Hello gang - today I have a shorter post-up from my Windows Small Business Server 2003 Best PRactices book - it is a summary of Remote Web Workplace security.
Harry Brelsford, ceo at smb nation, www.smbnation.com
did u know we have a raging conference comin' to Seattle in early October: SBS 2008 and EBS 2008 launch party!
Microsoft Small Business Specialist (SBSC) and MBA
RWW Security Summary
Before moving on and looking at Outlook 2003 remote approaches, oblige me and view the following RWW security summary:
• SSL connections required for access to the Web site.
• User authentication required for access to the Web site.
• Log out allows users to close sessions and clear any cached logon credentials.
• Timeout feature automatically closes sessions after a period of inactivity.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• Public or shared computer mode provides additional safety requirements in those environments (browser version checking, shorter timeouts).
• Web site is throttled through IIS.
• Web site files are strongly ACL’ed (governed by the Access Control List) to prevent unauthorized editing.
• Remote Desktop connections are encrypted and send only mouse clicks and keystrokes over the connection.
• Reduces or eliminated the need for VPN connections at the business.
BEST PRACTICE: Use the above list as “talking points” when talking about RWW.