Is accessing exchange through outlook over the internet secure? I know it authenticates using NT Challange response, but then is the communication between the two of them secure after that? If not is there any way to implement secure communication between the two other then VPN?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
outlook exchange over internet
- Thread starter jvande
- Start date
gmcdonnell
MIS
In a word, no. Multiple ports needs to be open, including port 135 which is for RPC communications - this is where the MSBlaster worm recently attacked and many ISPs have recently blocked this port.
For Exchange 2000 or 5.5 you need a VPN or to use Outlook Web Access. If you have Exchange 2003 and Outlook 2003 (in beta) you can do it via RPC over HTTP in what is supposedly a very secure manner, but since it's just now becoming available we'll have to see (I have high hopes!).
Gary McDonnell
For Exchange 2000 or 5.5 you need a VPN or to use Outlook Web Access. If you have Exchange 2003 and Outlook 2003 (in beta) you can do it via RPC over HTTP in what is supposedly a very secure manner, but since it's just now becoming available we'll have to see (I have high hopes!).
Gary McDonnell
- Thread starter
- #3
gmcdonnell
MIS
I wouldn't use it under any circumstances. It's not that I'd be worried about someone sniffing out the username/password combos, it's just too dangerous to open up one's Exchange server wide enough to connect to directly over the Internet. There are just too many places where there have been and will be vulnerabilities. But hey, that's just my opinion.
There are probably a lot of folks trying to get RPC to work properly over something other than port 135 right now, because a lot of people had their Exchange server open so people could use Outlook without a VPN and now their Exchange servers have been hacked. If you know of a good way to do this you should write it up and post it to the Microsoft Exchange newsgroups - a lot of folks would appreciate it!
Gary McDonnell
There are probably a lot of folks trying to get RPC to work properly over something other than port 135 right now, because a lot of people had their Exchange server open so people could use Outlook without a VPN and now their Exchange servers have been hacked. If you know of a good way to do this you should write it up and post it to the Microsoft Exchange newsgroups - a lot of folks would appreciate it!
Gary McDonnell
coffeedogz
IS-IT--Management
We cut our outside people off because of the RPC attack. They have to go through the Internet client. Not as convenient, but a whole lot more secure. We're in the process of installing VPN, so it may be available in the future. But I don't want to live dangerously with that port open.
coffeedogz
coffeedogz
- Status
Similar threads
- Locked
- Helpful tip
- Locked
- Question
- Locked
- Question