How do you protect your exchange environment while using active sync?

Can you elaborate on "Protect"

Personally, I recommend a solution that relies on Exchange ActiveSync (as opposed to plain ActiveSync that is a desktop tool).  Then, you provide credentials over the wire through an SSL encrypted connection.

The protection is then down to allowed users having sufficiently good passwords, just as with Outlook Web Access.

After this, the next problem is managing the information stored on the devices.  That's a much harder problem to solve.  When I was investigating the market about a year ago, I found that there were no good solutions for a small market.  The one we did look at was Utimaco, but it failed when it actually came to encrypt a director's PDA.  So, unless you are a big player, that is a hard problem to solve.

The basic client is far more secure than any other solution since it doesn't allow for pollution of Exchange from the desktop.

We are a large enterprise organization - and sorry i was not clear, we will be using exchange active sync. how do you protect the front end exchange server, i can not allow port 443 to be open to the internet.

See this link: http://www.microsoft.com/technet/solutionaccelerators/mobile/deploy/msfp_8.mspx.

It describes using an LT2P VPN to connect to Exchange ActiveSync.

Agreed - 443 is a requirement regardless of whether you use the Activesync or RPC approach specifically. We looked at the Good Technology service but went Blackberry in the end as it provided better funtionality and encryption services. Just for my own interest, would you comment on why you would not open port 443?

>>Just for my own interest, would you comment on why you would not open port 443?

*prediction*

Any open port is a security violation as hackers can get in and take everything!

</sarcasm> :)

LOL - lets hope its a rational reason rather than that old chestnut.

Re: 443 - My organization gets audited heavily - thats as much as i am willing to say on that.

Forced accept.

Computer101
EE Admin