Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OWA - How secure is it?

Status
Not open for further replies.
kevstar

kevstar

Programmer
Nov 21, 2001
109
GB
I am running Exchange 2000 with the OWA. I wanted to know how secure this is if we are using it accross the internet.

I had a fellow worker tell me that it really wasnt that secure and that a VPN solution across the internet was a better way forward.

When I say VPN I dont mean going out and purchasing loads of licences he said that the VPN that is built into windows when you add a new connection would suffice.

I am not so sure as you will only be authenticating on the firewall anyhow, so what is the difference and the Microsoft windows version of VPN doesnt (to my knowledge) run anything like SHA-1 or 3DES.

All in all could someone put my mind at ease as to how secure OWA is accross http traffic.

Thanks for your help

Kev
 
Sort by date Sort by votes
OWA over http is un-secure, but there are plenry of white papers out there regaurding using OWA over https. While it is not the most secure, it is secure enough for most scenarios if properly implimented and enforced.

VPN would be more secure but the ease of use factor is lost, and most end users I work with would not be able to set it up on there own and the traveling user may not be able to use it depending upon the configuration of the kiosk they are using.
 
Upvote 0 Downvote
IIS isn't a particularly secure web server, but if you block port 80 to it and allow only 443 then you should have no trouble with virtually all the popular hacks and worms against it.

 
Upvote 0 Downvote
Don't even bother to use OWA over the internet unless you have another exchange server in a DMZ.
Just take a look at the traffic passing between your exchange server and the the rest of your domain.

Also, I found out (a bit late) that you need Exchange Enterprise edition if you want an OWA front end server - this costs a lot more than standard.

Good luck.

---------------------------------------
save a life - visit:
 
Upvote 0 Downvote
SO what we are saying is that OWA is not a lot of good and presumably using it accross the web is not secure and should be shut down?

Thanks for your help
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
1K
microsGuy16
microsGuy16
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
956
DrB0b
DrB0b
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
DrB0b
  • Locked
  • Question
Issue removing large deleted items folder's contents
Replies
1
Views
1K
DrB0b
DrB0b
ponoodle
  • Locked
  • Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
1K
ponoodle
ponoodle

Part and Inventory Search

Sponsor

Back
Top