How secure is exchange OMA and OWA without a front end server?



CentraRich
07-09-2005, 11:51 PM
I would really lie to hear people's opinions on how secure an implementation
of 1 server running Exchange 2003 with OWA and OMA access through self
certificated SSL port forwarded through a hardware firewal is?

I have a client who is interested in OMA and OWA but doesn't want the
expense of implementing a front end server. We are running our own
implementation of OWA and OMA on exchange with SSL. We get to it from the
internet from the public side of our firewall which port forwards HTTPS
requests through to our exchange server.

Is this a satisfactory solution. The client is a firm of solicitors so they
need to be fairly secure. It would be great to hear any advice on how secure
it is and/ or what could be done to improve things etc.

Thanks in advance - Rich

Phillip Windell
07-09-2005, 11:51 PM
It does fine, even without SSL.

Just becuase something can be made more secure doesn't automatically mean it
is "insecure" if you don't do the extra things.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"CentraRich" <CentraRich@discussions.microsoft.com> wrote in message
news:F3CE8C82-EC11-42F5-A340-BB1902A8A5FF@microsoft.com...
> I would really lie to hear people's opinions on how secure an
implementation
> of 1 server running Exchange 2003 with OWA and OMA access through self
> certificated SSL port forwarded through a hardware firewal is?
>
> I have a client who is interested in OMA and OWA but doesn't want the
> expense of implementing a front end server. We are running our own
> implementation of OWA and OMA on exchange with SSL. We get to it from the
> internet from the public side of our firewall which port forwards HTTPS
> requests through to our exchange server.
>
> Is this a satisfactory solution. The client is a firm of solicitors so
they
> need to be fairly secure. It would be great to hear any advice on how
secure
> it is and/ or what could be done to improve things etc.
>
> Thanks in advance - Rich
>

Srikrishna Komatineni
07-09-2005, 11:51 PM
Quite okie..with your setup if you add SSL it will be fine enough....

Srikrishna Komatineni
"CentraRich" <CentraRich@discussions.microsoft.com> wrote in message
news:F3CE8C82-EC11-42F5-A340-BB1902A8A5FF@microsoft.com...
>I would really lie to hear people's opinions on how secure an
>implementation
> of 1 server running Exchange 2003 with OWA and OMA access through self
> certificated SSL port forwarded through a hardware firewal is?
>
> I have a client who is interested in OMA and OWA but doesn't want the
> expense of implementing a front end server. We are running our own
> implementation of OWA and OMA on exchange with SSL. We get to it from the
> internet from the public side of our firewall which port forwards HTTPS
> requests through to our exchange server.
>
> Is this a satisfactory solution. The client is a firm of solicitors so
> they
> need to be fairly secure. It would be great to hear any advice on how
> secure
> it is and/ or what could be done to improve things etc.
>
> Thanks in advance - Rich
>

Faisal [MSFT]
07-09-2005, 11:52 PM
Whats secure and whats not is tricky but reducing attack surface area is a
better approach. Publishing your OWA/OMA thourgh a product like ISA 2004
sounds a better approach. You should not rely on SSL only. At the end of a
day its a business decision.

thanks,
Faisal

"Srikrishna Komatineni" <srikrishnak@hotmail.com> wrote in message
news:OYL4137VFHA.2660@TK2MSFTNGP10.phx.gbl...
> Quite okie..with your setup if you add SSL it will be fine enough....
>
> Srikrishna Komatineni
> "CentraRich" <CentraRich@discussions.microsoft.com> wrote in message
> news:F3CE8C82-EC11-42F5-A340-BB1902A8A5FF@microsoft.com...
>>I would really lie to hear people's opinions on how secure an
>>implementation
>> of 1 server running Exchange 2003 with OWA and OMA access through self
>> certificated SSL port forwarded through a hardware firewal is?
>>
>> I have a client who is interested in OMA and OWA but doesn't want the
>> expense of implementing a front end server. We are running our own
>> implementation of OWA and OMA on exchange with SSL. We get to it from the
>> internet from the public side of our firewall which port forwards HTTPS
>> requests through to our exchange server.
>>
>> Is this a satisfactory solution. The client is a firm of solicitors so
>> they
>> need to be fairly secure. It would be great to hear any advice on how
>> secure
>> it is and/ or what could be done to improve things etc.
>>
>> Thanks in advance - Rich
>>
>
>


How secure is exchange OMA and OWA without a front end server?