Home
Affiliations
Resources
Contact
Products A-Z
Products by Category
How to buy
On-LineStore.htm
Texas CISV Catalog

 

Messageware Inc.

Founded in 1993, Messageware is the world's leading provider of productivity and security solutions for Microsoft Office Outlook Web Access.

At Messageware, our mission is to enhance and secure access to business information for everyone, anywhere through increased awareness and adoption of Microsoft Office Outlook Web Access, the industry’s most reliable and cost effective web email application..

Product Overview

What are the Risks?

Features and Benefits

System Requirements

View a brochure for SessionGuard

View On-Line Demo

View an OWA Security Whitepaper

Try a 5 minute Audit your    OWA installation

View a case study from Nanyang Technical University

View a Product Review from Enterprise Server Magazine

 

 

 

 

 

 SessionGuard for Outlook Web Access

 

Stop unauthorized Exchange access via OWA!!

 

Product Overview

 SessionGuard for Outlook Web Access goes beyond SSL security and prevents intruders from pirating an OWA session to gain unauthorized access to a user's Exchange mail, calendar, and address books (where many passwords tend to be stored).

OWA has some security issues that should worry Exchange Administrators:  First, an OWA user’s cached credentials can easily be used to gain unauthorized access to Exchange; and second, because an OWA session does not time out if the user forgets to logout and close the browser window, an intruder can gain access to Exchange simply by browsing to the open OWA session.  

Most organizations know to use SSL to encrypt data transferred to and from the OWA client and the Exchange server, thus making it impossible to snoop the contents of a user’s email. What most organizations do not know, however, is SSL will not prevent an intruder from gaining access to Exchange via an OWA session, even if SSL is used in conjunction with other security products such as a firewall. This is because OWA relies on the Web browser for credentials, which are cached.  

SessionGuard for Outlook Web Access goes beyond SSL security and prevents intruders from pirating an OWA session to gain unauthorized access to a user's Exchange mail, calendar, and address books (where many passwords tend to be stored)

Even if a user utilizes the OWA logoff button, unauthorized access is easily accomplished as a user's authentication credentials are still cached. SessionGuard's robust authentication monitoring technology goes beyond SSL security and ensures that a user's cached credentials can not be reused. In addition, SessionGuard provides an administrator with the ability to define session time-outs for those instances when a user forgets to exit OWA and close all browser instances.

SessionGuard is optimized for use with Exchange 5.5 or Exchange 2000 and is a server-based software security solution that is easily installed and quickly configured in 5 minutes or less.

What are the Risks?

Outlook Web Access (OWA) makes it easy for organizations to provide anywhere/anytime access to Exchange. While OWA helps users stay in touch and increases their ability to stay on top of business, it also creates some serious security issues that have gone unnoticed by many organizations. Even when an organization takes strong measures to secure IIS and/or uses security schemes such as RSA, they are exposed to unauthorized access to Exchange via an OWA session.

How OWA Sessions are Pirated by Unauthorized Users'

An OWA user’s cached credentials can easily be used to gain unauthorized access to Exchange. OWA user IDs and passwords are stored in the browser cache for subsequent use, and they remain in the cache as long as a browser session is active. For instance, a stock ticker on the desktop keeps an OWA session alive even if the user closes the OWA browser window. This caching can allow an intruder to access Exchange by just clicking the back arrow, even if Exchange is protected by sophisticated security schemes such as RSA.
     
OWA is exposed to unauthorized access when:
  • The browser cannot be closed (kiosks)
  • A window such as mail composition is left open
  • Windows Explorer is used to navigate URLs
  • Users navigate to new URLs
  Vulnerable Data:
  • E-mail
  • Contacts
  • Calendars & Appointments
  • Corporate Address Lists
  • Public Folders
  • Web Applications & Storage

Features and Benefits

Secures OWA

Problem:   Unauthorized users gain access to Exchange via an OWA session due to browser cached credentials
Solution:   SessionGuard for Outlook Web Access
Result:   Increased protection against unauthorized access and greater degree of confidence for users and management
  • Supports all Browsers
  • Session Expiry
  • Clears Credentials
  • Supports Rich Reach Clients
  • Protects Cached Data
  • No Additional Hardware
  • No Client Installation
  • No Performance Impact
  • Security Audit Reporting

SessionGuard for Outlook Web Access:

  • Securely log off OWA forcing new authentication
  • Protects all Exchange web access directories
  • Session expiry denies unauthorized navigation
  • Supports kiosks where security prohibits closing the browser
  • Optionally integrates with Messageware's Plus Pack for Outlook Web Access 

System Requirements

  • Windows Internet Explorer 5.x and above

  • Supports Office 97, 2000 and XP

  • Exchange 5.5, 2000 or 2003

Messageware SessionGuard is available for:

Exchange Server 5.5, 2000, 2003 and 2000/2003 Mixed Mode

 

  Copyright 2003 Messaging Solutions LLC Last updated: 01/26/2008 04:32:41 PM -0700  |  Contact Info | Privacy Policy