Solved

What is the correct way to use outlook web access over the internet (with regards to security)?

Posted on 2008-10-08
11
193 Views
Last Modified: 2010-04-21
We have implimented OWA on several servers and are planning to do so on several more. At the moment our typical setup is having the exchange server configured for OWA over the internet and the way our users access it is through a secure part of our public website (using htaccess password restrictions).

My question is, if we had outlook web access configured on our server, and this was made available over the internet via port 80, how secure would this be?

And if it is not secure, what is the proper way to set this up?
0
Comment
Question by:davids355
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22669041
Hi davids355,

I would suggest OWA over SSL. This link explains it quite nicely:

http://www.msexchange.org/tutorials/MF004.html

Hope this helps.

Cheers.
0
 
LVL 23

Expert Comment

by:Justin Durrant
ID: 22669087
Yep... use SSL. :)
0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22669164
If you use OWA I would strongly recommend you use SSL. It is very easy to setup and you can even use a self-assigned certificate (or you can go buy a cheap one approx £20). Here is a step to step guide on setting up.

http://www.petri.co.il/configure_ssl_on_owa.htm

SSL is much more secure. It uses port 443. You access it by https instead of normal http.
0
 
LVL 23

Expert Comment

by:Justin Durrant
ID: 22669179
You can also setup a http > https redirect if needed
0
 

Author Comment

by:davids355
ID: 22676981
OK So that would mean that any passwords sent would be incrypted right? Some places I have been lead to beleive that a certificate must be sent to each users computer for them to have access, is this the case or is ssl purely to keep all transmited data encrypted?

Secondly, aside from people reading the unencrypted data, is it secure having the exchange server available on port 80 (IE Could someone use an exploit to get in)?

0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22677011
Yes all passwords are encrypted. Your assuming is correct a certificate warning message (or page) will be sent to user but they can simply select to accept it (i.e. continue).

Why would you open port80? Port 80 is for http traffic; once you use SSL it will be classified as https traffic and will use Port 443 instead. You usually open Port 80 if you are hosting your own website, which is to be accessed by public. You surely do NOT want to do that with your email.
0
 

Author Comment

by:davids355
ID: 22677539
Sorry thats what I meant. At the moment port 80 is open because exchange server is accesed via http. But if I set up the cert just open port 443 right?

I will try it.
0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22677742
YES and I strongly recommend you close port80, unless you are hosting a website yourself.
0
 

Author Comment

by:davids355
ID: 22768302
I have managed to setup a certificate server and I have given the exchange folder a certificate (not sure if im using the right terminology), but I have OWA working on ssl (So i can type in https//etcetc/exchange and it "sort of" works.

However, in ie7 when I open owa remotely, it says, basically, this certificate is not trusted, either it is for a domain other than the one you have typed in, or it is from an untrusted CA authority.

To explain, when I setup the certificate, for the ca name I used what came up as the reverse dns for my ip address (And this is what I type in when conecting to OWA).

Have i done this part wrong, or do I just need to buy a certificate rather than using my server to issue one?

Any help much appreciated



0
 
LVL 23

Accepted Solution

by:
ormerodrutter earned 500 total points
ID: 22768393
If you use a self assigned certificate you will see that certificate warning messge every time you open OWA. simply click Continue.......and that should work. To get rid of that warning completely you need to purchase a 3rd party certificate, which is cheap anyway (I think the current price is £20). But you have to install it on the server again and take the existing one away.
0
 

Author Closing Comment

by:davids355
ID: 31504229
thanks
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now