browser/firewall/scripting/activex/vpn  etc.. drawbacks?
> >> >>
> >> >> Answers could be "mscrm is definitively NOT usable IF [..]" or "does 
> >> >> only
> >> >> work IF [..]" ;-)
> >> >>
> >> >> Sorry for beeing unspecific at this point and thanks anyway for your
> >> >> appreciated comments!
> >> >>
> >> >> Achim
> >> >>
> >> >>
> >> >>
> >>
> >>
> >> 
> 
> 
> 
0
Utf
2/3/2005 5:53:03 PM
Reply:

Similar Artilces:

VLOOKUP issue #2
If I use a vlookup function, can I have three result cells? In othe words, if the value in a1 is found in the lookup table and there ar three columns (offsets) that could be used as correct answers, can display all three -- Message posted from http://www.ExcelForum.com Yes, you can use =VLOOKUP(A1,Lookup_Table,{2,3,4},0) assuming you don't want the value from the leftmost column, you need to select 3 columns across (like if you would select E2:G2 with E2 as the active cell), then enter the formula in the formula bar and instead pressing enter press ctrl + shift & enter or you co...

ACCESS on a new iBook?
Hi, Has anyone any experience on running Access under Virtual PC or similar? I have a new model iBook 1.42 Ghz, 512MB RAM (soon to be upped to 1 GB) and 10.4.6. I'm wanting it to brush up my knowledge for use at work so won't be using huge data sets, just playing with new builds & small amounts of test data. I don't really want to buy an old PC just for this so just wanted to check it wouldn't be unusably slow under virtualisation software. Any advice greatly appreciated. Cheers Jason ____ Hi Jason, Microsoft Access works fine in Virtual PC. Yes, it's slightly...

accessing ActiveX control enums in MFC
I have an ActiveX contol whose tlb (using OLE/COM viewer) shows // There are a couple of more of these, but this is typical example typedef enum { RF_MCS86 = 1, RF_BINARY = 2, RF_ASCII_BINARY = 3 } EROMFormat; This enum is accessed from another function from within the control as STDMETHOD Func(SAFEARRAY **Ptr, EROMFormat Fmt, Long * Retval) I have dropped the control onto my form and MFC has generated the wrappers for the methods except for the ones having SAFEARRAY arguments Now, not only does MFC not generate the function because of the familiar // method &...

Memory Issue ---------
Any body noticed Extremely high percentage of physical memory in use on Exchange 2007 MBX and CAS and HTservers in the past few weeks??? No updates or changes were made to Windows or Exchange Server. Advise Please. Thanks, On Wed, 30 Dec 2009 07:20:01 -0800, WildPacket <WildPacket@discussions.microsoft.com> wrote: > >Any body noticed Extremely high percentage of physical memory in use on >Exchange 2007 MBX and CAS and HTservers in the past few weeks??? Well, yeah . . . but that's the way it's supposed to be, isn't it? >No updates or c...

Security Levels #3
Can We Modify default "Security Levels", Or How can We Define New Security Levels? Thanks In Advance I'm not certain of your exact question. RMS has 31 predefined security levels (0 - 30), which can be customized to your liking. There is no way to add a new one, but I have not seen where 31 is ever too few. To change which security level a Cashier has by default, just go into the Cashier's properties. -- Thank you, Ryan Sakry Program Manager Retail Information Technology Enterprises 320-230-2288 rsakry@rite.us http://www.rite.us "M Zaman" <MZaman@dis...

PST file will not allow me access
I have a pst file from Office 2000 that I copied to cd. AS I tried to add it to my new computer and office 2003 I get the message that I do not have rights to access this file. How can I reset the permissions? There is not any password on it that I set by choice. Thanks Sal ...

VPN and Public folders access
Hi all I have 3 exchange servers that are all in the same admin and routing group, two out of hte three servers are exchagne 2003 and hte third is a 5.5 server. All serves are in different parts of the country and they are all connected by high speed links. The problem that i have been noticing lately is when a user VPN's into the network (outlook 2003) the users outlook is trying to connect the public folders to an exchagne server that is not local to there network, when this happens a dialog box pops up asking the user for there username password, this mail server is in another ...

How do I repeat my header on each page of an access form
!@#$%^&*?! I am frustrated. I want to repeat a header on each form. Help states that there is a repeat property that needs to be set to yes. I can't find it anywhere! I've double clicked, right clicked on every section and box and cannot find this property setting. Help!!! Evon wrote: > !@#$%^&*?! I am frustrated. I want to repeat a header on each form. Help > states that there is a repeat property that needs to be set to yes. I > can't > find it anywhere! I've double clicked, right clicked on every section and > box and cannot fin...

Exchange 2003 and Outlook 2003 sync issues
Hi I have a setup of Windows SB2003 using exchange 2003 and Outlook 2003 for client access to emails. This week a very strange thing started to happen were email for one account was not being recieved in the outlook inbox it was all going to the server failure folder within the sync issues folder. How do I stop this and can I recover the mail that is sat there as when I try to open it it just gives me an error and wont allow me to open it. I have turned off Caching mode within outlook for the connection to Exchange and this seem to allow any new mail to appear in the inbox. Thanks i...

Exchange 2003 OWA Forms Security
Hi All, I am testing an interesting scenario - If a user is logged into OWA and then the account is disabled, the user can still actively send emails. I am thinking this may hold true for mobile access as well. We are running Exch 2003 SP2 ENT on Win 2003 SP2 ENT with a FE/BE configuration with Forms based authentication enabled for OWA. My timeouts are 15 mins for 'Public' and 8 hrs for 'Private'. Has anyone else seen this? Is there a way for us to force a re-authentication or something else without reducing the timeouts? Is this a known issue? Tha...

sign code Java Applet Security Internet Explorer Article ID 193877
We are trying to sign the java class for an applet so it will be able to write to a file on the hard drive from Internet Explorer. We are following the instructions in "How to make your Java code trusted in Internet Explorer" Article ID 193877 on msdn.microsoft.com. Specifically, we prepared the following batch file: javac S5.java cabarc -s 6144 N mycab1.cab S5.class setreg 1 true makecert -sk MyKeyName -n "CN=My Publisher Name" MyTestCert.cer cert2spc MyTestCert.cer MyTestCert.spc signcode -j javasign.dll -jp LOW -spc MyTestCert.spc -k MyKeyName mycab1.cab start S5.htm...

Reconcile to GL access
Can anyone tell me how to grant a user access to the reconcile to gl routine? I've marked "reconcile purchasing", but this isn't it. I can't find a "reconcile to gl"option to mark under financial or purchasing. Thank You. Tracey Hi Tracey, The "Reconcile to GL" window is under the access list of: Product: Microsoft Dynamics GP Type: Windows Series: Financial In GP 10, you need to accomplish this by providing access to the Security Tasks Setup window while in GP 9 and below this under User Security. Hope this helps! Chee...

Removing Anonymous Access on Backend Exchange Servers
Hi, We are running Backend & Front End Exchange Servers, Front End the anonymous access has been disabled. I am in the process of removing anonymous access in Backend also, but the problem is there are many applications which are using backend servers to send mails, most of it can be configured to authenticate before sending mails, but there are a quite a few legacy applications which cannot authenticate before sending mails (The code is not opensource & cannot be modified). I tried to allow relaying based on IP's, but still those legacy machines are not able to send mail...

SBS 2008 change company name on internal web sites
When setting up SBS I spelled my company name wrong. So now when I log in to remote.mycompany.com the name next to the little computer icon and the name in the browser header are wrong. I understand that this is trivial. I want to fix it anyway. I can't find where to do this. Can anyone help? Check to see if this registry location reflects the misspelling. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization If it does, correct it there. "Dave the Clueless" <dave@atrbiotech.com> wrote in message news:6eae0898-e7fc-474...

Access 03-17-08
From a menu designed using access a query was run and the response we received says the records are deleted. The query's function is to search a table which has 6,000 records. The table with the records can be seen. However We cannot cannot do sorts or run queries on it. How do we free up the data access says is deleted.? It also says unrecognized data format when we try to look at the individual from related the the query on the menu. At times like this, nothing beats a good backup. In fact make a complete backup of your database now and put it away for safe keeping. AFTER makin...

Patches from MSKB841765 can fix O2K3 and MSE5.5 Issue
Hi! I have installed MS KB841765 (November 2004 Update Rollup for Exchange 5.5) on my Exchange 5.5 running on Windows 2000 SP4 Server. Will it help me to resolve the issue of crashing of Exchange 5.5 when MS Outlook 2003 was used to view mailbox? MP Its been a LONG time. I think the answer is yes. "M P" <mark@textguru.ph> wrote in message news:%23CCp3dSUGHA.4520@TK2MSFTNGP10.phx.gbl... > Hi! > > I have installed MS KB841765 (November 2004 Update Rollup for Exchange > 5.5) on my Exchange 5.5 running on Windows 2000 SP4 Server. Will it help > me to r...

Merging queries by column in access
Hi, I have a series of queries which get data aggregated by year, e.g. select year(date), min(var1), avg(var1), max(var1) from table where (ridiculously complicated set of conditions) group by year(date) select year(date), min(var2), avg(var2), max(var2) from table where (entirely different ridiculously complicated set of conditions) group by year(date) etc etc There are six queries like this so what I want is to amalgamate these columns together into one results table (and also into one query so users can just run one stored query rather than six!) as follows: year, m...

threads accessing private methods
Hi! Here is a simple example on a timer accessing the private method timer_Elapsed. This works fine. In this example one might consider that the timer_Elapsed must be public because the one that is calling is not within the class. So I just wonder is it always in such a way that when the framework or the OS is calling upon a method it can be declared as private and it will work ? class Test { static void Main() { Timer timer = new Timer(); timer.Elapsed += new ElapsedEventHandler(timer_Elapsed); timer.Interval = 1000; timer.Enabl...

Access autonumber field changes to date format when Excel imports
When importing Access data into Excel, the autonumber field in Access is chenged to date format instead of a general number format. I could run a macro to change the number format but this only happens on some Vista machines, not all. Any suggestions as to why this is happening? ...

Publishing sites to the web
My Publisher doesn't have "publish to web" as an option under the File menu as it should. How do I fix this?? "Dianimal" wrote: > My Publisher doesn't have "publish to web" as an option under the File menu > as it should. How do I fix this?? Have you fully expanded the 'file ' drop down menu. Assuming that there is also 'Convert to Web Page' it should be there. It appears that you are on the beginning of the learning curve. MS Publisher is a desktop publishing program. MS FrontPage is a web authoring tool. Use the right t...

Access denied to event invitation
People I invite to a calendar event get an access denied error when the try to accept -- jquinter ----------------------------------------------------------------------- jquintero's Profile: http://www.msusenet.com/member.php?userid=214 View this thread: http://www.msusenet.com/t-187052813 ...

Urgent help: log issue
Hi all, windows 2003/exchange 2003 Sp2 Due to log space that is almost full, I use the eseutil /mk to check the checkpoint and moved some log files that are safe to move. Now, the log files are not trucated when we do a full backup. How should I fix this problem? Thank you. On Sat, 1 May 2010 06:41:01 -0700, ed <ed@discussions.microsoft.com> wrote: >Hi all, > >windows 2003/exchange 2003 Sp2 > >Due to log space that is almost full, I use the eseutil /mk to check the >checkpoint and moved some log files that are safe to move. Now, the log ...

Odd issues since new Domain...
HISTORY: Internal network: Win NT 4.0 server / Client Domain, 3 servers, 45 clients. Netopia 4652-T router at gateway. Internal Exchange Server 5.5. Internal WINS, NO Internal DNS presence installed. Single Public IP set at router with NAT running, basic firewall and server list allowing standard Exchange traffic and exposing Exchange info to Internet. Internal NT Domain Name: KICHICAGO External details: Our old Internet Domain name is "Knightinfrastructure.com", hosted by Macleod USA - Still active as Exchange e-mail domain. Our new Internet Domain is "Knightea.com&...

I cannot access newly created users
Hi folks... I have using exchange server. i can add users in Active directory successfully. But I cannot logon through IE or Outllok.. That is from today onwards i can create users but When I configuring in Outlook or when i tried to login through IE I get the following error message. "Sorry. User id and password could not be verified. Please re-enter your user id and password. more details... javax.mail.AuthenticationFailedException: Logon failure: unknown user name or bad password." This means the My Exchange did not recognize the newly created user name. But while I ...

Security Settings
I am having some issues w/ Security settings in Dynamics. I have some users that we are only giving the ability to enter POs and print them. We have gone through all of the sub-windows, and have verified through users creating POs that they have access to everything in the PO entry. However, when these users are logging in there is a message that says that user does not have access to this window. The error message does not list any windows and the PO entry window is the only set on the startup. The issue that accompanies this is that the system date is not automatically filled in...