| Author |
Message |
Jason Williamson
Guest
|
 Posted:
Wed Dec 21, 2005 5:58 pm Post subject:
OWA Temp Files |
|
|
All,
I'm looking at addressing a company concern with OWA and its temp files left
on the client machine wherever you connect from, and hackers' ability to hack
those temp files & use it to enter your network.
Is this likely to occur? Considering the SSL that OWA has to use and the
Secure ID Token authentication mechanism used to authenticate in, I'd think
that would cover the fact that there aren't any temp files to hack once you
exit your session window, as well as the fact yoru PIN changes every 60
seconds...
Thanks in advance,
Jason Williamson
|
|
| Back to top |
|
 |
Mark Arnold [MVP]
Guest
|
| Posted:
Thu Dec 22, 2005 12:06 am Post subject:
Re: OWA Temp Files |
|
|
On Wed, 21 Dec 2005 08:21:05 -0800, "Jason Williamson"
<JasonWilliamson@discussions.microsoft.com> wrote:
| Quote: | All,
I'm looking at addressing a company concern with OWA and its temp files left
on the client machine wherever you connect from, and hackers' ability to hack
those temp files & use it to enter your network.
Is this likely to occur? Considering the SSL that OWA has to use and the
Secure ID Token authentication mechanism used to authenticate in, I'd think
that would cover the fact that there aren't any temp files to hack once you
exit your session window, as well as the fact yoru PIN changes every 60
seconds...
Thanks in advance,
Jason Williamson
|
The only real concern here is the caching of attachments and stuff.
There are server side utilities (3rd party applications really) that
get around that loophole, should it be a concern. |
|
| Back to top |
|
|
Jonathan Norris
Guest
|
| Posted:
Thu Dec 22, 2005 1:58 am Post subject:
Re: OWA Temp Files |
|
|
You can also look into running Forms Based Authentication, If users use the
public computer option then there will not be any cookies left on the client
PC.
You may want to review this article.
http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3ClientAccGuide/80f81258-dcae-410e-b136-a4e521479ff5.mspx
I have deployed FBA in secure environments and it passes their audits with
flying colors where 2000 and 5.5 wouldn't have.
--
Jonathan
No Warrenties Implied, Did you do a FULL backup today??????
"Mark Arnold [MVP]" wrote:
| Quote: | On Wed, 21 Dec 2005 08:21:05 -0800, "Jason Williamson"
JasonWilliamson@discussions.microsoft.com> wrote:
All,
I'm looking at addressing a company concern with OWA and its temp files left
on the client machine wherever you connect from, and hackers' ability to hack
those temp files & use it to enter your network.
Is this likely to occur? Considering the SSL that OWA has to use and the
Secure ID Token authentication mechanism used to authenticate in, I'd think
that would cover the fact that there aren't any temp files to hack once you
exit your session window, as well as the fact yoru PIN changes every 60
seconds...
Thanks in advance,
Jason Williamson
The only real concern here is the caching of attachments and stuff.
There are server side utilities (3rd party applications really) that
get around that loophole, should it be a concern.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in