I am pretty new to the 2003 Microsoft world, but I am NT 4 MCSE.
My setup:
2 W2K3 DC's
1 Exchange 2K3 member server
1 W2K3 member server--web server
about 60 users--single domain
some of my users want to use Outlook Web Access to get their mail from home (approx. 10-15)
Everything is set up and running fine.
My question is, do I need Certificates to be secure? with this small amount of users it hardly seems necessary, but being new to the 2003 world, I just don't know.
If I do need certificates, can I do them myself without ANY other vendors involved?
Thanks to all of you for helping us and each other out...this is a great website.
Software/Hardware used:
ASKED:
June 29, 2005 11:45 AM
UPDATED:
July 5, 2005 9:59 AM
Giving direct access to OWA over the Internet is not a good security practice. While a certificate on the web server will provide you with transport security it does nothing to protect the web server itself and a standard firewall will pass all packets over expected ports. To solve this problem Microsoft has a recommended design which uses an ISA server in the DMZ acting as a bastion host in secure reverse proxy mode. The following link explains how it all hangs together:
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/owapublishing.mspx.
MS ISA is a good product, in particular on a W2K2 platform. My deployment passed security pen tests with flying colours
Yes – certificates are highly recommended (and easy).
Yes – you can self-certify.
A – Go through the AD entries and check that every user has their correct e-mail information.
B – Install certificate services on the webserver for AD authentication and either auto-issue or admin review and issue.
C – Show your users how to login to the webserver and obtain a certificate, Install to IE and Outlook. Enjoy.
Most important is to read the documentation MS actually did a good job.
Good luck.