• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 485
  • Last Modified:

Exchange 2007-2010 activesync security - VPN?

Hello. We would like to roll out exchange activesync for a couple users on their phones, however I am gathering information on the security of such a setup.

How can we implement two layers of security?

For OWA, for example, our users log in to a cisco 5510 WebVPN, and from there into OWA..

With activesync, how could we make it work? I do not want to open any ports to exchange directly (only one server with all roles currently)

What is the recommended solution for the above? SSL VPN on the phone, then activesync?

Thanks you.
0
arthurk123
Asked:
arthurk123
  • 3
1 Solution
 
Alan HardistyCo-OwnerCommented:
Activesync requires port 443 to be open on your firewall to work.  If you don't want this open, then Activesync isn't an option for you.

Not sure if you configure a VPN to the office if Outlook on a mobile will work as I have never tried it.
0
 
arthurk123Author Commented:
So this offers only one layer of security then - the user's username and password, correct? Is that how large corporations handle it - seems rather insecure?

I mean if mobile access is open through 443 directly, then what is the purpose of accessing OWA through a cisco webvpn
0
 
Alan HardistyCo-OwnerCommented:
Yes - that's all the security that is enabled by standard.  Large corporations do use Activesync this way and I have never seen any issues as a result of using it this way, or heard of any issues either.

You can force Activesync to require client certificates, so that only clients with the relevant certificate can gain access.

In terms of accessing OWA via a webvpn - nothing wrong with accessing it via Webvpn - but I've not seen any issues with any companies that don't use a VPN for webmail access.

Activesync can be enabled / disabled on a per user basis, so it isn't available to everyone and with Exchange 2007 / 2010, you can restrict it to be used by certain devices only.
0
 
Alan HardistyCo-OwnerCommented:
You can also incorporate RSA Secure ID two factor authentication to beef up security.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now