CAUTION
Service packs and hotfixes can have the effect of erasing custom changes made in IIS
Manager, including SSL and Authentication settings on virtual directories. One of the
first things that should be done after applying patches or service packs should be to
double-check these settings and validate functionality.
Securing Exchange Outlook Web Access with ISA
Server 2006
As previously mentioned, OWA is one of the most commonly secured services that ISA
servers protect. This stems from the critical need to provide remote email services while
at the same time securing that access. The success of ISA deployments in this fashion
330 CHAPTER 12 Securing Outlook Web Access (OWA) Traffic
1. Client on Internet attempts
to connect via web browser
to mail.companyabc.com.
5. Client sees web page
served up by ISA Server,
assumes it is the OWA
server, and enters username
and password.
8. ISA then allows the
authentication HTTP traffic
from the client to the OWA
server, establishing a
connection and monitoring it
for exploits and attacks.
7. The OWA Server validates
the credentials and sends
the affirmative response
back to ISA.
Pages:
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548