Results 1 to 3 of 3
  1. #1
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    OWA 'additional' security

    I'd be interest if anyone who uses Outlook Web Access via Exchange Server 2003 for staff who work mainly at home could say whether they have found it necessary to implement any additional security measures on top of (say) strong passwords. A quick Google on "OWA security" brings up Session Guard, for example...

    Thanks

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: OWA 'additional' security

    For home PCs, the main concern probably is spyware and keyloggers, rather than strangers resuming an OWA session. Users should be required to have "clean" PCs (this may involve buying them good security software).

    Anyone using OWA on an untrusted PC should be aware of the risks of entering their network credentials and take at least minimal measures to prevent misappropriation, as described in To foil a Keylogger.

    It's much more of a challenge to determine whether there is spyware hooked into the browser, since users generally don't carry around antispyware scanners and usually would not have time to run one. One possible workaround is to carry a copy of Portable Firefox on a USB flash drive. However, Firefox will use the "Basic" OWA client rather than the "Premium" one made possible by ActiveX controls.

    And of course users connecting via wi-fi should be careful not to associate with an untrusted wireless access point. It may be possible to determine that is/is not a "man in the middle" by inspecting the SSL certificates.

  3. #3
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Cairns, Queensland, Australia
    Posts
    885
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: OWA 'additional' security

    Hi John,

    I have a number of people who work from home, other office travel and access their mail from all sorts of places - Internet cafes, business centres, hotel rooms, etc, etc, etc.

    As an added level of security for our network we use an RSA gateway before they get access to anything else.
    Granville

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •