Check out www.messageware.com. They have OWA add-ins to deal with security issues such as leaving files in the cache on a public machine, time outs, re-authentication and navigation protection. They also do delegate management that will allow you to control who can see your calendar, etc. They are selling product, but you can get a good idea of exposures by looking at their site. There are some white papers there as well that are worth downloading that cover some OWA security exposures. ======================= One of the best architectures to implement this solution is to place a Microsoft ISA box in front of your Exchange servers. ISA will publish OWA and outside entities are not able to really "touch" the Exchange server without authentication at the ISA server. ISA server will provide a firewall to the Exchange environment and give you additional logging and management capabilities. We did this in our environment that I discussed in my <a href="http://itknowledgeexchange.techtarget.com/it-trenches/2000-users-new-mailboxes-one-weekend-done">blog post</a>. We implemented three ISA servers. One in each region, North America, Europe & Asia. This also allows users to login to another OWA connection if their regional server is down. OWA can be as secure as you design and implement it.

Check out www.messageware.com. They have OWA add-ins to deal with security issues such as leaving files in the cache on a public machine, time outs, re-authentication and navigation protection. They also do delegate management that will allow you to control who can see your calendar, etc. They are selling product, but you can get a good idea of exposures by looking at their site. There are some white papers there as well that are worth downloading that cover some OWA security exposures. ======================= One of the best architectures to implement this solution is to place a Microsoft ISA box in front of your Exchange servers. ISA will publish OWA and outside entities are not able to really "touch" the Exchange server without authentication at the ISA server. ISA server will provide a firewall to the Exchange environment and give you additional logging and management capabilities. We did this in our environment that I discussed in my <a href="http://itknowledgeexchange.techtarget.com/it-trenches/2000-users-new-mailboxes-one-weekend-done">blog post</a>. We implemented three ISA servers. One in each region, North America, Europe & Asia. This also allows users to login to another OWA connection if their regional server is down. OWA can be as secure as you design and implement it.