Solved

What is the correct way to use outlook web access over the internet (with regards to security)?

Posted on 2008-10-08
11
233 Views
Last Modified: 2010-04-21
We have implimented OWA on several servers and are planning to do so on several more. At the moment our typical setup is having the exchange server configured for OWA over the internet and the way our users access it is through a secure part of our public website (using htaccess password restrictions).

My question is, if we had outlook web access configured on our server, and this was made available over the internet via port 80, how secure would this be?

And if it is not secure, what is the proper way to set this up?
0
Comment
Question by:davids355
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22669041
Hi davids355,

I would suggest OWA over SSL. This link explains it quite nicely:

http://www.msexchange.org/tutorials/MF004.html

Hope this helps.

Cheers.
0
 
LVL 23

Expert Comment

by:Justin Durrant
ID: 22669087
Yep... use SSL. :)
0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22669164
If you use OWA I would strongly recommend you use SSL. It is very easy to setup and you can even use a self-assigned certificate (or you can go buy a cheap one approx £20). Here is a step to step guide on setting up.

http://www.petri.co.il/configure_ssl_on_owa.htm

SSL is much more secure. It uses port 443. You access it by https instead of normal http.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 23

Expert Comment

by:Justin Durrant
ID: 22669179
You can also setup a http > https redirect if needed
0
 

Author Comment

by:davids355
ID: 22676981
OK So that would mean that any passwords sent would be incrypted right? Some places I have been lead to beleive that a certificate must be sent to each users computer for them to have access, is this the case or is ssl purely to keep all transmited data encrypted?

Secondly, aside from people reading the unencrypted data, is it secure having the exchange server available on port 80 (IE Could someone use an exploit to get in)?

0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22677011
Yes all passwords are encrypted. Your assuming is correct a certificate warning message (or page) will be sent to user but they can simply select to accept it (i.e. continue).

Why would you open port80? Port 80 is for http traffic; once you use SSL it will be classified as https traffic and will use Port 443 instead. You usually open Port 80 if you are hosting your own website, which is to be accessed by public. You surely do NOT want to do that with your email.
0
 

Author Comment

by:davids355
ID: 22677539
Sorry thats what I meant. At the moment port 80 is open because exchange server is accesed via http. But if I set up the cert just open port 443 right?

I will try it.
0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22677742
YES and I strongly recommend you close port80, unless you are hosting a website yourself.
0
 

Author Comment

by:davids355
ID: 22768302
I have managed to setup a certificate server and I have given the exchange folder a certificate (not sure if im using the right terminology), but I have OWA working on ssl (So i can type in https//etcetc/exchange and it "sort of" works.

However, in ie7 when I open owa remotely, it says, basically, this certificate is not trusted, either it is for a domain other than the one you have typed in, or it is from an untrusted CA authority.

To explain, when I setup the certificate, for the ca name I used what came up as the reverse dns for my ip address (And this is what I type in when conecting to OWA).

Have i done this part wrong, or do I just need to buy a certificate rather than using my server to issue one?

Any help much appreciated



0
 
LVL 23

Accepted Solution

by:
ormerodrutter earned 500 total points
ID: 22768393
If you use a self assigned certificate you will see that certificate warning messge every time you open OWA. simply click Continue.......and that should work. To get rid of that warning completely you need to purchase a 3rd party certificate, which is cheap anyway (I think the current price is £20). But you have to install it on the server again and take the existing one away.
0
 

Author Closing Comment

by:davids355
ID: 31504229
thanks
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question