Outlook web Access (OWA) security concerns

Tags:
Email security
Microsoft Outlook
Outlook Web Access
OWA
Hi, I'm trying to convince my boss that our organization can provide access to e-mail over the internet without security threats. I plan to use OWA. So, can you tell me the risks and the counter measures?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Check out www.messageware.com. They have OWA add-ins to deal with security issues such as leaving files in the cache on a public machine, time outs, re-authentication and navigation protection. They also do delegate management that will allow you to control who can see your calendar, etc.

They are selling product, but you can get a good idea of exposures by looking at their site. There are some white papers there as well that are worth downloading that cover some OWA security exposures.

=======================
One of the best architectures to implement this solution is to place a Microsoft ISA box in front of your Exchange servers. ISA will publish OWA and outside entities are not able to really “touch” the Exchange server without authentication at the ISA server. ISA server will provide a firewall to the Exchange environment and give you additional logging and management capabilities. We did this in our environment that I discussed in my blog post. We implemented three ISA servers. One in each region, North America, Europe & Asia. This also allows users to login to another OWA connection if their regional server is down. OWA can be as secure as you design and implement it.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kevin Beaver
    Risks with OWA are no different than with any other email system (or any application for that matter): weak passwords, no event logging, no system monitoring, no periodic security vulnerability testing, unencrypted laptops, mobile devices with zero security and so on. If you shore up the basics (the silly stuff that shouldn't be there) OWA is just fine.

    17,200 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following