Re: SP2 and OWA

---

• From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 22 Aug 2006 22:38:11 -0400

---

In news:7ntje29il4o3lkjc56tf5r85uoip2ojl61@xxxxxxx,
Rich Matheisen [MVP] <richnews@xxxxxxxxxxxxxxxxxxxxx> typed:

"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

In news:CE8F0A9B-B573-4D71-84B2-0EE8410753F7@xxxxxxxxxxxxx,
yba02 <yba02@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:

Hi,
I have Exchange 2k3 SP2.
Does SP2 necessitate SSL enforcement on FBA for OWA? In other
words, can I configure OWA without using SSL in presence of SP2?
Thanks
Yba

Sure, I think so - but why would you want to do that? SSL is a must
in my book. Allowing HTTP traffic into your network is a really bad
idea.

Okay . . . I'll bite. Why is allowing HTTP into your network less
secure than allowing HTTPS (ignoring the "sniffing passwords" bit)?

Well, I can see I inadvertently started something here, but my first
reaction is that what you ask me to ignore is one of the main reasons I want
SSL!

I can use an IPS to examine HTTP. I can't look at the contents of the
data if it's encrypted.

Traffic between a F-E and B-E server is HTTP, not HTTPS.

In a switched network, those data aren't broadcast to everyone.

If security is a concern, why not use IPSec and limit the IP addresses
from which you'll accept HTTP/HTTPS? Or another firewall?

Because OWA is a necessary evil and I can't know from where my clients might
be connecting.....and most of my clients are teeny offices where a FE/BE
config isn't an option.

I'm sincerely interested in hearing the reasons. Really.

I'm tryin', honest.

<adjust pointed hat, checks lipstick>



.

---

• Follow-Ups:
  • Re: SP2 and OWA
    • From: Rich Matheisen [MVP]

• References:
  • Re: SP2 and OWA
    • From: Lanwench [MVP - Exchange]
  • Re: SP2 and OWA
    • From: Rich Matheisen [MVP]

• Prev by Date: Re: Need script: Bulk import contacts from csv
• Next by Date: Exchange 2003 Restore Issues
• Previous by thread: Re: SP2 and OWA
• Next by thread: Re: SP2 and OWA
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: OWA fails to close ... As OWA works fine with HTTP, this issue is mostly related to the SSL ... configuration. ... (microsoft.public.exchange.misc) Re: IIS6. Windows 2003 ... unless it's through a HTTP (SSL) port. ... If you are hosting a company website and also OWA, ... >> We run IIS on all our exchange servers to provide OWA through SSL. ... (microsoft.public.inetserver.iis.security) Re: OWA Security Question ... Celebrating a decade of Exchange peer support ... I enable the SSL for change password by OWA. ... Are you connecting via http or https? ... (microsoft.public.exchange.admin) Re: SP2 and OWA ... Does SP2 necessitate SSL enforcement on FBA for OWA? ... Allowing HTTP traffic into your network is a really bad idea. ... (microsoft.public.exchange.admin) Error 80072f17 ... Exchange 2003 SP2 ... OWA is secured with an SSL Cert. ... OWA works fine from all computers. ... (microsoft.public.pocketpc.activesync)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)