Securing Outlook Web Access

 < Day Day Up > 

OWA provides the interface for users to access their mail through Internet Explorer (IE). When compared to previous versions, OWA is far superior , not just in functionality but also in terms of security. At a quick glance, OWA provides the following security features and enhancements:

  • Built-in S/MIME support

  • Stripping of Web beacons , referrals, and other potentially harmful content from messages

  • Attachment blocking

  • OWA form-based (cookie) authentication

  • Session inactivity timeout

  • OWA infrastructure using IPSec and Kerberos

  • Safe and block lists

Protecting Against Potentially Harmful Message Content

Outlook 2003 gives the option to read messages in HTML (default), rich text, and plain text formats. If these users are employing plain text format to read their messages, they are not at risk of Web beacons giving away their information. The messaging experience is not as rich, but security vulnerabilities are minimized. OWA users, on the other hand, are particularly susceptible to Web beacons because all messages are read using the HTML format.

This risk is easily thwarted, however, by keeping the default OWA setting of blocking external content in HTML messages. On the OWA Options page, there is a single check box under the Privacy and Junk E-mail Prevention section that helps prevent such a risk.

Blocking Attachments Through OWA

The concept and functionality of blocking attachments is similar to that of Outlook 2003. The implementation, however, is different; an administrator enables attachment blocking by modifying the Registry. To enable attachment blocking for OWA, do the following:

  1. Start the Registry Editor by typing regedit in the Start, Run dialog box on the OWA server.

  2. Locate the following Registry key:

     
     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWeb\OWA 
  3. Create a new DWORD value by selecting New, DWORD Value from the Edit menu.

  4. In the right window pane, type DisableAttachments for the name of the DWORD value.

  5. Right-click DisableAttachments and select Modify.

  6. Select Decimal and then type one of the following values for the configuration that is required:

    to allow all attachments

    1 to block all attachments

    2 to allow only attachments from the back-end servers

  7. Click OK when done.

Using Safe and Block Lists

Like the Outlook 2003 features, many of the OWA counterparts match the functionality. This holds true when using safe and block lists. These lists are managed in the Options page within OWA. On the OWA Options page, locate the Privacy and Junk E-mail Prevention section and click on the Manage Junk E-mail Lists button to modify the Safe Senders, Safe Recipients, or Blocked Senders list, as illustrated in Figure 11.9.

Figure 11.9. Managing safe and block lists in OWA.

graphics/11fig09.gif

 < Day Day Up > 


Microsoft Exchange Server 2003 Unleashed
Microsoft Exchange Server 2003 Unleashed (2nd Edition)
ISBN: 0672328070
EAN: 2147483647
Year: 2003
Pages: 393
Authors: Rand Morimoto

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net