Re: Making sure OWA is secure

  • From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 12 Oct 2004 12:28:22 -0400

Danny, do you have a server with only 443TCP access on the internet?  What
was your thinking for this type of setup and what does it provide your
company?  As long as we're viewing that as recommendation?

5) Put a firewall in-front of the OWA/Exchange server, so that only port 443
inbound and outbound traffic is allowed through to your Internet/external
interface 

-----Original Message-----
From: Danny [mailto:nocmonkey@xxxxxxxxx] 
Sent: Tuesday, October 12, 2004 12:21 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Making sure OWA is secure

http://www.MSExchange.org/

On Tue, 12 Oct 2004 08:06:15 +0200, Lettah LG. Dladla <lgdladla@xxxxxxxxx>
wrote:
> http://www.MSExchange.org/
> 
> Dear all
> 
> I have activated the Web access , how do I make sure it is secured?

How far do you want to go? Personally, I say go as far as you can without
reducing (important and useful) functionality.

1) Disable all unessential services on the server hosting OWA
2) Make sure all Windows, Exchange, IIS, etc. security patches are up to
date
3) Configure SSL for OWA (msexchange.org has an article about this)
4) Install URLScan and IISLockdown tools (make sure you read the
documentation, specifically, if you don't set it up right, it will break
OWA)
5) Put a firewall in-front of the OWA/Exchange server, so that only port 443
inbound and outbound traffic is allowed through to your Internet/external
interface
6) Scan the server with up-date and Exchange aware anti-virus software
7) Make note of session time-outs for OWA, they are important for your
security
8) Educate your users to CLOSE all web browser windows after they are done
with OWA -- better yet, have them clear the cache and history if they can

There are many other things you can do... search the net. 

I found this: http://techrepublic.com.com/1200-26-5124029.html

...D

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


Other related posts: