• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

OWA Vulnerability

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Outlook Web Access >> OWA Vulnerability Page: [1]
Login
Message << Older Topic   Newer Topic >>
OWA Vulnerability - 13.Nov.2006 1:38:40 PM   
elekovic

 

Posts: 13
Joined: 15.Jul.2004
From: New York
Status: offline
If I have this scenarion, one exchange server with IIS for OWA, users connect from outside the network using OWA and the web site is SSL secured. My question is, what vulnerability does my network have when a user connects to his email from outside the network using OWA; what would prevent hacker from getting into the user's mailbox and somehow get into our server or network. How can I prevent such damage? Do I have to install or setup something on the client's computer or on the IIS or exchange server? Appreciate you help.
Elsa
Post #: 1
RE: OWA Vulnerability - 13.Nov.2006 1:42:11 PM   
jchong

 

Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
Implement forms based authentication for OWA. This implements the use of a cookie timeout session.

http://www.msexchange.org/tutorials/OWA2003Forms-based-Authentication-default-domain.html

_____________________________

James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

(in reply to elekovic)
Post #: 2
RE: OWA Vulnerability - 13.Nov.2006 1:49:01 PM   
jchong

 

Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
My fault, you're running Ex 2000 which doesn't support forms based. I would suggest upgrading your FE to 2003.

_____________________________

James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com

(in reply to jchong)
Post #: 3
RE: OWA Vulnerability - 13.Nov.2006 2:18:19 PM   
elekovic

 

Posts: 13
Joined: 15.Jul.2004
From: New York
Status: offline
Thanks for the fast reply
What I'm looking for is to know what are the vulnerabilities or risks factors of having a user connect to our email server via OWA? How can this access affect my server, and hence, my network?

(in reply to jchong)
Post #: 4
RE: OWA Vulnerability - 13.Nov.2006 2:20:42 PM   
elekovic

 

Posts: 13
Joined: 15.Jul.2004
From: New York
Status: offline
by the way, you mentioned something about cookies on your last post. I guess cookie can be a risk factor, but how?   Keep in mind, we do have SSL.

(in reply to elekovic)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Outlook Web Access >> OWA Vulnerability Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter