Solved

Exchange 2007-2010 activesync security - VPN?

Posted on 2011-09-24
4
465 Views
Last Modified: 2012-05-12
Hello. We would like to roll out exchange activesync for a couple users on their phones, however I am gathering information on the security of such a setup.

How can we implement two layers of security?

For OWA, for example, our users log in to a cisco 5510 WebVPN, and from there into OWA..

With activesync, how could we make it work? I do not want to open any ports to exchange directly (only one server with all roles currently)

What is the recommended solution for the above? SSL VPN on the phone, then activesync?

Thanks you.
0
Comment
Question by:arthurk123
  • 3
4 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36595177
Activesync requires port 443 to be open on your firewall to work.  If you don't want this open, then Activesync isn't an option for you.

Not sure if you configure a VPN to the office if Outlook on a mobile will work as I have never tried it.
0
 

Author Comment

by:arthurk123
ID: 36595659
So this offers only one layer of security then - the user's username and password, correct? Is that how large corporations handle it - seems rather insecure?

I mean if mobile access is open through 443 directly, then what is the purpose of accessing OWA through a cisco webvpn
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 36595801
Yes - that's all the security that is enabled by standard.  Large corporations do use Activesync this way and I have never seen any issues as a result of using it this way, or heard of any issues either.

You can force Activesync to require client certificates, so that only clients with the relevant certificate can gain access.

In terms of accessing OWA via a webvpn - nothing wrong with accessing it via Webvpn - but I've not seen any issues with any companies that don't use a VPN for webmail access.

Activesync can be enabled / disabled on a per user basis, so it isn't available to everyone and with Exchange 2007 / 2010, you can restrict it to be used by certain devices only.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36595854
You can also incorporate RSA Secure ID two factor authentication to beef up security.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now