Secure Client Recommendations for MS Exchange
Posted on 2006-04-03
I need some recommendations on how to implement remote Exchange clients. I have a client who has about 22 workstation with some remote offices. The main office has about about 18 workstations, then there are 3 remote offices with one or two PCs. The remote offices are connected over a site-site VPN using Netscreen 5GT's. I have also setup some remote VPNs for client access from home or away. We had the web site and POP3 email hosted with a third-party provider. Users can access email from work, home, etc. The owner wants some of the features available with Exchange. We installed a new server (SBS 2003), changed the MX record to point to our server and implemented Exchange. This works great in the office, (although I wonder if I should stay with PST delivery or switch everyone to the Mailbox) and I have some other questions. This is a medical equipment company, so I need to maintain a high level of security. I try to keep the firewall pretty tight. The only port that's currently open is 25 for SMTP email.
First, for the remote offices, since these are connected over VPNs, I haven't really worried about the security, but I don't want to saturate the bandwidth. (We have a fractional T1 (768k) at the main office with DSL at each remove office.) Should I use the regular Outlook client configured for MS Exchange in the offices or stay with POP3, or use IMAP??? We would like to share tasks and calendars.
Second - and more troublesome for me - is what is the best model for the remote clients, especially those without a VPN connection. I could configure all remote clients with a VPN, but the Netscreen 5GT only has 10 tunnels max (too few for their price IMHO) and I have to maintain the site-site connections for Point-of-Sale transactions. I could use Outlook Web Access, but I don't want to open port 80. (Is opening port 80 more vulnerable than opening port 25????) Would POP3 or IMAP over SSL be a good solution? Several remote users have a PC at work, plus check their email from home.
Any help or explanations would be helpful.