Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
What Do i need to pay for To Secure Server/OWA/DP
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
What Do i need to pay for To Secure Server/OWA/DP - 24.Jul.2008 10:48:51 PM
|
|
|
ambush276
Posts: 44
Joined: 11.May2008
Status: offline
|
i just need basic security for my Windows Server 2003. Its not for a buisness just for my personal use, but there are emails that are VERY important and contain legal matters.. ec. etc... ALso will use OWA a little bit, but i have Direct Push which is very very important. I need the emails safe, encrytped etc... Do i need an SSL Cert for this? Hardware firewall? not sure what i need or what it will cost?
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 25.Jul.2008 3:51:50 AM
|
|
|
myk3
Posts: 48
Joined: 9.Mar.2007
Status: offline
|
SSL cert for OWA is around £300 or so for 3 years from thawte, hardware firewall will be the best bet and maybe intrusion protection/prevention
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 25.Jul.2008 6:49:47 AM
|
|
|
Sembee
Posts: 3574
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
If you are paying £300 for an SSL certificate then you are being ripped off. For personal use I wouldn't pay anywhere near that to protect Exchange.
Get an certificate from GoDaddy for US$30/year. http://DomainsForExchange.net/
It should be trusted by your Windows Mobile device for direct push.
As for a firewall. You should have something in front of the server. Even a basic home user router will be better than nothing. You then only need to open the two ports required (25 for SMTP and 443 for SSL).
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 25.Jul.2008 4:02:50 PM
|
|
|
ambush276
Posts: 44
Joined: 11.May2008
Status: offline
|
i havent bought anything yet, but that is a good suggestion from Godaddy? then is there any guides on how to install the SSL cert, and encrypt email, secure exchange, and secure my website w/ the SSL cert..
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 29.Jul.2008 1:07:16 PM
|
|
|
Sembee
Posts: 3574
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
GoDaddy provide instructions on requesting and installing the certificate in IIS. That will secure the web site - that will include OWA, RPC over HTTPS and any mobile use.
I don't know what you mean by "secure exchange" - you will need to expand on that.
To encrypt email is a lot more complicated and needs a lot of thought and planning to implement correctly. You need to look at what you want to achieve - whether you just want to secure the connection between you and specific senders, or whether you want to actually protect the contents of the message. For personal use though I wouldn't bother even looking at encrypting email unless you have a business need to do so.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 29.Jul.2008 5:16:02 PM
|
|
|
ambush276
Posts: 44
Joined: 11.May2008
Status: offline
|
probably need to encrypt the contents of the mail. ALso if i have a dynamic IP. Does the ssl cert go to the domain, or the Ip? Cause if IP that wont work. ...
also the basic $30 will work for all the OWA, DP, and Site.. usage.. correct?
< Message edited by ambush276 -- 29.Jul.2008 5:18:28 PM >
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 29.Jul.2008 5:58:41 PM
|
|
|
Sembee
Posts: 3574
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
SSL Certificates are to the host name, not the IP address.
However if you want an SSL certificate on your own domain then you will to do a few things...
- setup a dynamic DNS account with one of the dynamic DNS providers.
- create a new ALIAS (aka CNAME) in your own domain pointing to the dynamic dns account.
- get a certificate for that alias.
The certificate will secure everything that is within IIS, so all web services, as well as SMTP, POP3 and IMAP.
However just because you can support secure SMTP transport does not mean anyone else does. Secure SMTP is not used a great deal.
As for encryption of the email message themselves - that is still relatively uncommon. To do that you will have to look at something like PGP, with all the complexity that involves. For most people they simply do not need encryption of individual messages.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 29.Jul.2008 7:38:30 PM
|
|
|
ambush276
Posts: 44
Joined: 11.May2008
Status: offline
|
ok basically i use dnsexit.com for my DNS... not my exchange server..
because i port forward some stuff etc etc... www.website.com is my website address and webmail.website.com is my OWA site.. do i want to just have website.com registerd under the domain or the sub domain as well.. im a little confused on that part. Because im going to use OWA and want it secure. and i will have store/subscription manager on my site. So when ppl use credit cards need it secure/paypal... etc etc... Before i buy it. still kind of confsued on howto setup DNS to work like post above? or just webiste.com is what i want in the DNS?
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 30.Jul.2008 7:15:40 AM
|
|
|
Sembee
Posts: 3574
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
If you already have a URL setup for OWA that is using your dynamic DNS address then that is fine. Just get an SSL certificate for that address.
However I would not recommend that you mix public and private traffic on an Exchange server. I would not say that hosting a public web site on the server is a good idea. Furthermore if you are on a dynamic IP address you must be on a residential or small business type connection and running the type of service that you have indicated may be against the terms of service and its performance will be poor due to the poor upload speed on those types of connections.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 30.Jul.2008 10:25:23 AM
|
|
|
ambush276
Posts: 44
Joined: 11.May2008
Status: offline
|
ok thanks for the concern.. i understand what you are saying. But for my reasons.. i will need the ssl to work on the store, and on the OWA acess site? how would i do that?
also my upload speed is 1mpbs so i think that is sufficient
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 30.Jul.2008 1:15:06 PM
|
|
|
Sembee
Posts: 3574
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
1mb upload being sufficient - I would disagree. Unless you are on a service that guarantees that (Which if you are on a dynamic IP address I doubt) you will be lucky to get that as the connection speed is shared with other people.
Also, if you are going to run ecommerce on a web site then the rules are a lot different. A US$30 certificate isn't going to be enough, you would need a commercial certificate with insurance cover - you could be looking to pay over US$500 or more for the certificate. You then need to look at the security of the server.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 30.Jul.2008 1:18:37 PM
|
|
|
ambush276
Posts: 44
Joined: 11.May2008
Status: offline
|
its through paypal... so all the secure web transaction stuff is done through them... basically to make more clear i guess, what do i need to do is to is have the owa secure w/ ssl, and when the ppl sign onto their account, and are logged in, and registered on teh website (its not for 1000's of ppl) to have that secure. So for instance they cannot view my webpages unless they have a registered account. So to log in and acces those pages it needs to be secure.... how do i have ssl on both of those sub domains (owa.mysite.com and www.mysite.com)
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 30.Jul.2008 1:52:06 PM
|
|
|
Sembee
Posts: 3574
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
With a single IP address you cannot.
You can't use host headers with SSL, so there is no way of sharing the port. If you want to support two URLs on the same server then you need two IP addresses.
A wildcard certificate might work, but that will have issues with Windows Mobile devices if you are using them, plus it still means a single web site with internal and external traffic mixed.
With the cost of the hosting at an all time low, trying to self host is simply pointless.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 30.Jul.2008 2:37:14 PM
|
|
|
ambush276
Posts: 44
Joined: 11.May2008
Status: offline
|
i have a vps at 1and1 so im not sure if they give me security already? I mean assume they do not give ssl certs to their customers. Basically i want my site to be secure from non regisesterd users, and i gues OWA would be a nice touch...
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 30.Jul.2008 6:00:44 PM
|
|
|
Sembee
Posts: 3574
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
Unusual for ISPs to give an SSL connection, although some may provide a shared SSL service. You would need to speak to them about that.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 31.Jul.2008 7:03:57 PM
|
|
|
ambush276
Posts: 44
Joined: 11.May2008
Status: offline
|
but still getting back to my main point. DO i want to secure it on like owa.mysite.com or like www.mysite.com
i should have been mroe clear...
i just need it for OWA/exchange. My friend (whole nother server) is using it for a online store/subscription site (taht is all paid through paypal). Im setting it upf or him, and do i register the SSL on just hisite.com or store.hisite.com? if i do it on the main domain will \it still work on the subdomains. Im looking at the Godady ssl certs. They are for 2 diff servers. One serer just has exchange, and needs it for exchange and OWA acess... The other is for a store and needs it for the store, and website... but will the different subdomains still work ok?
|
|
|
|
|
RE: What Do i need to pay for To Secure Server/OWA/DP - 1.Aug.2008 8:47:36 AM
|
|
|
Sembee
Posts: 3574
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
I can't make that decision for you.
Whether you want to secure your OWA deployment is up to you. I personally never deploy OWA without an SSL certificate.
However securing the server is a lot more than just putting an SSL certificate on to it. Ideally an internal server would not be inviting public traffic to it, so port 80 would be closed.
You seemed to have already made up your mind, and will go ahead anyway, and perhaps are looking for someone to say that it is a good idea so that when it goes wrong you can blame someone else. There seems little else me posting here - I have stated what I think, but that is just my opinion.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
