ActiveSync Secure
Hi,
Let me first describe the scenario:
We have a server2003 server running Exchange and OWA and OMA for Windows Mobile 5.0 devices. IIS is running the Exchange but all as HTTP, i.e. not HTTPS secured.
We have a 2nd server2003 server running ISA2006. This has a published rule that forwards all HTTP traffic for the Windows Mobiles to our exchange server.
Everything is running as HTTP including IIS, Windows Mobile and the ISA publish server rule.
We'd like to make this more secure, but I'm not sure the best way to go about it. I think using certificates is the best idea so far, but it's where we install the certificates and how. I believe certificates will have to go on both ISA2006 server and IIS server and also the Mobile devices.
Has anyone any info on how to go about this when we're using a setup like this?
Thanks!!
Chris
Answers
Hi,
Yes, absolutely use HTTPS! Otherwise all your confidential AD data(usernames and passwords) travel across the internet in the clear. Sniffers delight.
Here are instructions on how to install your own certificate server and where to install the certs.
From MS about publishing: http://technet.microsoft.com/en-us/library/aa996545.aspx
This article although about 2004, should give you a large amount of detail: http://www.isaserver.org/articles/2004owapub.html
Here is another one: http://www.isaserver.org/tutorials/ISA-Firewall-Publishing-OWA-RPC-HTTP-Single-IP-Address-Part1.html
If you don't come right, let me know, be glad to help
Re,
Dave.- Marked As Answer byKeith AlabasterMVP, ModeratorSunday, October 11, 2009 11:05 AM
All Replies
Hi,
Yes, absolutely use HTTPS! Otherwise all your confidential AD data(usernames and passwords) travel across the internet in the clear. Sniffers delight.
Here are instructions on how to install your own certificate server and where to install the certs.
From MS about publishing: http://technet.microsoft.com/en-us/library/aa996545.aspx
This article although about 2004, should give you a large amount of detail: http://www.isaserver.org/articles/2004owapub.html
Here is another one: http://www.isaserver.org/tutorials/ISA-Firewall-Publishing-OWA-RPC-HTTP-Single-IP-Address-Part1.html
If you don't come right, let me know, be glad to help
Re,
Dave.- Marked As Answer byKeith AlabasterMVP, ModeratorSunday, October 11, 2009 11:05 AM
David Maskell wrote: Hi,
Yes, absolutely use HTTPS! Otherwise all your confidential AD data(usernames and passwords) travel across the internet in the clear. Sniffers delight.
Here are instructions on how to install your own certificate server and where to install the certs.
From MS about publishing: http://technet.microsoft.com/en-us/library/aa996545.aspx
This article although about 2004, should give you a large amount of detail: http://www.isaserver.org/articles/2004owapub.html
Here is another one: http://www.isaserver.org/tutorials/ISA-Firewall-Publishing-OWA-RPC-HTTP-Single-IP-Address-Part1.html
If you don't come right, let me know, be glad to help
Re,
Dave.Here is one from MS about what to do on ISA.
