S 2.481 Planning the use of Exchange for Outlook Anywhere

With Outlook Anywhere users can access Exchange via the internet. This is a server-side delivery service and not a client software. Since data traffic on the internet is more susceptible to attacks than data traffic within an intranet, it is recommendable to select a security strategy involving as many security options as possible.

Use of SSL for Outlook Anywhere

If Outlook Anywhere is to be used for accessing Exchange information via the internet, a valid SSL certificate (Secure Sockets Layer) must be installed, whereby this certificate must have been issued by a certificate authority (CA) that is trustworthy for the operating system of the client computer.

Use of the SSL shift for Outlook Anywhere

When using an SSL proxy assuming SSL encryption of the data traffic directed towards the client access server, the so-called SSL shift must be configured correctly for Outlook Anywhere. In doing so, the SSL connection establishment is performed completely using the SSL proxy in order to save valuable bandwidth and resources.

Configuration of the authentication for Outlook Anywhere

The authentication method for Outlook Anywhere must be selected. Default authentication and integrated Windows authentication should not be configured at the same time, with the latter being more secure.

The specific implementation of these requirements for version 2010 is as follows, for example:

Review questions:

© Federal Office for Information Security. All rights reserved.