Our users, those that have access to OWA, use RSA SecurID tokens. Works well, cause then all the user needs to do is enter in their username and then a PIN + the six numbers that show up on the token.
_____________________________ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Ine Phone: 847-890-4021 Fax: 847-255-1896 ccoo...@aurico.com <mailto:ccoo...@aurico.com> From: Don Andrews [mailto:don.andr...@safeway.com] Sent: Monday, March 16, 2009 3:04 PM To: MS-Exchange Admin Issues Subject: RE: question on Delivery Restrictions If you're worried about that, you might consider some additional security on your OWA access (2 factor authentication or whatever) ________________________________ From: Thomas Gonzalez [mailto:tgonza...@girlscouts-swtx.org] Sent: Monday, March 16, 2009 12:56 PM To: MS-Exchange Admin Issues Subject: RE: question on Delivery Restrictions Ok, I just set the user initiated sync to disable. Let me try that and see what the logs state for this user. All I'm trying to do is protect our environment, because from what I have seen in the CISCO side, is plain text, (at least that's what I see) when the RIM connects. I've been explaining or trying to justify that if we allow the devices to connect, then we need the BES so we can have access to them for wipe / delete. I'm by no means a BES expert and like most of you all, I'm a one man shop. I never knew staff was using their personal RIMs to gain access to the email server. This was by stumble and I just want to ensure we (GS) are safe and sound. I don't want to appear on the news with girl info stolen. :0 From: Sherry Abercrombie [mailto:saber...@gmail.com] Sent: Monday, March 16, 2009 2:49 PM To: MS-Exchange Admin Issues Subject: Re: question on Delivery Restrictions You can disable Outlook Mobile Access and User Initiated Synchronization, and still leave OWA enabled on the AD account properties. On Mon, Mar 16, 2009 at 2:44 PM, Thomas Gonzalez <tgonza...@girlscouts-swtx.org> wrote: You are correct Michael, however, on a staff of 60 we only have 4 members who are accessing the mail server using BIS. Since I have been monitoring the W3SVC logs, the ips appear to be static. I'm going to test with one of the staff that has their personal RIM connecting to get the email. If I see good information generated in the logs, then I'll add the other ips as well. Thanks, Thomas -----Original Message----- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Monday, March 16, 2009 2:40 PM To: MS-Exchange Admin Issues Subject: Re: question on Delivery Restrictions Blocking the correct range of IPs will block them, like it would anyone else. What do you hope to secure that isnt wide-open via OWA or anything else that can utilize OWA connectivity, etc? You're gonna have a lot of IPs to block. A LOT. -- ME2 On Mon, Mar 16, 2009 at 3:28 PM, Thomas Gonzalez <tgonza...@girlscouts-swtx.org> wrote: > *****Bump***** > > > > From: Thomas Gonzalez > Sent: Monday, March 16, 2009 11:50 AM > To: MS-Exchange Admin Issues > Subject: question on Delivery Restrictions > > > > Our environment is as follows: Windows 2003 sp1 with Exchange 2003 > 6.5.7638.1 with Ninja as our line of defense. > > > > So I am trying to prevent our RIM BIS users from connecting up to our server > via OWA, which I see is the source to allow them to retrieve their email. My > question is this: if I set under the ESM à Global Settings à Message > Delivery (Properties) à Connection Filtering à Global Accept and Deny List > Configuration à Deny and put the RIM IP, will that stop that device from > connecting? > > > > We really do not have a said wireless PDA policy in place, but we are > discussing this issue as being a security hole since the device is not > maintained for wipe / delete through OMA. My thoughts are to be proactive > and try to prevent these users from accessing their email through their > personal RIM product till we put the wireless PDA policy in the employee > handbook. > > > > (I know I can disable OWA through the AD Plugin and remove the access but > these users still need OWA.) > > > > > > TIA, > > > > Thomas Gonzalez > > Technology Manager > > Girl Scouts of Southwest Texas > > 210.349.2404 phone > 210.403.1586 DID > > 210.349.2666 fax > > www.girlscouts-swtx.org > > tgonza...@girlscouts-swtx.org > > > > > > This email and any attached files are confidential and intended solely for > the intended recipient(s). If you are not the named recipient you should not > read, distribute, copy or alter this email. Any views or opinions expressed > in this email are those of the author and do not represent those of the Girl > Scouts of Southwest Texas. Warning: Although precautions have been taken to > make sure no viruses are present in this email, Girl Scouts of Southwest > Texas cannot accept responsibility for any loss or damage that arise from > the use of this email or attachments. > > > > > > This email and any attached files are confidential and intended solely for > the intended recipient(s). If you are not the named recipient you should not > read, distribute, copy or alter this email. Any views or opinions expressed > in this email are those of the author and do not represent those of the Girl > Scouts of Southwest Texas. Warning: Although precautions have been taken to > make sure no viruses are present in this email, Girl Scouts of Southwest > Texas cannot accept responsibility for any loss or damage that arise from > the use of this email or attachments. > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Girl Scouts of Southwest Texas company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Girl Scouts of Southwest Texas. Warning: Although precautions have been taken to make sure no viruses are present in this email, Girl Scouts of Southwest Texas cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~