When you get down to brass tacks, it is the fact that Internet Information Services (IIS) -- which includes the...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
HTTP, NNTP, SMTP, IMAP4, POP3 and a number of other Internet protocols -- is the source of vulnerability. However, you can not install Exchange 2000/2003 without it running.
The real risk is not planning for it. Here is a short list of things you can do to secure Outlook Web Access.
- Implement Secure Socket Layer (SSL) for secure HTTPS communications between the client (browser) and the server.
- Use front-end servers for Internet clients to connect to. No data is stored on the front-end server and therefore it is a lower risk if compromised.
- Implement IPsec between front-end and back-end servers. SSL can't be used between front-end and back-end servers, but IPsec can.
SSL is really the key to securing Outlook Web Access. You should not allow clients to connect to Outlook Web Access without using SSL.
Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:
Dig Deeper on Outlook Web Access
Related Q&A from Richard Luckett
I have limited drive space on my Exchange Server but need to restore large mailboxes. Can I prevent mailbox restores from a recovery database by ...continue reading
I want to move from a single Exchange 2013 server to multiple servers, including multiple database and client access servers, for HA. What's the best...continue reading
My mailbox migration from Exchange 2010 to Exchange 2013 is moving very slowly. What might be causing this and how can I speed up the process?continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.