How to secure my OWA

By p_harks ·

I have inherited a exchange 2007 server configuration in my job role and I want to provide OWA to users of our corporate network. I have setup the OWA and it works fine internally also I registered a domain name and purchased a valid digicert san certificate to use for access. My problem is when I see all the info on the web about hosting OWA they all say to have a front end server in place with ISA to access the backend server. We do not not use ISA on the network it is secured through a watchguard firebox and I can configure it to allow incoming connections through a https proxy or https filter straight into our exchange server using the HTTPS://, this works fine and so does the certifcate I can access the web interface and see the OWA email. My concern is as the exchange server is hosting the internal mail system and the OWA on the same server is this is a secure way to provide the connection or should we have another server in place to provide this connection, as I say I am making our only exchange server public facing through the firewall.



This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

OWA is a portal

by CG IT In reply to How to secure my OWA

and if you use HTTPS the connection is [somewhat] secure. There's not much else you can do.

Your using 3 factor authentication, the most you can do is put in a 4th factor for authentication but then you run into the administrative burden and user experience burden.

Collapse -

RE: OWA as portal

by p_harks In reply to OWA is a portal

Hello CG thanks for the reply,

My main concern is that OWA is on the same server hosting the exchange and this server is behind our firewall and connected to other servers in our local domain using active directory.

Thanks again,


Collapse -

It's still a HTTPS web portal

by CG IT In reply to RE: OWA as portal

and uses SSL for the connection. While that, in itself should not be considered as secure, it does provide a measure of security.

There are tons of articles on how to beef up security for OWA on Microsoft Technet for different setups.

Suggest you go there or

Collapse -


by p_harks In reply to It's still a HTTPS web po ...

Will do thanks for the advice,


Related Discussions

Related Forums