Solved

How safe is Outlook Web Access?

Posted on 2004-04-12
2
411 Views
Last Modified: 2011-09-20
I currently only have OWA available through VPN access because I'm afraid that if I open up the port we are going to be attacked.  How safe is OWA?  Is it only safe when you have front and back end servers?  It would be a lot easier for me to just allow users to access their e-mail without the use of a VPN, because most of the user's don't like the VPN and have trouble using it.  Thank your for any information you have on the subject.
0
Comment
Question by:jonykarate
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 10

Accepted Solution

by:
dstoker509 earned 50 total points
ID: 10807692
OWA is very safe when setup correctly.  For Exchange 2000/2003, the best method is to have the FE servers located in the internal network with an ISA proxy located in the DMZ.  Read http://www.msexchange.org/tutorials/pubowa2003toc.html

You can also do it with the FE server located in the DMZ, but you will have to open more ports through your internal firewall.
http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html
0
 
LVL 10

Expert Comment

by:OneHump
ID: 10808090
The safety question is not with OWA, but with the data OWA provides access to.  Keep in mind that you're running IIS which has its share of security concerns.  Keep your security patches current, open only the ports you need and use SSL AND, without question, use dual factor authentication.  Do those things and you are probably OK.  

The only way to completely secure your data is to not expose it to the Internet.  All you are doing here is reducing risk, not eliminating it.

OneHump
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question