What are some of the OWA security implications and how can I fix them?
There are several ways to secure OWA. Microsoft’s recommended approach is a cookie based solution called Exchange Forms-based authentication, this comes with Exchange Server 2003. For added security make sure that users connect to OWA via SSL only. The article below from MSExchange.org has some more information on securing OWA. http://www.msexchange.org/tutorials/Securing-Exchange-Server-2003-Outlook-Web-Access-Chapter5.html Some additional security implications include: • Attachment security – opening and saving attachments may results in a copy of the file being left behind in the Temporary Internet Files folder on the client machine available for the next user to copy, print and email. Printing files can result in a hardcopy being left behind on a public printer or desk. Solution: You can block users from accessing attachments or look for a third party that does attachment conversions into safe HTML pages. • Session Inactivity – Users that are not active in OWA should be timed out t
