Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OWA and SSL

Status
Not open for further replies.
people3

people3

Technical User
Feb 23, 2004
276
GB
Hi

I'm trying to find out how secure OWA is using SSL. At present we use OWA and SSL but only internaly or through a cisco PIX.

We unfortunatly need to open our exchange to the outside world and so are about to open port 443 and forward it to exchange.

How secure is this. Is there anyway to monitor connection attempts?

Thanks for any info
 
Sort by date Sort by votes

Hi.

We have several people using OWA this way.

Not had any major problems with it, as with any external facing site i'd make sure the usual precausions are taken. ( no user called aministrator, complex passwords etc )

Best,

Chris
 
Upvote 0 Downvote
Assuming that your cert if from a trusted authority, and you forward only 443, you're going to be safer than if you also forward 80.

As mentioned above, you should do the normal security tasks, as well as making sure you're up to date with all security patches, hotfixes, etc.

Pat Richard, MCSE MCSA:Messaging CNA
Want to know how email works? Read for yourself -
 
Upvote 0 Downvote
Yeah lots of people do it this way, the main security concern being you're allowing unauthenticated traffic onto the Exchange server as it's the Exchange server doing the logon verification. If there are any attacks though that exploit this I'm not sure.

Personally we use an ISA2004 box on a DMZ behind a Checkpoint firewall and this publises OWA and does the authentication so it's a little bit more secure.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
2K
microsGuy16
microsGuy16
ponoodle
  • Locked
  • Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
1K
ponoodle
ponoodle
david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
1K
david jackson
david jackson
Rohit Bareja
  • Locked
  • Question
View and access only own records, and not the records by others on SharePoint.
Replies
3
Views
1K
garysm
garysm
pinytech
  • Locked
  • Question
What is the function of the SSL Cert in Exch 2010
Replies
1
Views
102
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top