Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


August 29, 2006

Better OWA Attachment Security

Remote users love OWA. You'll love these tips that limit the risks.
A Web Exclusive from Windows IT Pro
Paul Robichaux
Feature
InstantDoc #93000
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Security Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Microsoft Outlook Web Access (OWA) is a useful tool for giving remote or mobile users access to their Outlook mailboxes. Although OWA lacks some of Outlook's features, the overall user experience is similar to that of Outlook and is a reasonable alternative. However, some of the functionality that makes OWA useful and convenient also raises some security concerns—among them fears about attachment safety, either from sensitive information getting into the wrong hands or from malicious content that can harm a user's PC or the network. But rather than deny users the ability to use OWA to remotely access their mailboxes, you can take some steps to help secure OWA attachments and reduce the security risks involved. You can also plan ahead to take advantage of some new attachment-control features that Microsoft has included in Exchange Server 2007.

OWA Attachment Handling
When an OWA user receives an email message containing an attachment, the user can perform one of three actions:

  • From within the browser, the user can right-click and save the attachment. This behavior is purely a function of the browser and has nothing to do with OWA.
  • From within the browser, the user clicks the attachment link, and the browser displays a dialog box that asks whether the user wants to save or open the file. If he or she chooses to save it, the browser saves the file—again without OWA being involved.
  • The user chooses to open the document, in which case, OWA sends an HTTP header to the browser indicating that the document expired the previous day. This causes the browser to not cache the document, although it might write the document to a temporary file area on the hard disk.

Note that in the first two cases, OWA has no control over what happens to the file. If the user chooses to save the file, the browser will simply ignore the "don't cache this" header. Even if you manually add the Cache-control: no-cache header to the Exchange virtual directory, users will still be able to save attachments. To amend this behavior, you can take advantage of OWA 2003's attachment-control features to prevent users from being able to open the attachments. To be specific, with OWA you can . . .

Reader Comments
I would like to know if I can block users from attaching items in new messages written in OWA.
Sice I have an E-mail gateway that filters inbound attachments, OWA is bypassing my rules.

pceylao August 31, 2006 (Article Rating: )

You could probably do this by customizing OWA to remove the attachment button, but off the top of my head that's the only way I can think of to do this, and of course Microsoft won't support that approach.

paulrobichaux September 08, 2006 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
Friday at PASS Europe 2006

Kevin talks about the closing day of the event and shares a funny Microsoft film. ...

More fun TechEd 2005 Resources

Kevin points out some more TechEd resources ...

WinInfo Short Takes: Week of October 13, 2008

An often irreverent look at some of the week's other news... ...
Related Articles Don't Let Your Messaging System Be the Source of Sensitive-Data Leaks
Security Whitepapers Protecting (You and) Your Data with Exchange Server 2007

Extended Validation SSL Certificates

Unauthorized applications: Taking back control
Related Events Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.

Job Openings in IT

ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

Microsoft Exchange & Windows Connections event returns to Las Vegas Nov 10 - 13
Connections returns to Las Vegas for this exciting event where each attendee will receive SQL Server 2008 standard with 1 CAL. Co-located with Microsoft ASP.NET, SQL Server, and SharePoint Connections with over 250 in-depth sessions.

Free Online Event! Virtualization:Get the Facts!
Register now and attend this free, live in-depth online conference on November 13 and 20, 2008, produced by Windows IT Pro. All registrants are eligible to receive a complimentary one-year digital subscription to Windows IT Pro (a $49.95 value)!

Check Out Hyper-V Video on ITTV
Watch Karen Forster's interview on Hyper-V's performance on ITTV.net.

Ease Your Scripting Pains with the Flexibility of PowerShell!
Join MVP Paul Robichaux on December 11, 2008 at 11:00 AM EDT as he equips you with PowerShell basics in 3 introductory lessons, each followed by a live Q&A session—all on your own computer!

Latest Advancements in SSL Technology
There are a variety of different kinds of SSL to explore to ensure customer data is kept confidential and secure. In this paper, we will discuss some of these SSL advances to help you decide which would be best for your organization.

PASS Community Summit 2008 in Seattle on Nov 18-21
The don’t-miss event for Microsoft SQL Server Professionals. Register now and you’ll enjoy top-notch Microsoft and Community speakers and more.



Solving PST Management Problems
In this white paper, read about the top PST issues and how to administer local/network PST Files.

Get Protected -- Data Protection Manager 2007
Protect your virtualized environment with Data Protection Manager

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.

Maximize Your SharePoint Investment: Get Your Data Moving
Watch this web seminar now to learn how to maximize your SharePoint investment! Join us as we take a look at the complex business of securing, accessing and managing vast amounts of information in a global network and various ways to get your data moving.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing