Mark, Thanks - interesting audit. If we decide to go forward with allowing non-VPN clients access to Outlook we will take a closer look at the product. Is anyone aware of similar products?
A question for the group on a related topic: is it common practice to allow non-VPN clients to access Outlook via OWA, or do most companies require at least a VPN connection? Jon -----Original Message----- From: Mark Rotman [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 9:52 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Jon, You could have a look at this OWA audit for some more details. Be aware that the document is useful, but the issues in it (as well as your #1) are handled by Messageware's SecureLogoff product. http://www.messageware.net/audits/owa.html -----Original Message----- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 3:22 PM To: Exchange Discussions Subject: Securing the OWA Kiosk How are folks handling the following potential security risks using OWA from unsecured workstations, such as a kiosk or library environment? 1. Cached web pages, etc. on the workstation. User walks away without closing the browser, the next user has access to the previous users' email. 2. Stealth keyboard capture program grabs userids and passwords. It seems like there is a common train of thought about remote OWA that 'It is only email, what is the worst that could happen?' My take is someone who has unauthorized access to email can potentially: - Get people fired; - Get people arrested; - Get companies/people sued; - Cost companies/people money. Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
