Re: Exchange Security and Administration: Small/Tiny Site

Setting up Outlook Anywhere (which is the "HTTP connector" you mentioned) isn't very difficult. Like any Web service, you'll want to ensure that you secure it with SSL. You cannot use Apache to handle this traffic. Outlook Anywhere traffic is handled by the RPC over HTTPS Proxy service of Windows Server. IIS is also required.

As for security, Exchange is very secure out of the box and is not hard to maintain from a security standpoint. Since you're already diligent with updating your Windows boxes you should be in good shape. Microsoft offers a tool called the Exchange Best Practices Analyzer that can scan your Exchange servers and identify many configuration and security issues and issues that don't conform to the recommended best practices.

"Mark Olbert" <ChairmanMAO@xxxxxxxxxxxxxxxxx> wrote in message news:ts87649o128bsucdnj8rsarkjbg6t98edi@xxxxxxxxxx
I've been using Exchange for the last seven years to maintain calendars, contacts, etc. on my home LAN. However, I've never used it
to handle email, out of a fear that it was not "inherently" secure enough to expose it to the wilds of the internet without more
sysadmin experience than I have. Instead, I handle my email with postfix on a linux box, and restrict external access to the pop3
server to secure stunnel connections. On the Windows side, I currently run Exchange 2003 on a Server 2003 platform behind the
firewall.

I recently ordered the installation of the same environment for the startup company I work at, however, and was pretty impressed by
the ability of Exchange 2003 to interact with Outlook over http. This has caused me to want to rethink my "don't expose Exchange"
decision.

How hard is it to keep Exchange secure, in practice? I am diligent about applying patches and security fixes to all my Windows
software, and I don't mind investing time hardening systems. But I don't want to have to be in the trenches administering security
for Exchange on a weekly basis. Are there security risks related to Exchange's http connector? Advice, perspective and pointers to
resources would be appreciated.

On a more technical note, is setting up Exchange to use the http connector difficult? Does it require that all http traffic be
handled by the Windows Server Exchange is running on? Right now I run Apache httpd on my linux firewall/router to serve webpages,
and I'd like to continue doing that.

- Mark

.

Relevant Pages

  • RE: domino/exchange
    ... Exchange is a mail server that implements various groupware and scheduling ... Domino, on the other hand, is ... When it comes to security, Domino and Exchange have a lot in common. ... * Determining whether exchange is secure or not is difficult. ...
    (Security-Basics)
  • Free Security Seminar
    ... tested ways to make your Windows and Exchange environments more secure. ... Windows Server 2003 and Exchange ... you most certainly increase security. ...
    (microsoft.public.windows.server.sbs)
  • Exchange Security and Administration: Small/Tiny Site
    ... I've been using Exchange for the last seven years to maintain calendars, contacts, etc. on my home LAN. ... I am diligent about applying patches and security fixes to all my Windows ... is setting up Exchange to use the http connector difficult? ...
    (microsoft.public.exchange.setup)
  • RE: Email Encryption Between Servers
    ... It allows you to have a secure File and Messaging system. ... Subject: Email Encryption Between Servers ... Are the doctors going to have separate keys for each provider, doctor, ... manage key exchange, staff training, ...
    (Security-Basics)
  • Re: Question
    ... but I am new to cryptography and wish to know ... "Foolproof" is a hard term to define. ... A perfectly secure code can be made ... Plus it is very difficult to exchange these long keys ...
    (sci.crypt)