Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Secure OWA
From: "Mark Senior" <senatorfrog () gmail com>
Date: Wed, 30 Aug 2006 12:40:41 -0600

On 8/30/06, Renshaw, Rick (C.) wrote:

>
There's two sides to this risk.  If you allow OWA logins to lock out
accounts, and your OWA page is available from anywhere on the Internet, you
are handing an easy DOS tool to anyone that knows the account names for
people on your server.

I think a possibly better approach, although it doesn't seem like you
could implement it quite as simply as account lockouts, would be to
lock out, not the account, but the originating IP address, for a
duration.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]