RE: Securing the OWA Kiosk
Jon, You could have a look at this OWA audit for some more details. Be aware that the document is useful, but the issues in it (as well as your #1) are handled by Messageware's SecureLogoff product. http://www.messageware.net/audits/owa.html -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 3:22 PM To: Exchange Discussions Subject: Securing the OWA Kiosk How are folks handling the following potential security risks using OWA from unsecured workstations, such as a kiosk or library environment? 1. Cached web pages, etc. on the workstation. User walks away without closing the browser, the next user has access to the previous users' email. 2. Stealth keyboard capture program grabs userids and passwords. It seems like there is a common train of thought about remote OWA that 'It is only email, what is the worst that could happen?' My take is someone who has unauthorized access to email can potentially: - Get people fired; - Get people arrested; - Get companies/people sued; - Cost companies/people money. Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Securing the OWA Kiosk
Mark, Thanks - interesting audit. If we decide to go forward with allowing non-VPN clients access to Outlook we will take a closer look at the product. Is anyone aware of similar products? A question for the group on a related topic: is it common practice to allow non-VPN clients to access Outlook via OWA, or do most companies require at least a VPN connection? Jon -Original Message- From: Mark Rotman [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 9:52 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Jon, You could have a look at this OWA audit for some more details. Be aware that the document is useful, but the issues in it (as well as your #1) are handled by Messageware's SecureLogoff product. http://www.messageware.net/audits/owa.html -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 3:22 PM To: Exchange Discussions Subject: Securing the OWA Kiosk How are folks handling the following potential security risks using OWA from unsecured workstations, such as a kiosk or library environment? 1. Cached web pages, etc. on the workstation. User walks away without closing the browser, the next user has access to the previous users' email. 2. Stealth keyboard capture program grabs userids and passwords. It seems like there is a common train of thought about remote OWA that 'It is only email, what is the worst that could happen?' My take is someone who has unauthorized access to email can potentially: - Get people fired; - Get people arrested; - Get companies/people sued; - Cost companies/people money. Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Securing the OWA Kiosk
On the common practice follow-up question, I should have been a bit more concise by indicating that my question relates to users who are connecting to our corporate email system via the Internet, not internal users. Jon -Original Message- From: Martin, Jon Sent: Thursday, December 12, 2002 10:38 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Mark, Thanks - interesting audit. If we decide to go forward with allowing non-VPN clients access to Outlook we will take a closer look at the product. Is anyone aware of similar products? A question for the group on a related topic: is it common practice to allow non-VPN clients to access Outlook via OWA, or do most companies require at least a VPN connection? Jon -Original Message- From: Mark Rotman [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 9:52 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Jon, You could have a look at this OWA audit for some more details. Be aware that the document is useful, but the issues in it (as well as your #1) are handled by Messageware's SecureLogoff product. http://www.messageware.net/audits/owa.html -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 3:22 PM To: Exchange Discussions Subject: Securing the OWA Kiosk How are folks handling the following potential security risks using OWA from unsecured workstations, such as a kiosk or library environment? 1. Cached web pages, etc. on the workstation. User walks away without closing the browser, the next user has access to the previous users' email. 2. Stealth keyboard capture program grabs userids and passwords. It seems like there is a common train of thought about remote OWA that 'It is only email, what is the worst that could happen?' My take is someone who has unauthorized access to email can potentially: - Get people fired; - Get people arrested; - Get companies/people sued; - Cost companies/people money. Thanks . . . Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Securing the OWA Kiosk
One thing for sure that all users have to know is to make sure they close the browser window besides just logging off. Most do not even though a setting will tell the user to close the browser window. So maybe a product like Messageware would be OK. Also I would install some type of SSL security if OWA is going to be a major access point. Also if there are going to be many users using this type of access a Front-end/Backend solution is in order. - Original Message - From: "Martin, Jon" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Thursday, December 12, 2002 1:50 PM Subject: RE: Securing the OWA Kiosk > On the common practice follow-up question, I should have been a bit more > concise by indicating that my question relates to users who are connecting > to our corporate email system via the Internet, not internal users. > > Jon > > -Original Message- > From: Martin, Jon > Sent: Thursday, December 12, 2002 10:38 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Mark, > > Thanks - interesting audit. If we decide to go forward with allowing non-VPN > clients access to Outlook we will take a closer look at the product. Is > anyone aware of similar products? > > A question for the group on a related topic: is it common practice to allow > non-VPN clients to access Outlook via OWA, or do most companies require at > least a VPN connection? > > Jon > > -Original Message- > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 9:52 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Jon, > > You could have a look at this OWA audit for some more details. Be aware that > the document is useful, but the issues in it (as well as your #1) are > handled by Messageware's SecureLogoff product. > > http://www.messageware.net/audits/owa.html > > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 11, 2002 3:22 PM > To: Exchange Discussions > Subject: Securing the OWA Kiosk > > > How are folks handling the following potential security risks using OWA from > unsecured workstations, such as a kiosk or library environment? > > 1. Cached web pages, etc. on the workstation. User walks away without > closing the browser, the next user has access to the previous users' email. > > 2. Stealth keyboard capture program grabs userids and passwords. > > It seems like there is a common train of thought about remote OWA that 'It > is only email, what is the worst that could happen?' My take is someone who > has unauthorized access to email can potentially: > > - Get people fired; > - Get people arrested; > - Get companies/people sued; > - Cost companies/people money. > > Thanks . . . > > Jon Martin > Systems Programmer > East Bay Municipal Utility District (EBMUD) > Oakland, CA > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Securing the OWA Kiosk
Tony, You may not realize that closing the browser does not always work. Try the audit plan test case #1. Mark -Original Message- From: Tony Hlabse [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 2:00 PM To: Exchange Discussions Subject: Re: Securing the OWA Kiosk One thing for sure that all users have to know is to make sure they close the browser window besides just logging off. Most do not even though a setting will tell the user to close the browser window. So maybe a product like Messageware would be OK. Also I would install some type of SSL security if OWA is going to be a major access point. Also if there are going to be many users using this type of access a Front-end/Backend solution is in order. - Original Message - From: "Martin, Jon" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Thursday, December 12, 2002 1:50 PM Subject: RE: Securing the OWA Kiosk > On the common practice follow-up question, I should have been a bit more > concise by indicating that my question relates to users who are connecting > to our corporate email system via the Internet, not internal users. > > Jon > > -Original Message- > From: Martin, Jon > Sent: Thursday, December 12, 2002 10:38 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Mark, > > Thanks - interesting audit. If we decide to go forward with allowing non-VPN > clients access to Outlook we will take a closer look at the product. Is > anyone aware of similar products? > > A question for the group on a related topic: is it common practice to allow > non-VPN clients to access Outlook via OWA, or do most companies require at > least a VPN connection? > > Jon > > -Original Message- > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 9:52 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Jon, > > You could have a look at this OWA audit for some more details. Be aware that > the document is useful, but the issues in it (as well as your #1) are > handled by Messageware's SecureLogoff product. > > http://www.messageware.net/audits/owa.html > > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 11, 2002 3:22 PM > To: Exchange Discussions > Subject: Securing the OWA Kiosk > > > How are folks handling the following potential security risks using OWA from > unsecured workstations, such as a kiosk or library environment? > > 1. Cached web pages, etc. on the workstation. User walks away without > closing the browser, the next user has access to the previous users' email. > > 2. Stealth keyboard capture program grabs userids and passwords. > > It seems like there is a common train of thought about remote OWA that 'It > is only email, what is the worst that could happen?' My take is someone who > has unauthorized access to email can potentially: > > - Get people fired; > - Get people arrested; > - Get companies/people sued; > - Cost companies/people money. > > Thanks . . . > > Jon Martin > Systems Programmer > East Bay Municipal Utility District (EBMUD) > Oakland, CA > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Securing the OWA Kiosk
IMO FE/BE is simply a load balancing method by protocol. For an access point put ISA Server in the DMZ, OWA on a computer in the internal, and the Exchange store on another computer in the internal. Create web publishing rules on ISA Server for the OWA computer. Use a 3rd party to LB server publishing ISA Servers. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Hlabse Sent: Thursday, December 12, 2002 12:00 PM To: Exchange Discussions Subject: Re: Securing the OWA Kiosk One thing for sure that all users have to know is to make sure they close the browser window besides just logging off. Most do not even though a setting will tell the user to close the browser window. So maybe a product like Messageware would be OK. Also I would install some type of SSL security if OWA is going to be a major access point. Also if there are going to be many users using this type of access a Front-end/Backend solution is in order. - Original Message - From: "Martin, Jon" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Thursday, December 12, 2002 1:50 PM Subject: RE: Securing the OWA Kiosk > On the common practice follow-up question, I should have been a bit more > concise by indicating that my question relates to users who are connecting > to our corporate email system via the Internet, not internal users. > > Jon > > -Original Message- > From: Martin, Jon > Sent: Thursday, December 12, 2002 10:38 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Mark, > > Thanks - interesting audit. If we decide to go forward with allowing non-VPN > clients access to Outlook we will take a closer look at the product. Is > anyone aware of similar products? > > A question for the group on a related topic: is it common practice to allow > non-VPN clients to access Outlook via OWA, or do most companies require at > least a VPN connection? > > Jon > > -Original Message- > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 9:52 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Jon, > > You could have a look at this OWA audit for some more details. Be aware that > the document is useful, but the issues in it (as well as your #1) are > handled by Messageware's SecureLogoff product. > > http://www.messageware.net/audits/owa.html > > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 11, 2002 3:22 PM > To: Exchange Discussions > Subject: Securing the OWA Kiosk > > > How are folks handling the following potential security risks using OWA from > unsecured workstations, such as a kiosk or library environment? > > 1. Cached web pages, etc. on the workstation. User walks away without > closing the browser, the next user has access to the previous users' email. > > 2. Stealth keyboard capture program grabs userids and passwords. > > It seems like there is a common train of thought about remote OWA that 'It > is only email, what is the worst that could happen?' My take is someone who > has unauthorized access to email can potentially: > > - Get people fired; > - Get people arrested; > - Get companies/people sued; > - Cost companies/people money. > > Thanks . . . > > Jon Martin > Systems Programmer > East Bay Municipal Utility District (EBMUD) > Oakland, CA > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > __
RE: Securing the OWA Kiosk
http://www.rsasecurity.com Invest in a copy of SecurID, and get keyfobs for your users. We're front ending OWA with the SecurID web security piece, which requires 3 factor authentication, which pretty much kills the ability for a keystroke grabber to get anything useful. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 11, 2002 3:22 PM > To: Exchange Discussions > Subject: Securing the OWA Kiosk > > > How are folks handling the following potential security risks > using OWA from > unsecured workstations, such as a kiosk or library environment? > > 1. Cached web pages, etc. on the workstation. User walks away without > closing the browser, the next user has access to the previous > users' email. > > 2. Stealth keyboard capture program grabs userids and passwords. > > It seems like there is a common train of thought about remote > OWA that 'It > is only email, what is the worst that could happen?' My take > is someone who > has unauthorized access to email can potentially: > > - Get people fired; > - Get people arrested; > - Get companies/people sued; > - Cost companies/people money. > > Thanks . . . > > Jon Martin > Systems Programmer > East Bay Municipal Utility District (EBMUD) > Oakland, CA > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Securing the OWA Kiosk
I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In fact, I've IP-limited OWA to external users only. We provide Outlook for a reason - we expect it to be used. As I said before, we do secure OWA with a multi-factor one time use authentication system (RSA's SecurID) which works well. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 1:38 PM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > Mark, > > Thanks - interesting audit. If we decide to go forward with > allowing non-VPN > clients access to Outlook we will take a closer look at the > product. Is > anyone aware of similar products? > > A question for the group on a related topic: is it common > practice to allow > non-VPN clients to access Outlook via OWA, or do most > companies require at > least a VPN connection? > > Jon > > -Original Message- > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 9:52 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Jon, > > You could have a look at this OWA audit for some more > details. Be aware that > the document is useful, but the issues in it (as well as your #1) are > handled by Messageware's SecureLogoff product. > > http://www.messageware.net/audits/owa.html > > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 11, 2002 3:22 PM > To: Exchange Discussions > Subject: Securing the OWA Kiosk > > > How are folks handling the following potential security risks > using OWA from > unsecured workstations, such as a kiosk or library environment? > > 1. Cached web pages, etc. on the workstation. User walks away without > closing the browser, the next user has access to the previous > users' email. > > 2. Stealth keyboard capture program grabs userids and passwords. > > It seems like there is a common train of thought about remote > OWA that 'It > is only email, what is the worst that could happen?' My take > is someone who > has unauthorized access to email can potentially: > > - Get people fired; > - Get people arrested; > - Get companies/people sued; > - Cost companies/people money. > > Thanks . . . > > Jon Martin > Systems Programmer > East Bay Municipal Utility District (EBMUD) > Oakland, CA > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Securing the OWA Kiosk
You're such an email nazi. ;o) I used to use OWA when away from my desk elsewhere in the office. William -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Seielstad Sent: Friday, December 13, 2002 5:44 AM To: Exchange Discussions I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In fact, I've IP-limited OWA to external users only. We provide Outlook for a reason - we expect it to be used. As I said before, we do secure OWA with a multi-factor one time use authentication system (RSA's SecurID) which works well. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 1:38 PM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > Mark, > > Thanks - interesting audit. If we decide to go forward with > allowing non-VPN > clients access to Outlook we will take a closer look at the > product. Is > anyone aware of similar products? > > A question for the group on a related topic: is it common > practice to allow > non-VPN clients to access Outlook via OWA, or do most > companies require at > least a VPN connection? > > Jon > > -Original Message- > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 9:52 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Jon, > > You could have a look at this OWA audit for some more > details. Be aware that > the document is useful, but the issues in it (as well as your #1) are > handled by Messageware's SecureLogoff product. > > http://www.messageware.net/audits/owa.html > > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 11, 2002 3:22 PM > To: Exchange Discussions > Subject: Securing the OWA Kiosk > > > How are folks handling the following potential security risks > using OWA from > unsecured workstations, such as a kiosk or library environment? > > 1. Cached web pages, etc. on the workstation. User walks away without > closing the browser, the next user has access to the previous > users' email. > > 2. Stealth keyboard capture program grabs userids and passwords. > > It seems like there is a common train of thought about remote > OWA that 'It > is only email, what is the worst that could happen?' My take > is someone who > has unauthorized access to email can potentially: > > - Get people fired; > - Get people arrested; > - Get companies/people sued; > - Cost companies/people money. > > Thanks . . . > > Jon Martin > Systems Programmer > East Bay Municipal Utility District (EBMUD) > Oakland, CA > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Securing the OWA Kiosk
We have plenty of people who would ditch Outlook entirely in that scenario - even AT their desks. Not gonna happen on my watch. Not to mention, sooner or later they'd get really pissed having to use the SecurID keyfob to log into their email. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: William Lefkovics [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 9:44 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > > You're such an email nazi. ;o) > > I used to use OWA when away from my desk elsewhere in the office. > > William > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Roger > Seielstad > Sent: Friday, December 13, 2002 5:44 AM > To: Exchange Discussions > > I don't support OWA via VPN - if you're VPN'ed in, use > Outlook. In fact, > I've IP-limited OWA to external users only. We provide Outlook for a > reason > - we expect it to be used. > > As I said before, we do secure OWA with a multi-factor one time use > authentication system (RSA's SecurID) which works well. > > -- > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -Original Message----- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 12, 2002 1:38 PM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > > > Mark, > > > > Thanks - interesting audit. If we decide to go forward with > > allowing non-VPN > > clients access to Outlook we will take a closer look at the > > product. Is > > anyone aware of similar products? > > > > A question for the group on a related topic: is it common > > practice to allow > > non-VPN clients to access Outlook via OWA, or do most > > companies require at > > least a VPN connection? > > > > Jon > > > > -Original Message- > > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 12, 2002 9:52 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > Jon, > > > > You could have a look at this OWA audit for some more > > details. Be aware that > > the document is useful, but the issues in it (as well as > your #1) are > > handled by Messageware's SecureLogoff product. > > > > http://www.messageware.net/audits/owa.html > > > > -Original Message- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, December 11, 2002 3:22 PM > > To: Exchange Discussions > > Subject: Securing the OWA Kiosk > > > > > > How are folks handling the following potential security risks > > using OWA from > > unsecured workstations, such as a kiosk or library environment? > > > > 1. Cached web pages, etc. on the workstation. User walks > away without > > closing the browser, the next user has access to the previous > > users' email. > > > > 2. Stealth keyboard capture program grabs userids and passwords. > > > > It seems like there is a common train of thought about remote > > OWA that 'It > > is only email, what is the worst that could happen?' My take > > is someone who > > has unauthorized access to email can potentially: > > > > - Get people fired; > > - Get people arrested; > > - Get companies/people sued; > > - Cost companies/people money. > > > > Thanks . . . > > > > Jon Martin > > Systems Programmer > > East Bay Municipal Utility District (EBMUD) > > Oakland, CA > > > > > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[E
RE: Securing the OWA Kiosk
I do not believe that many of our users would opt for OWA via VPN if they have Outlook available on the VPNd client, although I would not care either way. The key thing in that scenario is that the VPN is doing its security thing. Jon -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 5:44 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In fact, I've IP-limited OWA to external users only. We provide Outlook for a reason - we expect it to be used. As I said before, we do secure OWA with a multi-factor one time use authentication system (RSA's SecurID) which works well. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 1:38 PM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > Mark, > > Thanks - interesting audit. If we decide to go forward with > allowing non-VPN > clients access to Outlook we will take a closer look at the > product. Is > anyone aware of similar products? > > A question for the group on a related topic: is it common > practice to allow > non-VPN clients to access Outlook via OWA, or do most > companies require at > least a VPN connection? > > Jon > > -Original Message- > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 9:52 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Jon, > > You could have a look at this OWA audit for some more > details. Be aware that > the document is useful, but the issues in it (as well as your #1) are > handled by Messageware's SecureLogoff product. > > http://www.messageware.net/audits/owa.html > > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 11, 2002 3:22 PM > To: Exchange Discussions > Subject: Securing the OWA Kiosk > > > How are folks handling the following potential security risks > using OWA from > unsecured workstations, such as a kiosk or library environment? > > 1. Cached web pages, etc. on the workstation. User walks away without > closing the browser, the next user has access to the previous > users' email. > > 2. Stealth keyboard capture program grabs userids and passwords. > > It seems like there is a common train of thought about remote > OWA that 'It > is only email, what is the worst that could happen?' My take > is someone who > has unauthorized access to email can potentially: > > - Get people fired; > - Get people arrested; > - Get companies/people sued; > - Cost companies/people money. > > Thanks . . . > > Jon Martin > Systems Programmer > East Bay Municipal Utility District (EBMUD) > Oakland, CA > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Securing the OWA Kiosk
We use a VPN/terminal services combo, works good. -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 9:42 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk I do not believe that many of our users would opt for OWA via VPN if they have Outlook available on the VPNd client, although I would not care either way. The key thing in that scenario is that the VPN is doing its security thing. Jon -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 5:44 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In fact, I've IP-limited OWA to external users only. We provide Outlook for a reason - we expect it to be used. As I said before, we do secure OWA with a multi-factor one time use authentication system (RSA's SecurID) which works well. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 1:38 PM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > Mark, > > Thanks - interesting audit. If we decide to go forward with > allowing non-VPN > clients access to Outlook we will take a closer look at the > product. Is > anyone aware of similar products? > > A question for the group on a related topic: is it common > practice to allow > non-VPN clients to access Outlook via OWA, or do most > companies require at > least a VPN connection? > > Jon > > -Original Message- > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 9:52 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Jon, > > You could have a look at this OWA audit for some more > details. Be aware that > the document is useful, but the issues in it (as well as your #1) are > handled by Messageware's SecureLogoff product. > > http://www.messageware.net/audits/owa.html > > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 11, 2002 3:22 PM > To: Exchange Discussions > Subject: Securing the OWA Kiosk > > > How are folks handling the following potential security risks > using OWA from > unsecured workstations, such as a kiosk or library environment? > > 1. Cached web pages, etc. on the workstation. User walks away without > closing the browser, the next user has access to the previous > users' email. > > 2. Stealth keyboard capture program grabs userids and passwords. > > It seems like there is a common train of thought about remote > OWA that 'It > is only email, what is the worst that could happen?' My take > is someone who > has unauthorized access to email can potentially: > > - Get people fired; > - Get people arrested; > - Get companies/people sued; > - Cost companies/people money. > > Thanks . . . > > Jon Martin > Systems Programmer > East Bay Municipal Utility District (EBMUD) > Oakland, CA > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Securing the OWA Kiosk
What about pushing Outlook through NFuse ? -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org www.sharepointserver.com [EMAIL PROTECTED] -- - Original Message - From: "Hansen, Eric" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, December 13, 2002 6:07 PM Subject: RE: Securing the OWA Kiosk > We use a VPN/terminal services combo, works good. > > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 9:42 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > I do not believe that many of our users would opt for OWA via VPN if they > have Outlook available on the VPNd client, although I would not care either > way. The key thing in that scenario is that the VPN is doing its security > thing. > > Jon > > -Original Message- > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 5:44 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In fact, > I've IP-limited OWA to external users only. We provide Outlook for a reason > - we expect it to be used. > > As I said before, we do secure OWA with a multi-factor one time use > authentication system (RSA's SecurID) which works well. > > -- > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -Original Message- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 12, 2002 1:38 PM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > > > Mark, > > > > Thanks - interesting audit. If we decide to go forward with > > allowing non-VPN > > clients access to Outlook we will take a closer look at the > > product. Is > > anyone aware of similar products? > > > > A question for the group on a related topic: is it common > > practice to allow > > non-VPN clients to access Outlook via OWA, or do most > > companies require at > > least a VPN connection? > > > > Jon > > > > -Original Message- > > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 12, 2002 9:52 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > Jon, > > > > You could have a look at this OWA audit for some more > > details. Be aware that > > the document is useful, but the issues in it (as well as your #1) are > > handled by Messageware's SecureLogoff product. > > > > http://www.messageware.net/audits/owa.html > > > > -Original Message- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, December 11, 2002 3:22 PM > > To: Exchange Discussions > > Subject: Securing the OWA Kiosk > > > > > > How are folks handling the following potential security risks > > using OWA from > > unsecured workstations, such as a kiosk or library environment? > > > > 1. Cached web pages, etc. on the workstation. User walks away without > > closing the browser, the next user has access to the previous > > users' email. > > > > 2. Stealth keyboard capture program grabs userids and passwords. > > > > It seems like there is a common train of thought about remote > > OWA that 'It > > is only email, what is the worst that could happen?' My take > > is someone who > > has unauthorized access to email can potentially: > > > > - Get people fired; > > - Get people arrested; > > - Get companies/people sued; > > - Cost companies/people money. > > > > Thanks . . . > > > > Jon Martin > > Systems Programmer > > East Bay Municipal Utility District (EBMUD) > > Oakland, CA > > > > > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/
RE: Securing the OWA Kiosk
NFuse as in nfuse,com? Never heard of them, so I just spent five minutes on their web site and based on what I read there I have no idea of what they do. Nice new-age menu system, though. Jon -Original Message- From: Martin Tuip [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 3:13 PM To: Exchange Discussions Subject: Re: Securing the OWA Kiosk What about pushing Outlook through NFuse ? -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org www.sharepointserver.com [EMAIL PROTECTED] -- - Original Message - From: "Hansen, Eric" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, December 13, 2002 6:07 PM Subject: RE: Securing the OWA Kiosk > We use a VPN/terminal services combo, works good. > > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 9:42 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > I do not believe that many of our users would opt for OWA via VPN if they > have Outlook available on the VPNd client, although I would not care either > way. The key thing in that scenario is that the VPN is doing its security > thing. > > Jon > > -Original Message- > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 5:44 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In fact, > I've IP-limited OWA to external users only. We provide Outlook for a reason > - we expect it to be used. > > As I said before, we do secure OWA with a multi-factor one time use > authentication system (RSA's SecurID) which works well. > > -- > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -Original Message- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 12, 2002 1:38 PM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > > > Mark, > > > > Thanks - interesting audit. If we decide to go forward with > > allowing non-VPN > > clients access to Outlook we will take a closer look at the > > product. Is > > anyone aware of similar products? > > > > A question for the group on a related topic: is it common > > practice to allow > > non-VPN clients to access Outlook via OWA, or do most > > companies require at > > least a VPN connection? > > > > Jon > > > > -Original Message- > > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 12, 2002 9:52 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > Jon, > > > > You could have a look at this OWA audit for some more > > details. Be aware that > > the document is useful, but the issues in it (as well as your #1) are > > handled by Messageware's SecureLogoff product. > > > > http://www.messageware.net/audits/owa.html > > > > -Original Message- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, December 11, 2002 3:22 PM > > To: Exchange Discussions > > Subject: Securing the OWA Kiosk > > > > > > How are folks handling the following potential security risks > > using OWA from > > unsecured workstations, such as a kiosk or library environment? > > > > 1. Cached web pages, etc. on the workstation. User walks away without > > closing the browser, the next user has access to the previous > > users' email. > > > > 2. Stealth keyboard capture program grabs userids and passwords. > > > > It seems like there is a common train of thought about remote > > OWA that 'It > > is only email, what is the worst that could happen?' My take > > is someone who > > has unauthorized access to email can potentially: > > > > - Get people fired; > > - Get people arrested; > > - Get companies/people sued; > > - Cost companies/people money. > > > > Thanks . . . > > > > Jon Martin > > Systems Programmer > > East Bay Municipal Utility District (EBMUD) > > Oakland, CA > > > > > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/s
RE: Securing the OWA Kiosk
Nfuse as in Citrix -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Saturday, 14 December 2002 10:37 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk NFuse as in nfuse,com? Never heard of them, so I just spent five minutes on their web site and based on what I read there I have no idea of what they do. Nice new-age menu system, though. Jon -Original Message- From: Martin Tuip [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 3:13 PM To: Exchange Discussions Subject: Re: Securing the OWA Kiosk What about pushing Outlook through NFuse ? -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org www.sharepointserver.com [EMAIL PROTECTED] -- - Original Message - From: "Hansen, Eric" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, December 13, 2002 6:07 PM Subject: RE: Securing the OWA Kiosk > We use a VPN/terminal services combo, works good. > > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 9:42 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > I do not believe that many of our users would opt for OWA via VPN if > they have Outlook available on the VPNd client, although I would not > care either > way. The key thing in that scenario is that the VPN is doing its > security thing. > > Jon > > -Original Message- > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 5:44 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In > fact, I've IP-limited OWA to external users only. We provide Outlook > for a reason > - we expect it to be used. > > As I said before, we do secure OWA with a multi-factor one time use > authentication system (RSA's SecurID) which works well. > > -- > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 12, 2002 1:38 PM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > > > Mark, > > > > Thanks - interesting audit. If we decide to go forward with allowing > > non-VPN clients access to Outlook we will take a closer look at the > > product. Is > > anyone aware of similar products? > > > > A question for the group on a related topic: is it common practice > > to allow non-VPN clients to access Outlook via OWA, or do most > > companies require at > > least a VPN connection? > > > > Jon > > > > -Original Message- > > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 12, 2002 9:52 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > Jon, > > > > You could have a look at this OWA audit for some more details. Be > > aware that the document is useful, but the issues in it (as well as > > your #1) are handled by Messageware's SecureLogoff product. > > > > http://www.messageware.net/audits/owa.html > > > > -Original Message- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, December 11, 2002 3:22 PM > > To: Exchange Discussions > > Subject: Securing the OWA Kiosk > > > > > > How are folks handling the following potential security risks using > > OWA from unsecured workstations, such as a kiosk or library > > environment? > > > > 1. Cached web pages, etc. on the workstation. User walks away > > without closing the browser, the next user has access to the > > previous users' email. > > > > 2. Stealth keyboard capture program grabs userids and passwords. > > > > It seems like there is a common train of thought about remote OWA > > that 'It is only email, what is the worst that could happen?' My > > take is someone who > > has unauthorized access to email can potentially: > > > > - Get people fired; > > - Get people arrested; > > - Get companies/people sued; > > - Cost companies/people money. > > > > Thanks . . . > > > > Jon Martin > > Systems Programmer > > East Bay Municipal Utility District (EBMUD) > > Oakland, CA > > > > > > > >
Re: Securing the OWA Kiosk
NFuse as in Citrix NFuse (www.citrix.com) .. you can easily webenable applications through NFuse and it works over slower links as well. -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org www.sharepointserver.com [EMAIL PROTECTED] -- - Original Message - From: "Martin, Jon" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Saturday, December 14, 2002 12:36 AM Subject: RE: Securing the OWA Kiosk > NFuse as in nfuse,com? Never heard of them, so I just spent five minutes on > their web site and based on what I read there I have no idea of what they > do. Nice new-age menu system, though. > > Jon > > -Original Message- > From: Martin Tuip [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 3:13 PM > To: Exchange Discussions > Subject: Re: Securing the OWA Kiosk > > What about pushing Outlook through NFuse ? > > -- > Martin Tuip > MVP Exchange > Exchange2000 List owner > www.exchange-mail.org > www.sharepointserver.com > [EMAIL PROTECTED] > -- > > - Original Message - > From: "Hansen, Eric" <[EMAIL PROTECTED]> > To: "Exchange Discussions" <[EMAIL PROTECTED]> > Sent: Friday, December 13, 2002 6:07 PM > Subject: RE: Securing the OWA Kiosk > > > > We use a VPN/terminal services combo, works good. > > > > -----Original Message- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Friday, December 13, 2002 9:42 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > I do not believe that many of our users would opt for OWA via VPN if they > > have Outlook available on the VPNd client, although I would not care > either > > way. The key thing in that scenario is that the VPN is doing its security > > thing. > > > > Jon > > > > -Original Message- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > > Sent: Friday, December 13, 2002 5:44 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In fact, > > I've IP-limited OWA to external users only. We provide Outlook for a > reason > > - we expect it to be used. > > > > As I said before, we do secure OWA with a multi-factor one time use > > authentication system (RSA's SecurID) which works well. > > > > -------------- > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -Original Message- > > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, December 12, 2002 1:38 PM > > > To: Exchange Discussions > > > Subject: RE: Securing the OWA Kiosk > > > > > > > > > Mark, > > > > > > Thanks - interesting audit. If we decide to go forward with > > > allowing non-VPN > > > clients access to Outlook we will take a closer look at the > > > product. Is > > > anyone aware of similar products? > > > > > > A question for the group on a related topic: is it common > > > practice to allow > > > non-VPN clients to access Outlook via OWA, or do most > > > companies require at > > > least a VPN connection? > > > > > > Jon > > > > > > -Original Message- > > > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, December 12, 2002 9:52 AM > > > To: Exchange Discussions > > > Subject: RE: Securing the OWA Kiosk > > > > > > Jon, > > > > > > You could have a look at this OWA audit for some more > > > details. Be aware that > > > the document is useful, but the issues in it (as well as your #1) are > > > handled by Messageware's SecureLogoff product. > > > > > > http://www.messageware.net/audits/owa.html > > > > > > -Original Message- > > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, December 11, 2002 3:22 PM > > > To: Exchange Discussions > > > Subject: Securing the OWA Kiosk > > > > > > > > > How are folks handling the following potential security risks > > > using OWA from > > > unsecured wor
RE: Securing the OWA Kiosk
Oh - now there is a company I've heard of. Thanks. Jon -Original Message- From: Andy Haigh [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 3:38 PM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Nfuse as in Citrix -Original Message- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Saturday, 14 December 2002 10:37 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk NFuse as in nfuse,com? Never heard of them, so I just spent five minutes on their web site and based on what I read there I have no idea of what they do. Nice new-age menu system, though. Jon -Original Message- From: Martin Tuip [mailto:[EMAIL PROTECTED]] Sent: Friday, December 13, 2002 3:13 PM To: Exchange Discussions Subject: Re: Securing the OWA Kiosk What about pushing Outlook through NFuse ? -- Martin Tuip MVP Exchange Exchange2000 List owner www.exchange-mail.org www.sharepointserver.com [EMAIL PROTECTED] -- - Original Message - From: "Hansen, Eric" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, December 13, 2002 6:07 PM Subject: RE: Securing the OWA Kiosk > We use a VPN/terminal services combo, works good. > > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 9:42 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > I do not believe that many of our users would opt for OWA via VPN if > they have Outlook available on the VPNd client, although I would not > care either > way. The key thing in that scenario is that the VPN is doing its > security thing. > > Jon > > -Original Message- > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 5:44 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In > fact, I've IP-limited OWA to external users only. We provide Outlook > for a reason > - we expect it to be used. > > As I said before, we do secure OWA with a multi-factor one time use > authentication system (RSA's SecurID) which works well. > > -- > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 12, 2002 1:38 PM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > > > Mark, > > > > Thanks - interesting audit. If we decide to go forward with allowing > > non-VPN clients access to Outlook we will take a closer look at the > > product. Is > > anyone aware of similar products? > > > > A question for the group on a related topic: is it common practice > > to allow non-VPN clients to access Outlook via OWA, or do most > > companies require at > > least a VPN connection? > > > > Jon > > > > -Original Message- > > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 12, 2002 9:52 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > Jon, > > > > You could have a look at this OWA audit for some more details. Be > > aware that the document is useful, but the issues in it (as well as > > your #1) are handled by Messageware's SecureLogoff product. > > > > http://www.messageware.net/audits/owa.html > > > > -Original Message- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, December 11, 2002 3:22 PM > > To: Exchange Discussions > > Subject: Securing the OWA Kiosk > > > > > > How are folks handling the following potential security risks using > > OWA from unsecured workstations, such as a kiosk or library > > environment? > > > > 1. Cached web pages, etc. on the workstation. User walks away > > without closing the browser, the next user has access to the > > previous users' email. > > > > 2. Stealth keyboard capture program grabs userids and passwords. > > > > It seems like there is a common train of thought about remote OWA > > that 'It is only email, what is the worst that could happen?' My > > take is someone who > > has unauthorized access to email can potentially: > > > > - Get people fired; > > - Get people arrested; > > - Get companies/people sued; > > - Cost companies/people mone
RE: Securing the OWA Kiosk
Ah... a technical solution for a behavioral problem. There sure are lots of those. William -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Seielstad Sent: Friday, December 13, 2002 7:10 AM To: Exchange Discussions We have plenty of people who would ditch Outlook entirely in that scenario - even AT their desks. Not gonna happen on my watch. Not to mention, sooner or later they'd get really pissed having to use the SecurID keyfob to log into their email. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: William Lefkovics [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 9:44 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > > You're such an email nazi. ;o) > > I used to use OWA when away from my desk elsewhere in the office. > > William > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Roger > Seielstad > Sent: Friday, December 13, 2002 5:44 AM > To: Exchange Discussions > > I don't support OWA via VPN - if you're VPN'ed in, use > Outlook. In fact, > I've IP-limited OWA to external users only. We provide Outlook for a > reason > - we expect it to be used. > > As I said before, we do secure OWA with a multi-factor one time use > authentication system (RSA's SecurID) which works well. > > -- > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -Original Message----- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 12, 2002 1:38 PM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > > > Mark, > > > > Thanks - interesting audit. If we decide to go forward with > > allowing non-VPN > > clients access to Outlook we will take a closer look at the > > product. Is > > anyone aware of similar products? > > > > A question for the group on a related topic: is it common > > practice to allow > > non-VPN clients to access Outlook via OWA, or do most > > companies require at > > least a VPN connection? > > > > Jon > > > > -Original Message- > > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 12, 2002 9:52 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > Jon, > > > > You could have a look at this OWA audit for some more > > details. Be aware that > > the document is useful, but the issues in it (as well as > your #1) are > > handled by Messageware's SecureLogoff product. > > > > http://www.messageware.net/audits/owa.html > > > > -Original Message- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, December 11, 2002 3:22 PM > > To: Exchange Discussions > > Subject: Securing the OWA Kiosk > > > > > > How are folks handling the following potential security risks > > using OWA from > > unsecured workstations, such as a kiosk or library environment? > > > > 1. Cached web pages, etc. on the workstation. User walks > away without > > closing the browser, the next user has access to the previous > > users' email. > > > > 2. Stealth keyboard capture program grabs userids and passwords. > > > > It seems like there is a common train of thought about remote > > OWA that 'It > > is only email, what is the worst that could happen?' My take > > is someone who > > has unauthorized access to email can potentially: > > > > - Get people fired; > > - Get people arrested; > > - Get companies/people sued; > > - Cost companies/people money. > > > > Thanks . . . > > > > Jon Martin > > Systems Programmer > > East Bay Municipal Utility District (EBMUD) > > Oakland, CA > > > > > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > __
RE: Securing the OWA Kiosk
nFuse as in Citrix Metaframe V.whatever.. http://www.citrix.com -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 6:37 PM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > NFuse as in nfuse,com? Never heard of them, so I just spent > five minutes on > their web site and based on what I read there I have no idea > of what they > do. Nice new-age menu system, though. > > Jon > > -Original Message- > From: Martin Tuip [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 3:13 PM > To: Exchange Discussions > Subject: Re: Securing the OWA Kiosk > > What about pushing Outlook through NFuse ? > > -- > Martin Tuip > MVP Exchange > Exchange2000 List owner > www.exchange-mail.org > www.sharepointserver.com > [EMAIL PROTECTED] > -- > > - Original Message - > From: "Hansen, Eric" <[EMAIL PROTECTED]> > To: "Exchange Discussions" <[EMAIL PROTECTED]> > Sent: Friday, December 13, 2002 6:07 PM > Subject: RE: Securing the OWA Kiosk > > > > We use a VPN/terminal services combo, works good. > > > > -Original Message- > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > Sent: Friday, December 13, 2002 9:42 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > I do not believe that many of our users would opt for OWA > via VPN if they > > have Outlook available on the VPNd client, although I would not care > either > > way. The key thing in that scenario is that the VPN is > doing its security > > thing. > > > > Jon > > > > -Original Message- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > > Sent: Friday, December 13, 2002 5:44 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > I don't support OWA via VPN - if you're VPN'ed in, use > Outlook. In fact, > > I've IP-limited OWA to external users only. We provide Outlook for a > reason > > - we expect it to be used. > > > > As I said before, we do secure OWA with a multi-factor one time use > > authentication system (RSA's SecurID) which works well. > > > > -------------- > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -Original Message- > > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, December 12, 2002 1:38 PM > > > To: Exchange Discussions > > > Subject: RE: Securing the OWA Kiosk > > > > > > > > > Mark, > > > > > > Thanks - interesting audit. If we decide to go forward with > > > allowing non-VPN > > > clients access to Outlook we will take a closer look at the > > > product. Is > > > anyone aware of similar products? > > > > > > A question for the group on a related topic: is it common > > > practice to allow > > > non-VPN clients to access Outlook via OWA, or do most > > > companies require at > > > least a VPN connection? > > > > > > Jon > > > > > > -Original Message- > > > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, December 12, 2002 9:52 AM > > > To: Exchange Discussions > > > Subject: RE: Securing the OWA Kiosk > > > > > > Jon, > > > > > > You could have a look at this OWA audit for some more > > > details. Be aware that > > > the document is useful, but the issues in it (as well as > your #1) are > > > handled by Messageware's SecureLogoff product. > > > > > > http://www.messageware.net/audits/owa.html > > > > > > -Original Message- > > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, December 11, 2002 3:22 PM > > > To: Exchange Discussions > > > Subject: Securing the OWA Kiosk > > > > > > > > > How are folks handling the following potential security risks > > > using OWA from > > > unsecured workstations, such as a kiosk or library environment? > > > > > > 1. Cached web pages, etc. on the worksta
RE: Securing the OWA Kiosk
Nah - I'm a completely non-technical pr!ck. Or as another sysadmin here has been known to say - technology misapplied. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: William Lefkovics [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 10:57 PM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > > Ah... a technical solution for a behavioral problem. There sure are > lots of those. > > William > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Roger > Seielstad > Sent: Friday, December 13, 2002 7:10 AM > To: Exchange Discussions > > We have plenty of people who would ditch Outlook entirely in that > scenario - > even AT their desks. Not gonna happen on my watch. > > Not to mention, sooner or later they'd get really pissed having to use > the > SecurID keyfob to log into their email. > > -- > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -Original Message- > > From: William Lefkovics [mailto:[EMAIL PROTECTED]] > > Sent: Friday, December 13, 2002 9:44 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > > > > > You're such an email nazi. ;o) > > > > I used to use OWA when away from my desk elsewhere in the office. > > > > William > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of Roger > > Seielstad > > Sent: Friday, December 13, 2002 5:44 AM > > To: Exchange Discussions > > > > I don't support OWA via VPN - if you're VPN'ed in, use > > Outlook. In fact, > > I've IP-limited OWA to external users only. We provide Outlook for a > > reason > > - we expect it to be used. > > > > As I said before, we do secure OWA with a multi-factor one time use > > authentication system (RSA's SecurID) which works well. > > > > ------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -Original Message- > > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, December 12, 2002 1:38 PM > > > To: Exchange Discussions > > > Subject: RE: Securing the OWA Kiosk > > > > > > > > > Mark, > > > > > > Thanks - interesting audit. If we decide to go forward with > > > allowing non-VPN > > > clients access to Outlook we will take a closer look at the > > > product. Is > > > anyone aware of similar products? > > > > > > A question for the group on a related topic: is it common > > > practice to allow > > > non-VPN clients to access Outlook via OWA, or do most > > > companies require at > > > least a VPN connection? > > > > > > Jon > > > > > > -Original Message- > > > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, December 12, 2002 9:52 AM > > > To: Exchange Discussions > > > Subject: RE: Securing the OWA Kiosk > > > > > > Jon, > > > > > > You could have a look at this OWA audit for some more > > > details. Be aware that > > > the document is useful, but the issues in it (as well as > > your #1) are > > > handled by Messageware's SecureLogoff product. > > > > > > http://www.messageware.net/audits/owa.html > > > > > > -Original Message- > > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, December 11, 2002 3:22 PM > > > To: Exchange Discussions > > > Subject: Securing the OWA Kiosk > > > > > > > > > How are folks handling the following potential security risks > > > using OWA from > > > unsecured workstations, such as a kiosk or library environment? > > > > > > 1. Cached web pages, etc. on the workstation. User walks > > away without > > > closing the browser, the next user has access to the previous > > > users' email. > > > > > > 2. Stealth keyboard capture pr
RE: Securing the OWA Kiosk
Don't sell yourself short. You're a technical pr!ck. Ed Crowley MCSE+I MVP Technical Consultant hp Services "There are seldom good technological solutions to behavioral problems." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Seielstad Sent: Monday, December 16, 2002 5:29 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk Nah - I'm a completely non-technical pr!ck. Or as another sysadmin here has been known to say - technology misapplied. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: William Lefkovics [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 10:57 PM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > > Ah... a technical solution for a behavioral problem. There sure are > lots of those. > > William > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Roger > Seielstad > Sent: Friday, December 13, 2002 7:10 AM > To: Exchange Discussions > > We have plenty of people who would ditch Outlook entirely in that > scenario - even AT their desks. Not gonna happen on my watch. > > Not to mention, sooner or later they'd get really pissed having to use > the SecurID keyfob to log into their email. > > -- > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -Original Message- > > From: William Lefkovics [mailto:[EMAIL PROTECTED]] > > Sent: Friday, December 13, 2002 9:44 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > > > > > You're such an email nazi. ;o) > > > > I used to use OWA when away from my desk elsewhere in the office. > > > > William > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of Roger > > Seielstad > > Sent: Friday, December 13, 2002 5:44 AM > > To: Exchange Discussions > > > > I don't support OWA via VPN - if you're VPN'ed in, use Outlook. In > > fact, I've IP-limited OWA to external users only. We provide Outlook > > for a reason > > - we expect it to be used. > > > > As I said before, we do secure OWA with a multi-factor one time use > > authentication system (RSA's SecurID) which works well. > > > > ------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -Original Message- > > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, December 12, 2002 1:38 PM > > > To: Exchange Discussions > > > Subject: RE: Securing the OWA Kiosk > > > > > > > > > Mark, > > > > > > Thanks - interesting audit. If we decide to go forward with > > > allowing non-VPN clients access to Outlook we will take a closer > > > look at the product. Is > > > anyone aware of similar products? > > > > > > A question for the group on a related topic: is it common practice > > > to allow non-VPN clients to access Outlook via OWA, or do most > > > companies require at > > > least a VPN connection? > > > > > > Jon > > > > > > -Original Message- > > > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, December 12, 2002 9:52 AM > > > To: Exchange Discussions > > > Subject: RE: Securing the OWA Kiosk > > > > > > Jon, > > > > > > You could have a look at this OWA audit for some more details. Be > > > aware that the document is useful, but the issues in it (as well > > > as > > your #1) are > > > handled by Messageware's SecureLogoff product. > > > > > > http://www.messageware.net/audits/owa.html > > > > > > -Original Message- > > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, December 11, 2002 3:22 PM > > > To: Exchange Discussions > > > Subject: Securing the OWA Kiosk > > > > > > > > > How are folks handling the following potential security risks > > > using OWA from un
RE: Securing the OWA Kiosk
You would know that, too, wouldn't you? Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: Ed Crowley [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 17, 2002 1:03 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > Don't sell yourself short. You're a technical pr!ck. > > Ed Crowley MCSE+I MVP > Technical Consultant > hp Services > "There are seldom good technological solutions to > behavioral problems." > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf > Of Roger Seielstad > Sent: Monday, December 16, 2002 5:29 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > Nah - I'm a completely non-technical pr!ck. > > Or as another sysadmin here has been known to say - > technology misapplied. > > -- > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -Original Message----- > > From: William Lefkovics > [mailto:[EMAIL PROTECTED]] > > Sent: Friday, December 13, 2002 10:57 PM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > > > > > Ah... a technical solution for a behavioral problem. > There sure are > > lots of those. > > > > William > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On > Behalf Of Roger > > Seielstad > > Sent: Friday, December 13, 2002 7:10 AM > > To: Exchange Discussions > > > > We have plenty of people who would ditch Outlook > entirely in that > > scenario - even AT their desks. Not gonna happen on > my watch. > > > > Not to mention, sooner or later they'd get really > pissed having to use > > the SecurID keyfob to log into their email. > > > > > ---------- > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -Original Message- > > > From: William Lefkovics > [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, December 13, 2002 9:44 AM > > > To: Exchange Discussions > > > Subject: RE: Securing the OWA Kiosk > > > > > > > > > > > > You're such an email nazi. ;o) > > > > > > I used to use OWA when away from my desk elsewhere > in the office. > > > > > > William > > > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]] On > Behalf Of Roger > > > Seielstad > > > Sent: Friday, December 13, 2002 5:44 AM > > > To: Exchange Discussions > > > > > > I don't support OWA via VPN - if you're VPN'ed in, > use Outlook. In > > > fact, I've IP-limited OWA to external users only. > We provide Outlook > > > for a reason > > > - we expect it to be used. > > > > > > As I said before, we do secure OWA with a > multi-factor one time use > > > authentication system (RSA's SecurID) which works > well. > > > > > > > -- > > > Roger D. Seielstad - MCSE > > > Sr. Systems Administrator > > > Inovis - Formerly Harbinger and Extricity > > > Atlanta, GA > > > > > > > > > > -Original Message- > > > > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > > > > Sent: Thursday, December 12, 2002 1:38 PM > > > > To: Exchange Discussions > > > > Subject: RE: Securing the OWA Kiosk > > > > > > > > > > > > Mark, > > > > > > > > Thanks - interesting audit. If we decide to go > forward with > > > > allowing non-VPN clients access to Outlook we > will take a closer > > > > look at the product. Is > > > > anyone aware of similar products? > > > > > > > > A question for the group on a related topic: is > it common practice > > > > to allow non-VPN clients to access Outlook via > OWA, or do most > > > > companies require at > > > >
RE: Securing the OWA Kiosk
I only meant that in the most constructive, helpful, caring sense possible. Ed Crowley MCSE+I MVP Technical Consultant hp Services "There are seldom good technological solutions to behavioral problems." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Seielstad Sent: Tuesday, December 17, 2002 5:16 AM To: Exchange Discussions Subject: RE: Securing the OWA Kiosk You would know that, too, wouldn't you? Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: Ed Crowley [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 17, 2002 1:03 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > Don't sell yourself short. You're a technical pr!ck. > > Ed Crowley MCSE+I MVP > Technical Consultant > hp Services > "There are seldom good technological solutions to > behavioral problems." > __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Securing the OWA Kiosk
Of course you did. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: Ed Crowley [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 18, 2002 12:50 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > I only meant that in the most constructive, helpful, > caring sense possible. > > Ed Crowley MCSE+I MVP > Technical Consultant > hp Services > "There are seldom good technological solutions to > behavioral problems." > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf > Of Roger Seielstad > Sent: Tuesday, December 17, 2002 5:16 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > > You would know that, too, wouldn't you? > > Roger > -- > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -Original Message- > > From: Ed Crowley [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, December 17, 2002 1:03 AM > > To: Exchange Discussions > > Subject: RE: Securing the OWA Kiosk > > > > > > Don't sell yourself short. You're a technical > pr!ck. > > > > Ed Crowley MCSE+I MVP > > Technical Consultant > > hp Services > > "There are seldom good technological solutions to > > behavioral problems." > > > > > __ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
