Outlook Web Access is a great convenience, but since it allows access to your Exchange server through the Internet,
it automatically increases the danger of security perils to that server.
While the Internet is notoriously unsafe, there are ways you can protect Exchange. One way is setting up Secure Socket Layer (SSL) encryption for your Exchange server so that when your users access it, their information will be encrypted and not subject to reading by the casual eavesdropper.
That's a good thing. Almost all the traffic on the Internet is in the clear, which means that it's sent so that anyone who intercepts it can read it. If you encrypt it using SSL, then anyone who wants to read it must have the appropriate encryption and decryption keys, or else they won't get intelligible information. They can crack the coding, but it's a long and laborious process, and unless your eavesdropper is really determined, he won't bother. So how do you go about setting this up?
First, you have to install a server certificate, which is basically a digital document that identifies your server to users as the server that you say it is. You can also get a certificate from a third party, such as VeriSign.
Once the certificate is installed, you should require that users employ SSL to access the Exchange server. This is a recommended setting, and you set it through the Computer Management snap-in tool on your Exchange server. The other option, which will be in effect unless you change it, is to allow SSL access to the server. Make sure that user names, passwords and messages cannot be read in the clear, so the only sensible choice at this point is to require SSL use to access the server, and not leave the security of your Exchange server up to your users.
Microsoft has a five-minute security advisor on this subject that contains detailed step-by-step instructions for making sure that users must employ SSL for access. The advisor also offers instructions for automatically redirecting users from the non-secure Exchange site to the secure site that they must access using SSL.
David Gabel has been testing and writing about computers for more than 25 years.
Do you have a useful Exchange tip to share? Submit it to our monthly tip contest and you could win a prize and a spot in our Hall of Fame.