This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

standalone EAS Proxy - HAFNUM hardening

We have setup a standalone EAS Peoxy for Ms ActiveSync to Exchange.

Next step would be to use the Sophos Mobile Secure E-mail cliënt to only allow known Sophos Secure E-mail Clients. But configuring Mobile MDM is not that straight forward.

Is the standalone EAS Proxy in itself a secure solution over direct Ms ActiveSync to Exchange? Or is it just an open pass tru also exposing the Exchange vulnerabilities?

regards,

Fred

This thread was automatically locked due to age.

Top Replies

GlennSen over 2 years ago in reply to Franklin Rios +1 verified

Hi, As per further checking the EAS Proxy will only allow those devices through where the ActiveSync ID of the email app is known and allowed.Though there is no guarantee that it is sufficient though to…

0 GlennSen over 2 years ago

Hi There,

Thank you for reaching us allow us to have a quick check on this and get back to you. Also, Can you share with us the version of your Sophos Mobile?

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 Fred_B over 2 years ago in reply to GlennSen

We are using Central Sophos Mobile.
Cancel
Vote Up 0 Vote Down

Cancel
0 Franklin Rios over 2 years ago

If you’ve got an operating system exposed to the Internet, discoverable via Shodan, it is exploitable within minutes. What is the impact of that? If it’s in a chemical, pharmaceutical, food factory, or refinery, that’s a problem not just for downtime but more importantly because it could cause a safety or environmental incident. If it’s a temperature gauge, that’s much less risk. Companies will have a risk register for everything else, including natural disasters. They should have one for OT cybersecurity risk too.

MyCCPay
Cancel
Vote Up 0 Vote Down

Cancel
+1 GlennSen over 2 years ago in reply to Franklin Rios

Hi, As per further checking the EAS Proxy will only allow those devices through where the ActiveSync ID of the email app is known and allowed.Though there is no guarantee that it is sufficient though to completely prevent the attack performed via Hafnium.

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Cancel