Solved

Securing Exchange Web interface  https://Ipaddress/exchange

Posted on 2003-12-09
6
806 Views
Last Modified: 2006-11-17
We are currently utilizing firewall/Router option to open specific ports on our company’s public IP address for accessing Exchange web interface.

So all of the followings are working well:

https://ntserver/exchange (server name)

http://192.168.21.10/exchange  (private)

or

http://67.61.18.12/exchange/   (public)

I am just thinking about the security issues concerning having exchange server web interface on public address. I mean vbscript permission (script sources access/script and executables/ directory access) or any other security best practice in my scenario.

Currently I have everything setup as windows integrated authentication. I am looking for a good advise.

Thanks

Faruqi
0
Comment
Question by:sfaruqi
  • 3
  • 2
6 Comments
 
LVL 24

Accepted Solution

by:
David Wilhoit earned 500 total points
ID: 9905605
you don't have the exchange interface on a public IP, you simply opened port 443 back to your exchange server. totally different. Set the authentication up as basic, then force the SSL for the Outlook Web Access connection.

http://support.microsoft.com/default.aspx?scid=kb;en-us;279681

D
0
 
LVL 8

Expert Comment

by:JasonBigham
ID: 9905626
Setup a certificate and require VPN connections. This can be done for free.
0
 

Author Comment

by:sfaruqi
ID: 9905693
Thanks Kidego
0
Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9905711
you got it, check the other question as well, I think you can go a different way with it. :)


D
0
 

Author Comment

by:sfaruqi
ID: 9906891
>>you don't have the exchange interface on a public IP, you simply opened port 443 back to your exchange server. totally different.

If you can explain this to me. Port 443? is it for SSL  https://. Because I have open port 80 in Routing tabel (Public IP Address  translate to my NTserver Address 192.168.39.10)

Thanks
0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9907008
yes, you're on track, 443 is SSL. Open 443 if you haven't already, cause that's it's natural port. SSL from the outside won't work unless you specify the connection trhu your firewall.

d
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now