It is increasingly common for users to use mobile handheld devices to establish VPN connections with corporate networks. Although the VPN connection itself uses PPTP or IPSec encryption, the device itself can have significant security implications.
The problem with mobile devices is that they are completely out of control (unless you buy third party software). Windows does not have any group mechanism settings for mobile devices, so users can easily copy sensitive data from the corporate web and install the data in unencrypted format or on their mobile devices.
If that doesn't worry you, imagine that users don't even have to have a password for their mobile device. It is also common for users to set up their VPN, and the VPN password exists in the device and is provided automatically when connected. In fact, the mobile device opens a much-opened backdoor to your network. If the equipment is lost or stolen, the consequences are unimaginable!
There are a number of third-party products that can help you protect your mobile devices, but many people are unaware that Microsoft's Microsoft Exchange Server can do the same. In fact, the main goal of Microsoft in releasing service Pack 2 o'clock is to make mobile devices more secure and reliable. Enhancements to security are further improved in Exchange Server 2007.
The actual implementation of the security of the Exchange 2003 SP2 and Exchange 2007 mobile devices is different. Part of the difference is that Exchange 2007 uses some of the different management tools that are listed with Exchange 2003. Another reason is that Exchange 2007 allows users to use mobile device security on a per-mailbox basis. Exchange 2003 only allows you to use a single mobile device mechanism. Given the significant difference between the two versions of Exchange Server, I'll focus on Exchange 2007 in the later sections.
Establish a mobile device security mechanism
Establish a mobile device security mechanism in Exchange 2007, open the Exchange Management console and select "Organization Configuration | via the Console Wizard" Client Access. " When you select Client Access, the details panel displays all the mechanisms that you can use on your mobile device. Incidentally, in Exchange Server 2007, these mechanisms are referred to as Exchange ActiveSync Mailbox Policies. Now click on the new Exchange ActiveSync Mailbox policy link on the actions surface.