• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Possible setup?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Possible setup? Page: [1]
Message << Older Topic   Newer Topic >>
Possible setup? - 25.Oct.2006 6:49:46 AM   


Posts: 1
Joined: 25.Oct.2006
Status: offline

Sorry if this is a dumb question as i am new to ISA

What i would like to do is as follows:

- Computer certificate from our own CA on Win mobile 5 device to ensure trusted device
- ISA 2006 using bridging mode to terminate connection in DMZ and configured  to use LDAP to authenticate user ID and password.

Is this a viable setup for mobile push from Exchange 2003 to Windows Mobile 5 devices and if so, are there any tips or tricks?


Post #: 1
RE: Possible setup? - 25.Oct.2006 10:17:49 AM   


Posts: 34
Joined: 5.Oct.2006
From: Livonia, Michigan
Status: offline
The only issue I can think of is that Exchange will only authenticate via basic auth.  Direct Push is essentially a stripped down OWA made just for phones.  It's more involved than that, but if you just take it to basics, it's still an Exchange published website meaning it won't work unless you do basic authentication.

The cert idea is nice and we're thinking about that at my place, also.

One thing of note, why the name/password prompt?  You can set direct push to need users to require a password and lock the device every few minutes.  If you set it to, say, a 6 digit password and to erase the device after 10 bogus attempts, I'd call that fairly secure.  If someone found a phone they'd have to know your length of password, first off.  Second, even if they did, that'd give them 6 1-in-100,000 attempts at getting on the phone, and once they fail on the 11th attempt, the phone wipes itself.  Third, if the phone is deemed lost, as long as it has the MSFP (i.e. AKU2) you can take action and wipe the device.  I also wouldn't allow anyone to use Direct Push without this feature pack. 

So my advice would be go for the cert idea, but leave the authentication to just using the Active Sync setup used on Mobile 5 devices.

(in reply to secanbj)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Possible setup? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts