Re: Making sure OWA is secure

  • From: "Lettah LG. Dladla" <Lgdladla@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 13 Oct 2004 08:07:48 +0200

Thanks Danny

could you please give the link to the "Configure SSL for OWA" article
I tried setching the site but not results found.


-----Original Message-----
From: Danny [mailto:nocmonkey@xxxxxxxxx]
Sent: Tuesday, October 12, 2004 6:21 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Making sure OWA is secure

Your mail has been scanned by InterScan.

On Tue, 12 Oct 2004 08:06:15 +0200, Lettah LG. Dladla
<lgdladla@xxxxxxxxx> wrote:
> Dear all
> I have activated the Web access , how do I make sure it is secured?

How far do you want to go? Personally, I say go as far as you can
without reducing (important and useful) functionality.

1) Disable all unessential services on the server hosting OWA
2) Make sure all Windows, Exchange, IIS, etc. security patches are up to date
3) Configure SSL for OWA ( has an article about this) 
4) Install URLScan and IISLockdown tools (make sure you read the
documentation, specifically, if you don't set it up right, it will
break OWA)
5) Put a firewall in-front of the OWA/Exchange server, so that only
port 443 inbound and outbound traffic is allowed through to your
Internet/external interface
6) Scan the server with up-date and Exchange aware anti-virus software
7) Make note of session time-outs for OWA, they are important for your security
8) Educate your users to CLOSE all web browser windows after they are
done with OWA -- better yet, have them clear the cache and history if
they can

There are many other things you can do... search the net. 

I found this:


List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking:
Leading Network Software Directory:
No.1 ISA Server Resource Site:
Windows Security Resource Site:
Network Security Library:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as: 
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: