Tony, You may not realize that closing the browser does not always work. Try the audit plan test case #1.
Mark -----Original Message----- From: Tony Hlabse [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 2:00 PM To: Exchange Discussions Subject: Re: Securing the OWA Kiosk One thing for sure that all users have to know is to make sure they close the browser window besides just logging off. Most do not even though a setting will tell the user to close the browser window. So maybe a product like Messageware would be OK. Also I would install some type of SSL security if OWA is going to be a major access point. Also if there are going to be many users using this type of access a Front-end/Backend solution is in order. ----- Original Message ----- From: "Martin, Jon" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Thursday, December 12, 2002 1:50 PM Subject: RE: Securing the OWA Kiosk > On the common practice follow-up question, I should have been a bit more > concise by indicating that my question relates to users who are connecting > to our corporate email system via the Internet, not internal users. > > Jon > > -----Original Message----- > From: Martin, Jon > Sent: Thursday, December 12, 2002 10:38 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Mark, > > Thanks - interesting audit. If we decide to go forward with allowing non-VPN > clients access to Outlook we will take a closer look at the product. Is > anyone aware of similar products? > > A question for the group on a related topic: is it common practice to allow > non-VPN clients to access Outlook via OWA, or do most companies require at > least a VPN connection? > > Jon > > -----Original Message----- > From: Mark Rotman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 9:52 AM > To: Exchange Discussions > Subject: RE: Securing the OWA Kiosk > > Jon, > > You could have a look at this OWA audit for some more details. Be aware that > the document is useful, but the issues in it (as well as your #1) are > handled by Messageware's SecureLogoff product. > > http://www.messageware.net/audits/owa.html > > -----Original Message----- > From: Martin, Jon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 11, 2002 3:22 PM > To: Exchange Discussions > Subject: Securing the OWA Kiosk > > > How are folks handling the following potential security risks using OWA from > unsecured workstations, such as a kiosk or library environment? > > 1. Cached web pages, etc. on the workstation. User walks away without > closing the browser, the next user has access to the previous users' email. > > 2. Stealth keyboard capture program grabs userids and passwords. > > It seems like there is a common train of thought about remote OWA that 'It > is only email, what is the worst that could happen?' My take is someone who > has unauthorized access to email can potentially: > > - Get people fired; > - Get people arrested; > - Get companies/people sued; > - Cost companies/people money. > > Thanks . . . > > Jon Martin > Systems Programmer > East Bay Municipal Utility District (EBMUD) > Oakland, CA > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
