Securing OWA

I have a number of clients (10-75 users) running Exchange 2003, 2007 and 2010 with a single server managing all the roles.

This includes an open port 80/443 redirected to IIS/OWA on the single Exchange Server.

I would like to increase the security to make OWA/ActiveSync less vulnerable to outside attack.  

What are the best methods for locking down or breaking out these functions without spending a pile of money.

Thanks,

Nathan
NEMCAsked:
Who is Participating?
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Turn off port 80 access, install a commercial SSL certificate, enforce secure password options.

Unfortuantely the best way to secure the server isn't available to you - that is get rid of the users, they are the most vulnerable part of the installation.

Anything else is going to cost - as you would be looking at deploying TMG or something like that.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.