How to Secure Exchange 2010 Client Access Server (CAS)?
This article is completely targeting discussion about ‘how to secure Exchange 2010 client access server?’. As you might know that Exchange server is one of the extensively organized mail servers in the present arena. Its portfolio of features such as social collaboration, intelligent message filter, and connection filtering act as a feather in cap. Along with this, security as well authentication is the main concern for almost all the users who are using MS Exchange Server on their system and has client access control installed on their system. It offers an access to Outlook Anywhere, POP3 (Post Office Protocol version 3), IMAP4, MS Exchange ActiveSync, and OWA. Moreover, it also supports autodiscovery and availability service. All protocols & services have need of security. In the following section, we will discuss how to Secure Exchange 2010 Client Access Server?
Managing Authentication in CAS
The essential security-related tasks can be performed for the CAS (Client Access server) is to configure the method for authentication. CAS is installed by default self-signed digital certificate. There are two main things, which are done by digital certificate as mentioned:
- Authenticates the holder.
- Protect online Exchanged data from tampering.
Although the default, self-signed certificate is supported in Exchange ActiveSync as well as Outlook Web App, which is not the safest way for authentication. Moreover, it is not supported for Outlook Anywhere. For more security, it is considered to configure Exchange 2010 Client Access server is to utilize a trusted certificate from a certification authority (CA) or from PKI CA. Users can configure authentication separately for Outlook Web App, IMAP4, Exchange ActiveSync, POP3, and Outlook Anywhere.
Ways to Improve Secure Communications in CAS
Once the secure communications are optimized between clients and the Exchange 2010 Client Access server (CAS), users must optimize the security communications between Exchange 2010 CAS and other servers, which are there in an organization. However, by default POP3, HTTP, IMAP4, and Exchange ActiveSync, communication between CAS and other servers are encrypted.
Exchange Active Security
There are numerous of security-related tasks that can be performed on the server, which is running Exchange ActiveSync. Out of which, one of the most important way to configure an authentication method, which runs on a system having Exchange 2010 that has CAS role installed. This server role is installed by default self-signed digital certificate. While the self-signed certificate is supported for Exchange ActiveSync, it is not the most secure way of authentication.
Device Security: Secure Exchange 2010 Client Access Server
In addition, of improving Exchange ActiveSync server security, users must consider enhancing the security of their mobile phones. There are numerous of ways, which can help to enhance the mobile phones security.
#1 Exchange ActiveSync Mailbox Policies
Exchange ActiveSync for Exchange 2010 allows users in creating Exchange ActiveSync mailbox policies to apply the settings of common set of security to user’s collection, which includes:
- Password requirement
- Identifying minimum length of password
- Needs special characters in password
- Describe the period of inactive of mobile phone and it is needed to re-enter the password
- Identifying the mobile device can be spread if incorrect password is entered more than the specified times.
#2 Remote Device Wipe
Mobile phones can save sensitive data, which fits to the organization and gives an access to the organization’s resources. If it all a mobile phone is lost then, that data can be compromised.
Security for Outlook Web App
OWA for MS Exchange Server 2010 provides a variety of features of security that users can configure to suit the security needs of their organization.
Users can configure the mentioned types of authentication ways on the Exchange 2010 CAS:
- Standard authentication ways are:
- Basic authentication
- Integrated Windows authentication
- Digest authentication
- Forms-based authentication
Segmentation gives a feature to allow or disable, which is available for users in Exchange 2010 OWA. However, by default, if any email is enabled in Exchange 2010 organization can utilize their mailbox by using OWA. It depends upon the requirements organization; users can utilize segmentation to configure the following:
- Restrict access to OWA for particular users.
- Control access to certain OWA features.
- Disable an OWA feature.
#3 Web Beacons
#4 Access File and Data
There are a numerous of features, which allows users to utilize files and data in OWA. Each of these features includes options for directing access to files and data.
- WebReady Document Viewing
- Direct File Access
- Windows File Share Integration