Results 1 to 5 of 5

Thread: Outlook Web Access

  1. #1
    Join Date
    Sep 2001

    Outlook Web Access

    Is anyone aware of any security vulnerabilities of Outlook Web Access? All I can ascertain in terms of vulnerability that OWA introduces is the auto-execution of scripts embedded in HTML email when that email is viewed.

    Does anyone know of any other "surprises" that might be introduced with this service?



  2. #2
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    To start:

    5-minute Security Advisor - Configuring Outlook Web Access


    Security Operations Guide for Exchange 2000 Server


    Serach google for "outlook web access security" and you will find everything!
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Besides the post above this for a start, in general do not accept the M$ defaults, have a good firewall, enforce long passwords (warning if owners are lammers and They Will have Their password of GOD and GOD2 they will be hacked and it is your fault). Consider adding 24/7 network monitoring, or at least one new person because you will spend much of your time nursing lame users and their accounts. I'd ask the simple question if web access is needed is it 24/7 becuase most employers do not pay 24/7 and if so is all the access really being used for company business. Limit the number of users close it down the hours when not in use or at least login hours. Just some of my general everyday wqorks events of the past.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  4. #4
    Senior Member faust's Avatar
    Join Date
    Oct 2001
    exchange whitepaper

    The bug I hated the worst is with the Service Account. Default allows the sa account access to all! Needless to say I wasnt happy when I could access the CEO's email account. Glad I found it before someone else did...

    changing the service account

  5. #5
    Join Date
    Sep 2001
    It would seem then, that there are no known issues with OWA, other than locking down Windows, Exchange and the OWA software in accordance with the usual white papers from Microsoft and other security related sources. Is this the groups general consensus?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts