<div>
A good firewall is required between the OWA server and the internet. Do you have a firewall at all?<br>Just need port 443 open for encrypted access to OWA.
</div>


A good firewall is required between the OWA server and the internet. Do you have a firewall at all?
Just need port 443 open for encrypted access to OWA.

Cyber Security Specialist

Saif Ahmed

<div>
you can secure it with two-factor authentication<br><br><h2 style=" text-align: start;"><em><u>Duo for Outlook Web App (OWA) on Exchange 2013 and Later</u></em></h2><a href="https://duo.com/docs/owa" rel="ugc">https://duo.com/docs/owa</a>
</div>


you can secure it with two-factor authentication




DUO FOR OUTLOOK WEB APP (OWA) ON EXCHANGE 2013 AND LATER

https://duo.com/docs/owa [https://duo.com/docs/owa]

arnold

<div>
run a reverse proxy in front of owa such as nginx or haproxy<br><br>alternatively, additionally and if possible limit the ips of the users who are allowed access or setup a vpn.<br><br>how many users are concerned ? do you have an existing equipment that can handle a vpn ? most firewalls do
</div>


run a reverse proxy in front of owa such as nginx or haproxy

alternatively, additionally and if possible limit the ips of the users who are allowed access or setup a vpn.

how many users are concerned ? do you have an existing equipment that can handle a vpn ? most firewalls do

<div>
note that a reverse proxy features protocol rupture. this is vastly different from l7 inspection performed by firewalls. additionally, a frontal owa is just asking for trouble given the fact you can be 100pct sure any attacker will quite easily gain domain level privileges and access if the exchange server is compromised. a vpn is more than recommended an rp is more like an acceptable minimum.
</div>


note that a reverse proxy features protocol rupture. this is vastly different from l7 inspection performed by firewalls. additionally, a frontal owa is just asking for trouble given the fact you can be 100pct sure any attacker will quite easily gain domain level privileges and access if the exchange server is compromised. a vpn is more than recommended an rp is more like an acceptable minimum.

<div>
<div class="content wysiwyg-content fr-view">
<p>Hi, we are in the process of publishing OWA externally, but we do not have a WAF in place. What security controls should we put in place to publish OWA in order to safeguard from different attacks please? A checklist would be appreciated please. Thanks in advance.</p>
</div>
</div>



Hi, we are in the process of publishing OWA externally, but we do not have a WAF in place. What security controls should we put in place to publish OWA in order to safeguard from different attacks please? A checklist would be appreciated please. Thanks in advance.

Publishing OWA externally

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cyber security refers to the protection of personal or organizational information or information resources from unauthorized access, attacks, theft, or data damage. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Cyber Security

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.