Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2007-2010 activesync security - VPN?

Posted on 2011-09-24
4
Medium Priority
?
481 Views
Last Modified: 2012-05-12
Hello. We would like to roll out exchange activesync for a couple users on their phones, however I am gathering information on the security of such a setup.

How can we implement two layers of security?

For OWA, for example, our users log in to a cisco 5510 WebVPN, and from there into OWA..

With activesync, how could we make it work? I do not want to open any ports to exchange directly (only one server with all roles currently)

What is the recommended solution for the above? SSL VPN on the phone, then activesync?

Thanks you.
0
Comment
Question by:arthurk123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36595177
Activesync requires port 443 to be open on your firewall to work.  If you don't want this open, then Activesync isn't an option for you.

Not sure if you configure a VPN to the office if Outlook on a mobile will work as I have never tried it.
0
 

Author Comment

by:arthurk123
ID: 36595659
So this offers only one layer of security then - the user's username and password, correct? Is that how large corporations handle it - seems rather insecure?

I mean if mobile access is open through 443 directly, then what is the purpose of accessing OWA through a cisco webvpn
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 36595801
Yes - that's all the security that is enabled by standard.  Large corporations do use Activesync this way and I have never seen any issues as a result of using it this way, or heard of any issues either.

You can force Activesync to require client certificates, so that only clients with the relevant certificate can gain access.

In terms of accessing OWA via a webvpn - nothing wrong with accessing it via Webvpn - but I've not seen any issues with any companies that don't use a VPN for webmail access.

Activesync can be enabled / disabled on a per user basis, so it isn't available to everyone and with Exchange 2007 / 2010, you can restrict it to be used by certain devices only.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36595854
You can also incorporate RSA Secure ID two factor authentication to beef up security.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question