Solved

Exchange 2007-2010 activesync security - VPN?

Posted on 2011-09-24
4
469 Views
Last Modified: 2012-05-12
Hello. We would like to roll out exchange activesync for a couple users on their phones, however I am gathering information on the security of such a setup.

How can we implement two layers of security?

For OWA, for example, our users log in to a cisco 5510 WebVPN, and from there into OWA..

With activesync, how could we make it work? I do not want to open any ports to exchange directly (only one server with all roles currently)

What is the recommended solution for the above? SSL VPN on the phone, then activesync?

Thanks you.
0
Comment
Question by:arthurk123
  • 3
4 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36595177
Activesync requires port 443 to be open on your firewall to work.  If you don't want this open, then Activesync isn't an option for you.

Not sure if you configure a VPN to the office if Outlook on a mobile will work as I have never tried it.
0
 

Author Comment

by:arthurk123
ID: 36595659
So this offers only one layer of security then - the user's username and password, correct? Is that how large corporations handle it - seems rather insecure?

I mean if mobile access is open through 443 directly, then what is the purpose of accessing OWA through a cisco webvpn
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 36595801
Yes - that's all the security that is enabled by standard.  Large corporations do use Activesync this way and I have never seen any issues as a result of using it this way, or heard of any issues either.

You can force Activesync to require client certificates, so that only clients with the relevant certificate can gain access.

In terms of accessing OWA via a webvpn - nothing wrong with accessing it via Webvpn - but I've not seen any issues with any companies that don't use a VPN for webmail access.

Activesync can be enabled / disabled on a per user basis, so it isn't available to everyone and with Exchange 2007 / 2010, you can restrict it to be used by certain devices only.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36595854
You can also incorporate RSA Secure ID two factor authentication to beef up security.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question