Dean, Thanks very much. That's exactly the answer I was looking for.
Jim On Jan 24, 2008 1:46 PM, Dean Cunningham <[EMAIL PROTECTED]> wrote: > Hi Jim, > > Without knowing the details of your RSA setup/firewall/phone type and > exchange config is pretty had to answer, but...hey ... ill have a go > with some principles :-) > > Both services run over port 80(or 443), if your 2 factor security > controls just the port 80(or 443), then yes, I would expect your phones > to be broken. > > If your 2-factor security is able to control the urls then you may be > able to configure each url separately > > http://server/exchange/owa 2-factor > http://server/exchange/oma no 2-factor > http://server/excahnge/activesync no 2-factor > > these urls may be wrong... but give you an idea > > have a look at \\server\WINDOWS\system32\LogFiles\W3SVC1 log files to > give you an idea of the URLs used > > it depends on the exchange service and the url it uses > > In our case we us RSA-secureid integrated with our firewall and use vpn > software on the windows mobile phones (or and windows device supported > by the vpn software). This means that the phone user needs to validate > using two factor each time they establish a data session (vs > send/receive email) typically, this is once a day. Our (my??) security > policy is that any port inward must have 2-factor authentication, unless > there is a very good reason not to (port 25 in to our mail server has a > very good reason :-) ). We buy phones that can run our VPN software. I > am responsible for phones (all of ICT actually) so it is easy for the > phone,mail and security department heads to come to agreement as it is > all going on in my head...;-) > > One way to mitigate this is to have two front end servers, one that only > has oma service running (for the phones) and the other to do the other > services that require 2-factor. > > There may be other exchange tweaks that others could suggest??? > > HTH > > Cheers > Dean > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Jim > Blunt > Sent: Tuesday, 22 January 2008 05:53 > To: Exchange Discussions > Subject: 2-factor authentication > > Ladies and gentlemen, > > Just a quick question here. > > We have a native 2003 AD, with a native Exchange 2003 setup. We use > RSA SecurID for our 2-factor authentication, when connecting to our > network from an outside source. > > Our security guys want me to implement this 2-factor authentication on > our OWA portal as well. > > The only question I have, is this: Will implementing the 2-factor > authentication on the OWA portal break the push that we are capable of > doing now, to management's cell phones? > > Thanks in advance, > > Jim _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
