Solved

What is the correct way to use outlook web access over the internet (with regards to security)?

Posted on 2008-10-08
11
210 Views
Last Modified: 2010-04-21
We have implimented OWA on several servers and are planning to do so on several more. At the moment our typical setup is having the exchange server configured for OWA over the internet and the way our users access it is through a secure part of our public website (using htaccess password restrictions).

My question is, if we had outlook web access configured on our server, and this was made available over the internet via port 80, how secure would this be?

And if it is not secure, what is the proper way to set this up?
0
Comment
Question by:davids355
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22669041
Hi davids355,

I would suggest OWA over SSL. This link explains it quite nicely:

http://www.msexchange.org/tutorials/MF004.html

Hope this helps.

Cheers.
0
 
LVL 23

Expert Comment

by:Justin Durrant
ID: 22669087
Yep... use SSL. :)
0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22669164
If you use OWA I would strongly recommend you use SSL. It is very easy to setup and you can even use a self-assigned certificate (or you can go buy a cheap one approx £20). Here is a step to step guide on setting up.

http://www.petri.co.il/configure_ssl_on_owa.htm

SSL is much more secure. It uses port 443. You access it by https instead of normal http.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 23

Expert Comment

by:Justin Durrant
ID: 22669179
You can also setup a http > https redirect if needed
0
 

Author Comment

by:davids355
ID: 22676981
OK So that would mean that any passwords sent would be incrypted right? Some places I have been lead to beleive that a certificate must be sent to each users computer for them to have access, is this the case or is ssl purely to keep all transmited data encrypted?

Secondly, aside from people reading the unencrypted data, is it secure having the exchange server available on port 80 (IE Could someone use an exploit to get in)?

0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22677011
Yes all passwords are encrypted. Your assuming is correct a certificate warning message (or page) will be sent to user but they can simply select to accept it (i.e. continue).

Why would you open port80? Port 80 is for http traffic; once you use SSL it will be classified as https traffic and will use Port 443 instead. You usually open Port 80 if you are hosting your own website, which is to be accessed by public. You surely do NOT want to do that with your email.
0
 

Author Comment

by:davids355
ID: 22677539
Sorry thats what I meant. At the moment port 80 is open because exchange server is accesed via http. But if I set up the cert just open port 443 right?

I will try it.
0
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22677742
YES and I strongly recommend you close port80, unless you are hosting a website yourself.
0
 

Author Comment

by:davids355
ID: 22768302
I have managed to setup a certificate server and I have given the exchange folder a certificate (not sure if im using the right terminology), but I have OWA working on ssl (So i can type in https//etcetc/exchange and it "sort of" works.

However, in ie7 when I open owa remotely, it says, basically, this certificate is not trusted, either it is for a domain other than the one you have typed in, or it is from an untrusted CA authority.

To explain, when I setup the certificate, for the ca name I used what came up as the reverse dns for my ip address (And this is what I type in when conecting to OWA).

Have i done this part wrong, or do I just need to buy a certificate rather than using my server to issue one?

Any help much appreciated



0
 
LVL 23

Accepted Solution

by:
ormerodrutter earned 500 total points
ID: 22768393
If you use a self assigned certificate you will see that certificate warning messge every time you open OWA. simply click Continue.......and that should work. To get rid of that warning completely you need to purchase a 3rd party certificate, which is cheap anyway (I think the current price is £20). But you have to install it on the server again and take the existing one away.
0
 

Author Closing Comment

by:davids355
ID: 31504229
thanks
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question