General discussion

Locked

Cached Attachments in Outlook Web Access

By dweipers ·
Hi there,

I am keen to role out "Outlook Web Access" for all our travelling users.

I have set-up an OWA Server in a DMZ off of our firewall and protected the IIS server with RSA Security's Web ID funtionality. The site requires a Secure connection using SSL so I have 40-bit encrypted tunnel between browser and Outlook Web Access Server. Our Firewall has a rule with Source "Any" to Destination "IP Address of the Web Server" on Service "Port 443 (Https)".

This is all working with our SecurID cards required for accessing it. I am happy that the comms are secure enough for protection from the Internet.

My concerns are for the following scenario: -

When my user logs on to any PC in anywhere in the world and accesses their email from the browser, what happens to the cached Web Pages? and, if they launch attachments (Word and Excel, etc), the file saves to the local "Temporary Internet Files" folder.

This poses a serious security breach to us as we cannot expect our users to know about going into the different locations and deleting cached files and pages.

Is there any way I can avoid this happening?

I cannot believe that I am the only person experiencing this, so I may be missing something obvious.

I would be grateful for any info you have on this.

Regards

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

A possible approach

by syadm In reply to Cached Attachments in Out ...

There is one way but it requires some user involvment so i am not sure that it is the right way to go. It is based on putting the confidential/Restricted flag on sensitive mail.
First you make a new mailaccount and give the remote user web access only to this.
Second you or the user sets a forwarding rule on the original account which only forwards mail without confidential/restricted flag.
This stops sensitive mail from going out vis webaccess from the original account.
Ther is one thing left to solve.
If someone sends a sensitive mail to the web account then this mail can still be accessed via webacess. To fix this one can set a rule on the webaccount to forward all incoming mail, exept from the first account, to, thats right, the first account.
This generates a lot of copies but this is just an idea of how to prevent sensitive mail from going out and it probably has some bad sides.
Any comment on the idea is appreciated.
Rgds.
Tom

Collapse -

Whale

by piaconis In reply to Cached Attachments in Out ...

There is a hardware solution to this. Whale Communications makes a product that forces the install of a small program that they call Attachment Wiper. This will clear your tracks, and will periodically poll the remote end to reassociate security, to avoid a dead session becoming an on ramp for a would be hacker.

Check it out at http://www.whalecommunications.com

Back to Security Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums