Solved

Securing Exchange Web interface  https://Ipaddress/exchange

Posted on 2003-12-09
6
816 Views
Last Modified: 2006-11-17
We are currently utilizing firewall/Router option to open specific ports on our company’s public IP address for accessing Exchange web interface.

So all of the followings are working well:

https://ntserver/exchange (server name)

http://192.168.21.10/exchange  (private)

or

http://67.61.18.12/exchange/   (public)

I am just thinking about the security issues concerning having exchange server web interface on public address. I mean vbscript permission (script sources access/script and executables/ directory access) or any other security best practice in my scenario.

Currently I have everything setup as windows integrated authentication. I am looking for a good advise.

Thanks

Faruqi
0
Comment
Question by:sfaruqi
  • 3
  • 2
6 Comments
 
LVL 24

Accepted Solution

by:
David Wilhoit earned 500 total points
ID: 9905605
you don't have the exchange interface on a public IP, you simply opened port 443 back to your exchange server. totally different. Set the authentication up as basic, then force the SSL for the Outlook Web Access connection.

http://support.microsoft.com/default.aspx?scid=kb;en-us;279681

D
0
 
LVL 8

Expert Comment

by:JasonBigham
ID: 9905626
Setup a certificate and require VPN connections. This can be done for free.
0
 

Author Comment

by:sfaruqi
ID: 9905693
Thanks Kidego
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9905711
you got it, check the other question as well, I think you can go a different way with it. :)


D
0
 

Author Comment

by:sfaruqi
ID: 9906891
>>you don't have the exchange interface on a public IP, you simply opened port 443 back to your exchange server. totally different.

If you can explain this to me. Port 443? is it for SSL  https://. Because I have open port 80 in Routing tabel (Public IP Address  translate to my NTserver Address 192.168.39.10)

Thanks
0
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9907008
yes, you're on track, 443 is SSL. Open 443 if you haven't already, cause that's it's natural port. SSL from the outside won't work unless you specify the connection trhu your firewall.

d
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Read this checklist to learn more about the 15 things you should never include in an email signature.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now