In this Chapter

With OWA 2003, your organization s users can access their mailboxes using a Web browser. OWA 2003 has come a long way since Exchange 5.5 and 2000; it now looks and feels very similar to the full Outlook 2003 client. If we were to describe all the new, cool features of OWA 2003, we would end up writing several hundred pages, but because this book is about the security aspects of Exchange 2003 and Outlook Web Access, this chapter focuses strictly on OWA security:

• OWA authentication

• Enabling SSL on OWA

• Restricting user access

• Allowing password changes through OWA

• Redirecting HTTP to HTTPS

By the time you reach the end of this chapter, you will have gained a proper understanding of the different authentication methods available in OWA as well as insight into how to secure the OWA 2003 server by enabling SSL, how to control user access, and how to allow users to change their passwords through the OWA interface. To finish the chapter, we show you a little trick on how to redirect HTTP requests to HTTPS. For readers who wonder why we don t have a section on the new and exciting forms-based authentication feature, refer to Chapter 7.

What are we waiting for? Let s get started!

OWA Authentication

To begin, let s look at each of the authentication methods available in OWA 2003.