OWA Access

OWA Access (Full Version)

All Forums >> [Microsoft Exchange 2007] >> Secure Messaging

Message

elvecio -> OWA Access (17.Jul.2007 3:31:44 PM)
Hi people, I have following doubt about OWA security: How is the OWA access from Internet? Is it possible to put the Client Access in the DMZ perimeter or the only way is to open same ports from internet - LAN to the Client Access Server? Thanks a lot. Elvecio

John Weber -> RE: OWA Access (17.Jul.2007 3:49:06 PM)
Depending on your security requirements... MS recommended best practice is to publish OWA via a proxy server (no surprise that they recommend ISA). I have numerous clients using nothing but 443 through the firewall and SSL on the CAS (FE for e2k3). Works great, less filling. If you place a CAS role in the DMZ, you are going to have a hole the size of a large truck leading from the DMZ into your AD. Do you really want that risk? Either way, the risk is there, one port or 30 ports. Ergo, you must choose based on your organizations security policy. -John quote: ORIGINAL: elvecio Hi people, I have following doubt about OWA security: How is the OWA access from Internet? Is it possible to put the Client Access in the DMZ perimeter or the only way is to open same ports from internet - LAN to the Client Access Server? Thanks a lot. Elvecio

Henrik Walther -> RE: OWA Access (18.Jul.2007 2:06:52 AM)
I would seriously consider having a firewall in the DMZ capable of pre-authenticating users before they are proxied to the CAS. If you don't it means unauthenticated users will be able to establish an SSL session directly to the CAS server on your internal network, which I would consider a major security risk.

Page: [1]