I am trying to ensure that Outlook Anywhere traffic is secured. I have an ISA 2006 server setup to allow Outlook Anywhere traffic with Basic Authentication and FBA with Windows AD.
I have the Outlook client security tab set to negotiate authentication and encrypt, and then the connection tab, I have it set to Basic Authentication. As I understand it, this is the best and most secure mode as using NTLM authentication requires that you
drop Windows 7 clients to use NTLM v1 instead of v2 which is not as secure.
When the Outlook client connects and I ctrl+right-click and view connectivity status it reports the following...
Auth: Clear [NTLM]
I ran Microsoft Network Monitor and WireShark against the local client and the server, and it appears the AD login information is encrypted. I just wanted to verify that indeed even though Auth is saying "clear" that the encrypt and HTTPS setting
are covering me on the encryption as obviously I do not want to send info in the clear. If I'm wrong, can someone also please point out wireshark and/or Microsoft network monitor filter settings for viewing the outlook authentication portion.
The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.