Home
About UsOur CustomersContact Us 24/7MVP Expert Zone
WRTU
Forefront EDGE | TMG | UAG | IAG | DAForefront Endpoint | FEP | FCSForefront Server | FPE | FPSP | FSOCS | FSMMCIdentity and Access Management | IAM | IDM | FIMGeneral ForefrontMicrosoft Security
Articles
Intelligent Application Gateway | IAG 2007Forefront Unified Access Gateway | UAG 2010Forefront Threat Management Gateway | TMG 2010Forefront UAG DirectAccess | DAForefront Endpoint Protection | FEP 2010Forefront Client Security | FCSForefront Protection for Exchange | FPEForefront Protection for SharePoint | FPSPForefront Security for OCS | FSOCSForefront Server Security Management Console FPMCSForefront Identity Manager | FIM 2010Active Directory SecurityActive Directory Rights Management Services AD RMSActive Directory Federation Services | AD FSActive Directory Certificate Services | AD CS PKI
Videos
Intelligent Application Gateway | IAG 2007Forefront Unified Access Gateway | UAG 2010Forefront Threat Management Gateway | TMG 2010Forefront UAG DirectAccess | DAForefront Endpoint Protection | FEP 2010Forefront Client Security | FCSForefront Protection for Exchange | FPEForefront Protection for SharePoint | FPSPForefront Security for OCS | FSOCSForefront Server Security Management Console FPMSCActive Directory SecurityActive Directory Rights Management Services AD RMSActive Directory Federation Services | AD FSActive Directory Certificate Services | AD CS PKI
Forums
General for all Forums | AnnouncementsIntelligent Application Gateway | IAG 2007Forefront Unified Access Gateway | UAG 2010Forefront Threat Management Gateway | TMG 2010Forefront UAG DirectAccess | DAForefront Client Security | FCSForefront Endpoint Protection | FEP 2010Forefront Online Protection for Exchange | FOPEForefront Protection for Exchange | FPEForefront Protection for SharePoint | FPSPForefront Security for OCS | FSOCSForefront Identity Manage | FIM 2010Active Direcroty SecurityActive Direcroty Rights Management Services AD RMSActive Directory Federation Services | AD FS | WIFActive Directory Certificate Services | AD CS PKI
TechNet Forums
Services
DesignImplementationProject ManagementCustom Development and Customization
Online Training
Online Store
Shopping Cart
Online Support
Online Support and Debugging Tools
ForefrontSecurity TV
       
Article View
Securing ActiveSync with ActiveSync Protector on Forefront UAG / IAG / TMG / ISA
Created by Idan on 5/8/2011 11:51:25 AM

ActiveSync Protector is an add filter for Forefront (ISA / IAG / TMG / UAG) improving ActiveSync security

Background

Companies now realize that securing ActiveSync is as important as securing any remote access. The smart phone is a network tunnel to the internal network.

Therefore, tightening access control and requiring more than just usernames and passwords is essential.

Companies are also seeking to limit the content exiting the network to the minimum required and to workers truly requiring it.

Controlling who can connect and what data is allowed out of the organization network is the problem addressed by the ActiveSync Protector.

The Protector does not require any client installation and there for has cross platform support.

Content filtering

The Protector can ensure that the content published (Emails, Attachments, Tasks, Contacts, Events) is compatible with the security level requirements (by device type or Active Directory group membership).

By defining dynamic content rules you can make sure that the minimum content is exposed and only to authorized personnel.

The security concept implemented is to only let the required data / information get out of the network and only to the required consumers- as opposed to other solutions trying to protect the data on the smartphone.

Access Control

The solution takes advantage of the fact that the operation is performed from a unique and specific mobile smart phone. It implements a two factor authentication (TFA) access operation using the phone as the something you have and the ActiveSync credentials as something you know.

The filter includes several enrolment options to register the device for each user. Once the user has registered, the filter can verify during each authentication process that the user matches the device registered.

For the two steps registration process- an additional web site is used as part of the solution.

The protector also offers a solution for organizations using smart card login by allowing the user to create ActiveSync credentials in a web site requiring the smart card logon.

 

For more information please contact us Info@ForefrontSecurity.org

 

Thank you,

Idan Plotnik, Security Engineer, ForefrontSecurity.org

powered by metaPost

print
rating
 Comments