Comments
 
posted on March 5th 2015, at 12:35
by lunarg
By default, when opening up OWA (Outlook Web App) access to the internet, you could technically also get into Exchange Admin Center (EAC) by appending /ecp after the external OWA URL, potentionally creating a security vulnerability and increasing the chance for a brute-force attack to succeed.

While it is generally a good idea to deny access to the Administrator user to manage the Exchange-server, this is not always possible or desireable. Additionally, because EAC is a VirtualDirectory within a site in IIS, it is not possible to have it listen on a separate internal IP address and secure it through the edge firewall. Luckily, IIS also has some other mechanisms to secure access. There's an   ...
Add a new comment
 
Your name:
Your e-mail:
Your comment:
 
Basic BBcode is supported.
Captcha:
Type the letters and numbers as shown.
/get/captcha/1670356689
Not readable? Get another.