1. Understanding OWA Security Features
OWA
has several enhancements for security, including support for message
classification, spam beacon blocking, attachment blocking, cookie
authentication, and clearing user credentials during the logoff process.
Utilizing Message Classification
OWA
2007 allows a user to take advantage of the message classification
rules that are configured on the Exchange 2007 server. These
configurations in Exchange 2007 allow specific message types to be
handled in specific ways. For example, a “Company Confidential” message
might have a standard disclaimer applied to it before it is sent or an
“A/C Privileged” message might be routed through an encrypted
connection to the recipient’s server. By clicking the Message
Classification icon in the toolbar of a new message, the OWA user can
set these values.
Understanding Spam Beacon Blocking
OWA
2007 provides additional security against spam. If configured, OWA does
not enable spam beaconing technology to function in OWA; it blocks
links to external content on the Internet from being accessed from the
OWA interface. This greatly increases the antispam features of OWA by
disabling the spammer’s ability to hide beacons in unwanted spam
messages. Those spam beacons automatically contact the spammers when
the email messages are opened, letting the spammers know they have
reached a live email address. By blocking this functionality, one more
method of finding live addresses is eliminated from the spammer’s
arsenal.
Understanding Attachment Blocking
OWA
also provides built-in and configurable functionality to block Internet
attachments, such as links to websites, music, and other Internet
technologies available only outside the firewall (on the Internet).
OWA
built on Exchange Server 2007 contains a block list. Any attachments
with an extension type in the block list are automatically blocked when
sent to a user in Outlook or OWA. The latest service packs now also include blocking of XML MIME applications and test files.
When
changing or modifying these options, only administrators can configure
these options; this is not configured by users in OWA. When one of
these type of files are blocked, users are sent a message notifying
them that the attachment is blocked.
Understanding Cookie Authentication Timeout and Timed Logoff
OWA
2007 uses cookies to hold the user authentication information. When a
user logs off of OWA 2007, the cookie automatically expires, so a
hacker can’t use the cookie to gain authentication. In addition, the
cookie is configured to automatically expire—after 20 minutes of
inactivity in OWA if the user specified a private computer, or 10
minutes if the user specified a shared or public computer.
After timed logoff has occurred and a user tries to access OWA, he has to reenter user credentials.
Clearing User Credentials at Logoff
For
users who access OWA 2007 via Internet Explorer 6.0 SP1 or higher and
FBA, the user’s logon credentials cache automatically clears when the
user logs off from OWA 2007. It is no longer necessary to close the
browser window to clear the cache. For users accessing OWA via other
Internet browsers or via OWA servers that aren’t configured to use FBA,
users must still close the browser window to clear the cache and will
be prompted to do so.
2. Tips for OWA Users with Slow Access
Some
users might need to access OWA through a slow, dial-up connection. OWA
provides them with many ways to enhance performance and speed to
improve the overall OWA experience. Leveraging options built in to the
Exchange operating systems and toggling off some OWA options can ensure
that users accessing OWA experience a friendly, easy-to-use client.
When
using forms-based authentication, making additional changes to the
Exchange server can improve OWA performance. This option provides data
compression on two levels when communicating with OWA and can improve
the overall performance of OWA by up to 50%.
Tip
When
enabling compression on the Exchange virtual server, test performance
to validate that the change is addressing your performance concerns.
Ensure that compression isn’t placing too high a CPU load on the system.
To enable compression on the Exchange virtual server, perform the following steps:
1. | Click Start, All Programs, Microsoft Exchange Server 2007, and select Exchange Management Shell.
|
2. | From the Exchange Management Shell prompt, type get-owavirtualdirectory.
|
3. | Record the identity of the OWA virtual directory.
|
4. | Type set-owavirtualdirecotry –identity "Owa (Default Web Site) –gziplevel high.
|
5. | Type Exit.
|
6. | Launch the DOS prompt.
|
7. | Type iisreset /noforce.
|
8. | Type Exit.
|
There
are options that can be configured from the server and through Group
Policy to improve access speeds, but users can help speed up their
access regardless of whether the server-side improvements are
implemented. Major options are as follows:
- Choose Basic Mode when Logging into OWA
- Set Low Number of Messages to Be Displayed on the Page
- Turn Off the Reading Pane
- Turn On Two-Line Viewing
- Enable the Blocking of Internet Content