• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 243
  • Last Modified:

What is the correct way to use outlook web access over the internet (with regards to security)?

We have implimented OWA on several servers and are planning to do so on several more. At the moment our typical setup is having the exchange server configured for OWA over the internet and the way our users access it is through a secure part of our public website (using htaccess password restrictions).

My question is, if we had outlook web access configured on our server, and this was made available over the internet via port 80, how secure would this be?

And if it is not secure, what is the proper way to set this up?
0
davids355
Asked:
davids355
  • 4
  • 4
  • 2
  • +1
1 Solution
 
JoWickermanCommented:
Hi davids355,

I would suggest OWA over SSL. This link explains it quite nicely:

http://www.msexchange.org/tutorials/MF004.html

Hope this helps.

Cheers.
0
 
Justin DurrantSr. Engineer - Windows Server/VirtualizationCommented:
Yep... use SSL. :)
0
 
ormerodrutterCommented:
If you use OWA I would strongly recommend you use SSL. It is very easy to setup and you can even use a self-assigned certificate (or you can go buy a cheap one approx £20). Here is a step to step guide on setting up.

http://www.petri.co.il/configure_ssl_on_owa.htm

SSL is much more secure. It uses port 443. You access it by https instead of normal http.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Justin DurrantSr. Engineer - Windows Server/VirtualizationCommented:
You can also setup a http > https redirect if needed
0
 
davids355Author Commented:
OK So that would mean that any passwords sent would be incrypted right? Some places I have been lead to beleive that a certificate must be sent to each users computer for them to have access, is this the case or is ssl purely to keep all transmited data encrypted?

Secondly, aside from people reading the unencrypted data, is it secure having the exchange server available on port 80 (IE Could someone use an exploit to get in)?

0
 
ormerodrutterCommented:
Yes all passwords are encrypted. Your assuming is correct a certificate warning message (or page) will be sent to user but they can simply select to accept it (i.e. continue).

Why would you open port80? Port 80 is for http traffic; once you use SSL it will be classified as https traffic and will use Port 443 instead. You usually open Port 80 if you are hosting your own website, which is to be accessed by public. You surely do NOT want to do that with your email.
0
 
davids355Author Commented:
Sorry thats what I meant. At the moment port 80 is open because exchange server is accesed via http. But if I set up the cert just open port 443 right?

I will try it.
0
 
ormerodrutterCommented:
YES and I strongly recommend you close port80, unless you are hosting a website yourself.
0
 
davids355Author Commented:
I have managed to setup a certificate server and I have given the exchange folder a certificate (not sure if im using the right terminology), but I have OWA working on ssl (So i can type in https//etcetc/exchange and it "sort of" works.

However, in ie7 when I open owa remotely, it says, basically, this certificate is not trusted, either it is for a domain other than the one you have typed in, or it is from an untrusted CA authority.

To explain, when I setup the certificate, for the ca name I used what came up as the reverse dns for my ip address (And this is what I type in when conecting to OWA).

Have i done this part wrong, or do I just need to buy a certificate rather than using my server to issue one?

Any help much appreciated



0
 
ormerodrutterCommented:
If you use a self assigned certificate you will see that certificate warning messge every time you open OWA. simply click Continue.......and that should work. To get rid of that warning completely you need to purchase a 3rd party certificate, which is cheap anyway (I think the current price is £20). But you have to install it on the server again and take the existing one away.
0
 
davids355Author Commented:
thanks
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now