[ExchangeList] Re: Exchange Secure OWA and Active Sync - DMZ Architecture

  • From: "Milind Naphade" <milind.naphade@xxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 20 Jul 2011 01:01:05 +0530

http://www.msexchange.org
-------------------------------------------------------Ravi,

First thing..  You cannot put the CAS servers DMZ. That is an unsupported
configuration. Microsoft already has a white paper published for securing
client access servers here
http://technet.microsoft.com/en-us/library/bb400932%28EXCHG.80%29.aspx and
http://technet.microsoft.com/en-us/library/bb400932.aspx This should also
help,
http://www.msexchange.org/articles_tutorials/exchange-server-2007/security-m
essage-hygiene/hardening-exchange-server-2007-part1.html

If you want another layer of security for securing your CAS infrastructure
on internet, then there are some third party options available in market. I
do not recommend anything but I have seen RSA being used as 2FA for most of
the companies. 

Regards,
Milind

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Ravi Dogra
Sent: 20 July 2011 0:28
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Exchange Secure OWA and Active Sync - DMZ
Architecture

http://www.msexchange.org
-------------------------------------------------------Hello,

I am looking to make OWA and Active Sync available in most secured way. here
is my current network architectur:-

CCR mailbox cluster
HUB+CAS (installed on same node)

We have single firewall and have two segregated networks (say 'production'
and 'internet'). I intend to configure something like frontend server so
that OWA and Active Sync services can be made available.

I am not sure what solution will be best considering security aspect.

Please suggest.

--
RD
-------------------------------------------------------
List Archives: http://www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials:
http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx 


-------------------------------------------------------
List Archives: http://www.freelists.org/archives/exchangelist/  
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp 
MSExchange Articles and Tutorials: 
http://www.msexchange.org/articles_tutorials/ 
MSExchange Blogs: http://blogs.msexchange.org/ 
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx 

Other related posts: