Locking down 2010 Webmail
Hi all,
I'm looking into two-factor authentication with a security company at present for our whole network. However, is it possible to lock down 2010 Webmail using exchange in anyway?
TIA
Mike
July 15th, 2011 10:51am
Yes you can do 2factor auth for OWA.
The easiest solution is to have something infront of Exchange that do the 2factor auth and if successful forward legitim traffic to OWA.
lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2011 11:01am
Not sure what you mean by lockdown, your can use a proxy such as ISA or TMG. It is a best practise to use such as product to publish OWA. More secure and you can lock down users who can use OWA etc...
Sukh
July 15th, 2011 4:32pm
Hello Mike,
Any update on the issue?Gulab | MCITP: Exchange 2010-2007 | Skype: Gulab.Mallah | Blog: www.ExchangeRanger.Blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2011 12:36am
Thanks for your responses. I think I was hoping that there was a way of running some kind of two-factor authentication on OWA without the use of a third party token. I was wondering whether I could lock Webmail down with an additional password
rather than protecting it from hackers. The issue I want to resolve is a person guessing or stealing my users general AD password and having full access to Webmail with that alone. I guess the only way to do this is to turn Webmail off! I presume
I will need token based two-factor authentication to do what I want though? I just thought there may be something built in to Exchange 2010 that might aid this and save me tens of thousands of pounds on tokens and back-end infrastructure.
Thanks as always.
Mike
July 16th, 2011 7:14am
There is sort of free way of doing this.
You can limit access to the OWA URL/IP with help of IPSEC in Windows and certificate based auth for the IPSEC connection.
The effect is only computers that can establish an IPSEC connection to OWA IP is allowed to use it. Most likely only domain joined windows computers.
What you need in your end is an certificate authority to issue cert to computers.
lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2011 7:26am
Thanks for your responses. I think I was hoping that there was a way of running some kind of two-factor authentication on OWA without the use of a third party token. I was wondering whether I could lock Webmail down with an additional password
rather than protecting it from hackers. The issue I want to resolve is a person guessing or stealing my users general AD password and having full access to Webmail with that alone. I guess the only way to do this is to turn Webmail off! I presume
I will need token based two-factor authentication to do what I want though? I just thought there may be something built in to Exchange 2010 that might aid this and save me tens of thousands of pounds on tokens and back-end infrastructure.
Thanks as always.
Mike
The best way would be to use 2 factor authentication which would simply secuirty, as you know there is a cost involved but this is something that you need to put forward to the business and let them decide (cost v secuirty).
Natively, you can expect something like this with Exch.Sukh
July 16th, 2011 7:45am
Hi Mike,
So you want to know whether Exchange server provide additional authentication besides the AD account credentials, is that correct?
If this is the scenario, no, there is not such solution provided by Exchange because Exchange tightly bounded with Active Directly.
To achieve Two-Factor authentication, you may consider Certificate-Based Authentication with smart card. Please refer to
<Publishing
Exchange Server 2010 with Forefront Unified Access Gateway 2010 and Forefront Threat Management Gateway 2010>
Exchange Related Deployment Scenario or Feature
Forefront TMG
Forefront UAG
Support two-factor authentication for Outlook Web App
Y
Y
For more information, see
Understanding Authentication for Outlook Web App
Fiona
Free Windows Admin Tool Kit Click here and download it now
July 18th, 2011 4:27am