I do not believe that many of our users would opt for OWA via VPN if they have Outlook available on the VPNd client, although I would not care either way. The key thing in that scenario is that the VPN is doing its security thing.
Jon -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 5:44 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In fact, I've IP-limited OWA to external users only. We provide Outlook for a reason - we expect it to be used. As I said before, we do secure OWA with a multi-factor one time use authentication system (RSA's SecurID) which works well. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 1:38 PM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > Mark, > > Thanks - interesting audit. If we decide to go forward with > allowing non-VPN > clients access to Outlook we will take a closer look at the > product. Is > anyone aware of similar products? > > A question for the group on a related topic: is it common > practice to allow > non-VPN clients to access Outlook via OWA, or do most > companies require at > least a VPN connection? > > Jon > > -----Original Message----- > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 9:52 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Jon, > > You could have a look at this OWA audit for some more > details. Be aware that > the document is useful, but the issues in it (as well as your #1) are > handled by Messageware's SecureLogoff product. > > http://www.messageware.net/audits/owa.html > > -----Original Message----- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 11, 2002 3:22 PM > To: Exchange Discussions > Subject: Securing the OWA Kiosk > > > How are folks handling the following potential security risks > using OWA from > unsecured workstations, such as a kiosk or library environment? > > 1. Cached web pages, etc. on the workstation. User walks away without > closing the browser, the next user has access to the previous > users' email. > > 2. Stealth keyboard capture program grabs userids and passwords. > > It seems like there is a common train of thought about remote > OWA that 'It > is only email, what is the worst that could happen?' My take > is someone who > has unauthorized access to email can potentially: > > - Get people fired; > - Get people arrested; > - Get companies/people sued; > - Cost companies/people money. > > Thanks . . . > > Jon Martin > Systems Programmer > East Bay Municipal Utility District (EBMUD) > Oakland, CA > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]