Solved

What is the correct way to use outlook web access over the internet (with regards to security)?

Posted on 2008-10-08
11
200 Views
Last Modified: 2010-04-21
We have implimented OWA on several servers and are planning to do so on several more. At the moment our typical setup is having the exchange server configured for OWA over the internet and the way our users access it is through a secure part of our public website (using htaccess password restrictions).

My question is, if we had outlook web access configured on our server, and this was made available over the internet via port 80, how secure would this be?

And if it is not secure, what is the proper way to set this up?
0
Comment
Question by:davids355
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22669041
Hi davids355,

I would suggest OWA over SSL. This link explains it quite nicely:

http://www.msexchange.org/tutorials/MF004.html

Hope this helps.

Cheers.
0
 
LVL 23

Expert Comment

by:Justin Durrant
ID: 22669087
Yep... use SSL. :)
0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22669164
If you use OWA I would strongly recommend you use SSL. It is very easy to setup and you can even use a self-assigned certificate (or you can go buy a cheap one approx £20). Here is a step to step guide on setting up.

http://www.petri.co.il/configure_ssl_on_owa.htm

SSL is much more secure. It uses port 443. You access it by https instead of normal http.
0
 
LVL 23

Expert Comment

by:Justin Durrant
ID: 22669179
You can also setup a http > https redirect if needed
0
 

Author Comment

by:davids355
ID: 22676981
OK So that would mean that any passwords sent would be incrypted right? Some places I have been lead to beleive that a certificate must be sent to each users computer for them to have access, is this the case or is ssl purely to keep all transmited data encrypted?

Secondly, aside from people reading the unencrypted data, is it secure having the exchange server available on port 80 (IE Could someone use an exploit to get in)?

0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22677011
Yes all passwords are encrypted. Your assuming is correct a certificate warning message (or page) will be sent to user but they can simply select to accept it (i.e. continue).

Why would you open port80? Port 80 is for http traffic; once you use SSL it will be classified as https traffic and will use Port 443 instead. You usually open Port 80 if you are hosting your own website, which is to be accessed by public. You surely do NOT want to do that with your email.
0
 

Author Comment

by:davids355
ID: 22677539
Sorry thats what I meant. At the moment port 80 is open because exchange server is accesed via http. But if I set up the cert just open port 443 right?

I will try it.
0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22677742
YES and I strongly recommend you close port80, unless you are hosting a website yourself.
0
 

Author Comment

by:davids355
ID: 22768302
I have managed to setup a certificate server and I have given the exchange folder a certificate (not sure if im using the right terminology), but I have OWA working on ssl (So i can type in https//etcetc/exchange and it "sort of" works.

However, in ie7 when I open owa remotely, it says, basically, this certificate is not trusted, either it is for a domain other than the one you have typed in, or it is from an untrusted CA authority.

To explain, when I setup the certificate, for the ca name I used what came up as the reverse dns for my ip address (And this is what I type in when conecting to OWA).

Have i done this part wrong, or do I just need to buy a certificate rather than using my server to issue one?

Any help much appreciated



0
 
LVL 23

Accepted Solution

by:
ormerodrutter earned 500 total points
ID: 22768393
If you use a self assigned certificate you will see that certificate warning messge every time you open OWA. simply click Continue.......and that should work. To get rid of that warning completely you need to purchase a 3rd party certificate, which is cheap anyway (I think the current price is £20). But you have to install it on the server again and take the existing one away.
0
 

Author Closing Comment

by:davids355
ID: 31504229
thanks
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now