Saif Ahmed
asked on
Publishing OWA externally
Hi, we are in the process of publishing OWA externally, but we do not have a WAF in place. What security controls should we put in place to publish OWA in order to safeguard from different attacks please? A checklist would be appreciated please. Thanks in advance.
you can secure it with two-factor authentication
Duo for Outlook Web App (OWA) on Exchange 2013 and Later
https://duo.com/docs/owaASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
run a reverse proxy in front of owa such as nginx or haproxy
alternatively, additionally and if possible limit the ips of the users who are allowed access or setup a vpn.
how many users are concerned ? do you have an existing equipment that can handle a vpn ? most firewalls do
alternatively, additionally and if possible limit the ips of the users who are allowed access or setup a vpn.
how many users are concerned ? do you have an existing equipment that can handle a vpn ? most firewalls do
note that a reverse proxy features protocol rupture. this is vastly different from l7 inspection performed by firewalls. additionally, a frontal owa is just asking for trouble given the fact you can be 100pct sure any attacker will quite easily gain domain level privileges and access if the exchange server is compromised. a vpn is more than recommended an rp is more like an acceptable minimum.
Just need port 443 open for encrypted access to OWA.