Solved

Securing OWA - Exchange 2010

Posted on 2016-10-05
9
66 Views
Last Modified: 2016-10-06
Hi all,

Recently, we have had some issues regarding someone's email getting compromised. One of the examples was that someone logged in from a library computer and he cached in the password with the browser and didnt close the browser before leaving. Now my company wants to disable use of OWA externally or on Non company devices, unless we come up with a different approach to tackle such kinds of issues. Any ideas ?
0
Comment
Question by:Exchange User
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 43

Assisted Solution

by:Amit
Amit earned 62 total points
ID: 41830351
This is more education issue, rather technical issue. You need to educate your user about cyber security. In my company, we do it every 3 months.
0
 
LVL 16

Assisted Solution

by:Ivan
Ivan earned 62 total points
ID: 41830355
Hi,

You can try changing time-out session. That will help, but still will not be ultra secure.
More on that: https://technet.microsoft.com/en-us/library/cc995140.aspx

I would suggest using 2F authentication (2 factor), which would require users to have mobile application to generate key, or via sms. That way, even if someone would get users password, it would not do him any good.

I have tested eset 2f authentication last year, and it worked quite well.
https://www.eset.com/us/products/secure-authentication/

There are some other solutions, regarding 2FA, but I did not try them.

Regards,
Ivan.
1
 
LVL 3

Author Comment

by:Exchange User
ID: 41830371
Thanks Amit, you are absolutely right. Many things need to be taught to the users but not everyone is careful enough and we always have these little incidents.

Ivan, can I setup this 2 factor authentication only for OWA ?
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 40

Assisted Solution

by:Adam Brown
Adam Brown earned 62 total points
ID: 41830378
http://www.messageware.com/the-public-vs-private-dilemma-in-owa/ has a lot of good information here. If you aren't willing to accept the risk of this type of thing ever happening again, then disable OWA or disable External access to OWA (http://www.expta.com/2013/09/how-to-block-owa-2010-and-2013-for.html)

However, it's important to note that there is no way to completely secure OWA in a way that will prevent an unauthorized user from accessing it if an employee leaves their browser open while logged in to OWA on a public computer. This is a situation where you have to determine whether the costs associated with not allowing OWA access (in convenience for your employees) outweighs the costs associated with unauthorized email disclosure.
0
 
LVL 43

Expert Comment

by:Amit
ID: 41830381
I have seen one my client using Microsoft Forefront Threat Management Gateway for 2 factor authentication. However MS now stopped it. Other way not to publish OWA externally.
0
 
LVL 16

Expert Comment

by:Ivan
ID: 41830397
Hi,

yes, 2FA can be setup only for OWA.
0
 
LVL 4

Assisted Solution

by:Dinesh Singh
Dinesh Singh earned 62 total points
ID: 41830533
0
 
LVL 81

Accepted Solution

by:
David Johnson, CD, MVP earned 252 total points
ID: 41830560
You cannot protect yourself from stupid users. It is like the story that you can't make something idiot proof as idiots are so ingenuous.

2FA will not protect you from the scenario you described as the session is already established. The libraries and internet cafe's that I've frequented over the years have a very short screen saver time and the user has to re-enter their logon password to regain access and if the session times out or the user closes the session the computer is reset to a default state aka using Deep Freeze or a network boot.

Thanks Amit, you are absolutely right. Many things need to be taught to the users but not everyone is careful enough and we always have these little incidents.
 Then managment and HR have to be involved in the process.  Doing something like you described could also bring significant disciplinary action.  The down side is that employees will be very reluctant to disclose their mistake. After a few people get fired or demoted then security will become the standard practice (it may not be well liked but you need the support of management and HR)
0
 
LVL 3

Author Closing Comment

by:Exchange User
ID: 41831787
Thanks guys.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
problem with office 365 portal 7 42
Changing "From" field - Exchange 2013 5 46
Outlook 2016 - Operation has failed 11 102
EXCH2013 Public Folder creation 1 41
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question