Microsoft KB Archive/313303

= Securely Deploy Mobile Information 2001 Server =

Article ID: 313303

Article Last Modified on 10/28/2006

-

APPLIES TO


 * Microsoft Mobile Information Server 2001 Enterprise Edition

-



This article was previously published under Q313303



SUMMARY
Wireless mobile devices must interact with corporate networks in a secure manner. This is particularly true if the user of the device requires mobile access to sensitive corporate data. This article presents guidelines for deploying a secure installation of Mobile Information 2001 Server.



MORE INFORMATION
To secure your internal network, follow these steps:
 * 1) Install the master user account domain controller in the same domain as the data source.
 * 2) Put your Mobile Information Server (MIS) servers in a separate subnet bounded by routers to isolate them from the rest of your network.

This type of subnet is sometimes called a perimeter network.
 * 1) Configure the ports on the internal router between the intranet and the perimeter network to permit them to communicate. For more information about the required port assignments, see the &quot;Port Requirements for the Internal Firewall&quot; topic in the Microsoft Mobile Information 2001 Server Enterprise Edition Planning and Installation Guide.
 * 2) Configure the ports on the external router between the intranet and the perimeter network and the Internet to permit them to communicate. For more information about the required port assignments, see the &quot;Port Requirements for the External Firewall&quot; topic in the Microsoft Mobile Information 2001 Server Enterprise Edition Planning and Installation Guide.

To secure the link to the carrier network, follow these steps:
 * 1) To provide maximum security on the link between the intranet and the carrier network, connect to a carrier that has deployed Mobile Information Server Carrier Edition (MIS-CE). Although this is not required, the connection will not be as secure.
 * 2) Negotiate with your carrier for an Internet Protocol Security (IPSec) policy that is compatible with your network's policy.
 * 3) Set up your MIS installation to use the IPSec policy. For more information, see the &quot;Security&quot; section of the Mobile Information Server Enterprise Edition Administration Guide.
 * 4) Agree with your carrier on a certification authority for user key negotiation.
 * 5) Configure your MIS installation to use the certification authority.

To secure the link to the mobile device, follow these steps:
 * 1) Ask your carrier about the level of security between the carrier and mobile devices.
 * 2) Make sure that your carrier provides connections with password encryption.
 * 3) Make sure that your carrier encrypts data with a wireless protocol.

Keywords: kbhowtomaster KB313303

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.