On Tue, 12 Oct 2004 08:06:15 +0200, Lettah LG. Dladla <lgdladla@xxxxxxxxx> wrote: > http://www.MSExchange.org/ > > Dear all > > I have activated the Web access , how do I make sure it is secured? How far do you want to go? Personally, I say go as far as you can without reducing (important and useful) functionality. 1) Disable all unessential services on the server hosting OWA 2) Make sure all Windows, Exchange, IIS, etc. security patches are up to date 3) Configure SSL for OWA (msexchange.org has an article about this) 4) Install URLScan and IISLockdown tools (make sure you read the documentation, specifically, if you don't set it up right, it will break OWA) 5) Put a firewall in-front of the OWA/Exchange server, so that only port 443 inbound and outbound traffic is allowed through to your Internet/external interface 6) Scan the server with up-date and Exchange aware anti-virus software 7) Make note of session time-outs for OWA, they are important for your security 8) Educate your users to CLOSE all web browser windows after they are done with OWA -- better yet, have them clear the cache and history if they can There are many other things you can do... search the net. I found this: http://techrepublic.com.com/1200-26-5124029.html ...D