Permabanned
- Joined
- 28 Dec 2009
- Posts
- 13,052
- Location
- london
This other guy upgraded exchange 03 to 2010 where i work and I am not an exchange expert but i do know some things.
My question is around the way in which it has been configured. It is a 100 user site with 2x250gb databases. The way it has been configured is just with all the roles on one server and the exchange server is natted to the internet. Now with the internal url and external url, he has set them all to the same, mail.domain.com. He has also enabled outlook anywhere. I was asked to setup outlook anywhere for one user who has rubbish internet and wants a cache mailbox on their desktop at home. Although security wise i was not happy about this but its quite slack here so ends up doing it. But in the process i found that internally we seem to be using outlook anywhere. Now in previous versions the "connect using http" was not enabled internally but i have since learned that in 2013 its all done over http now, not sure if that is correct, but that is what the guy said when we were doing a 03-10-13 migration at another site.
The question is realy should we be using "connect over http" option internally when on exchange 2010. I tried disabling it on my profile but it auto reenables.
This is how the advanced connection settings look internally. Now for external outlook anywhere it is near identical. I also noticed on the outlook anywhere settings on the exchange server that plain text authentication is enabled and ignore clients certs is enabled.
Has he set it up with the least secure configuration possible? I was reading this other site where they have actual internal and external url are different. Where the internal domain does not have external domain in it. It seems all he has done internally is set up a dns record of mail that points to the internal ip.
Now i know that ideally we should have a client access server in the dmz but is there a security risk with the internal url being the same as the external url and is the connect over http internally correct?
My question is around the way in which it has been configured. It is a 100 user site with 2x250gb databases. The way it has been configured is just with all the roles on one server and the exchange server is natted to the internet. Now with the internal url and external url, he has set them all to the same, mail.domain.com. He has also enabled outlook anywhere. I was asked to setup outlook anywhere for one user who has rubbish internet and wants a cache mailbox on their desktop at home. Although security wise i was not happy about this but its quite slack here so ends up doing it. But in the process i found that internally we seem to be using outlook anywhere. Now in previous versions the "connect using http" was not enabled internally but i have since learned that in 2013 its all done over http now, not sure if that is correct, but that is what the guy said when we were doing a 03-10-13 migration at another site.
The question is realy should we be using "connect over http" option internally when on exchange 2010. I tried disabling it on my profile but it auto reenables.
This is how the advanced connection settings look internally. Now for external outlook anywhere it is near identical. I also noticed on the outlook anywhere settings on the exchange server that plain text authentication is enabled and ignore clients certs is enabled.
Has he set it up with the least secure configuration possible? I was reading this other site where they have actual internal and external url are different. Where the internal domain does not have external domain in it. It seems all he has done internally is set up a dns record of mail that points to the internal ip.
Now i know that ideally we should have a client access server in the dmz but is there a security risk with the internal url being the same as the external url and is the connect over http internally correct?
Last edited: