OWA Vulnerability (Full Version)

All Forums >> [Microsoft Exchange 2000] >> Outlook Web Access



Message


elekovic -> OWA Vulnerability (13.Nov.2006 1:38:40 PM)

If I have this scenarion, one exchange server with IIS for OWA, users connect from outside the network using OWA and the web site is SSL secured. My question is, what vulnerability does my network have when a user connects to his email from outside the network using OWA; what would prevent hacker from getting into the user's mailbox and somehow get into our server or network. How can I prevent such damage? Do I have to install or setup something on the client's computer or on the IIS or exchange server? Appreciate you help.
Elsa




jchong -> RE: OWA Vulnerability (13.Nov.2006 1:42:11 PM)

Implement forms based authentication for OWA. This implements the use of a cookie timeout session.

http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html




jchong -> RE: OWA Vulnerability (13.Nov.2006 1:49:01 PM)

My fault, you're running Ex 2000 which doesn't support forms based. I would suggest upgrading your FE to 2003.




elekovic -> RE: OWA Vulnerability (13.Nov.2006 2:18:19 PM)

Thanks for the fast reply [:)]
What I'm looking for is to know what are the vulnerabilities or risks factors of having a user connect to our email server via OWA? How can this access affect my server, and hence, my network?




elekovic -> RE: OWA Vulnerability (13.Nov.2006 2:20:42 PM)

by the way, you mentioned something about cookies on your last post. I guess cookie can be a risk factor, but how? [8|]  Keep in mind, we do have SSL.




Page: [1]