How safe is Outlook Web Access?

I currently only have OWA available through VPN access because I'm afraid that if I open up the port we are going to be attacked.  How safe is OWA?  Is it only safe when you have front and back end servers?  It would be a lot easier for me to just allow users to access their e-mail without the use of a VPN, because most of the user's don't like the VPN and have trouble using it.  Thank your for any information you have on the subject.
Who is Participating?
dstoker509Connect With a Mentor Commented:
OWA is very safe when setup correctly.  For Exchange 2000/2003, the best method is to have the FE servers located in the internal network with an ISA proxy located in the DMZ.  Read

You can also do it with the FE server located in the DMZ, but you will have to open more ports through your internal firewall.
The safety question is not with OWA, but with the data OWA provides access to.  Keep in mind that you're running IIS which has its share of security concerns.  Keep your security patches current, open only the ports you need and use SSL AND, without question, use dual factor authentication.  Do those things and you are probably OK.  

The only way to completely secure your data is to not expose it to the Internet.  All you are doing here is reducing risk, not eliminating it.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.