exchangefreaks.com Forum Index
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

OWA auditing

 
Post new topic   Reply to topic    exchangefreaks.com Forum Index -> MS Exchange Applications
Author Message
Ted



Joined: 05 Aug 2007
Posts: 2
PostPosted: Thu Oct 02, 2003 5:50 pm    Post subject: OWA auditing Reply with quote
On the domain where I work users are set up where they get
3 tries to log on the network and then are locked out of
the network if all 3 are incorrect. I'm sure you are all
familiar with this concept.

Well, we also use OWA in our Intranet. Users have to
authenticate to it seperately but it is using their NT
username and password. I have found that you can attempt
to connect more than 3 times and never get locked out.
This seems to be a security hole. From this it seems a
dictionary attact could be easily made.

My question is this:
Is there a way to track failed logon attempts from OWA?
Also, can it be set up to lock an account after x failed
attempts?

Archived from group: microsoft>public>exchange>applications
Back to top
View user's profile Send private message
Ted



Joined: 05 Aug 2007
Posts: 2
PostPosted: Mon Oct 06, 2003 7:05 pm    Post subject: Re: OWA auditing Reply with quote
Thanks for your reply. This seems like a big hole to me.
How many admins bother tracking their IIS logfiles? I
guess it is 1 more thing we need to be on the lookout for.

t

>
>I don't think you can lock the accounts out, but you can
do some work with
>the IIS logiles to track the failed logons.
>
>All you need to look for are repeated 401 statuses that
are _not_ followed
>by a 200 status.
>
>Lee.
>
>
>--
>___________________________________
>
>Outlook Web Access for PDA and WAP:
>www.leederbyshire.com
>email a t leederbyshire d 0 t c 0 m
>___________________________________
>
>
>
>.
>
Back to top
View user's profile Send private message
Lee Derbyshire



Joined: 05 Aug 2007
Posts: 10
PostPosted: Mon Oct 06, 2003 8:12 pm    Post subject: Re: OWA auditing Reply with quote
"Ted" wrote in message$ddfe29d0$a601280a@phx.gbl...
> On the domain where I work users are set up where they get
> 3 tries to log on the network and then are locked out of
> the network if all 3 are incorrect. I'm sure you are all
> familiar with this concept.
>
> Well, we also use OWA in our Intranet. Users have to
> authenticate to it seperately but it is using their NT
> username and password. I have found that you can attempt
> to connect more than 3 times and never get locked out.
> This seems to be a security hole. From this it seems a
> dictionary attact could be easily made.
>
> My question is this:
> Is there a way to track failed logon attempts from OWA?
> Also, can it be set up to lock an account after x failed
> attempts?

I don't think you can lock the accounts out, but you can do some work with
the IIS logiles to track the failed logons.

All you need to look for are repeated 401 statuses that are _not_ followed
by a 200 status.

Lee.


--
___________________________________

Outlook Web Access for PDA and WAP:
www.leederbyshire.com
email a t leederbyshire d 0 t c 0 m
___________________________________
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    exchangefreaks.com Forum Index -> MS Exchange Applications All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group