Securing Outlook Web Access (OWA) 2013 With NetScaler .

2y ago
21 Views
2 Downloads
3.99 MB
10 Pages
Last View : 2m ago
Last Download : 2m ago
Upload by : Grady Mosby
Transcription

Solution GuideSecuring OutlookWeb Access (OWA)2013 with NetScalerAppFirewallSolution GuideThis solution guide provides guidelines for securing Exchange 2013Outlook Web Access (OWA) with NetScaler Application Firewall.citrix.com

Solution GuideSecuring Outlook Web Access (OWA) 2013 with NetScaler AppFirewallCitrix NetScaler AppFirewall is a comprehensive ICSA certifiedweb application security solution that blocks known and unknownattacks against web and web services applications. NetScalerAppFirewall enforces a hybrid security model that permits onlycorrect application behaviour and efficiently scans and protectsagainst known application vulnerabilities. It analyzes allbi-directional traffic, including SSL-encrypted communication, toprotect against a broad range of security threats without anymodification to applications.IntroductionNetScaler AppFirewall technology is included in and integrated with Citrix NetScaler MPX andVPX, Platinum Edition, and is available as an optional module that can be added to NetScaler MPXappliances running NetScaler Enterprise Edition. NetScaler AppFirewall is also available as a standalone solution on some NetScaler MPX appliances. The stand-alone NetScaler AppFirewall modelscan be upgraded via software license to a full NetScaler Application Delivery Controller (ADC).Microsoft OWA 2013 is a web-based email client that enables users to access emails and contacts,and to share a web calendar. It is supported by all major browsers. To implement OWA security, theCitrix NetScaler application firewall offers an easy-to-configure security solution using the hybridmodel. A set of built-in signatures with auto-update support offer protection against the WEB-IISvulnerabilities. Deep protections such as Buffer Overflow, SQL Injection and Cross-Site Scriptingsecurity checks can effectively thwart any attempt to exploit application vulnerabilities. Eachrequest is inspected to identify any malicious content, and specified actions are taken to eitherblock such content or render it harmless by transforming it.This guide focuses on defining the guidelines for securing OWA 2013 access with Citrix NetScalerAppFirewall.The product versions described here are ProductVersionNetScaler (AppFirewall IntegratedModule)10.5 (Enterprise/Platinum License)Microsoft Exchange Server/OWA2013citrix.com2

Solution GuideSecuring Outlook Web Access (OWA) 2013 with NetScaler AppFirewallSummary of Steps Create a service for local virtual server.Create load balancing virtual server.Create signatures for the application firewall and enable the built-in rules in the web-iis category.Create an application-firewall profile.Configure the profile’s security checks to enable Buffer Overflow, XSS and SQL Injectionprotections.Configure the profile’s settings to bind signatures and exclude file uploads from inspection, toprevent false positives.Create an application firewall policy with an expression that identifies the traffic flowing to andfrom the application, and an action that applies the configured profile’s protections to the traffic.Bind the policy to the load balancing virtual server.Monitor logs and tweak the configuration. Deploy relaxation rules to avoid false positives ifneeded.Deployment guidelinesCreating a ServiceIf it does not already exist, create a service bound to the OWA service on port 443 (the IP providedwill normally be that of the client access server (CAS) in your Exchange 2013 setup). Specify theprotocol as SSL and the port as 443 (or an alternate port as per your Exchange serverconfiguration)citrix.com3

Solution GuideSecuring Outlook Web Access (OWA) 2013 with NetScaler AppFirewallCreate and add a load balancing virtual serverAdd a load balancing (LB) virtual server (vserver) that the OWA service created earlier will be boundto. The protocol should be set as SSL and port should be 443, or any alternate port as per yourExchange server setup.Bind the service created earlier to the LB along with the required SSL certificates by clicking on theServices and Service Groups tab in the Basic Settings screen for the LB vserver -citrix.com4

Solution GuideSecuring Outlook Web Access (OWA) 2013 with NetScaler AppFirewallApplication Firewall ConfigurationMake a copy of the application firewall default signatures by clicking on Export under the Actiondropdown on the AppFirewall Signatures screen at Security AppFirewall SignaturesNow, add a signature by clicking on Add above, then edit the name and add comments so that therule is distinguishable. Use the Show/Hide button to select web-iis to isolate all the rules for thisCategory. By default the signature rules are disabled. Click the down-arrow on the Action button,and select Enable All Searched Rules to enable all the selected rules. (The following example showsowa sig as the signature name)citrix.com5

Solution GuideSecuring Outlook Web Access (OWA) 2013 with NetScaler AppFirewallAdd a basic application firewall profile for the OWA application by navigating to Security Application Firewall Profiles and clicking on Add. Use a meaningful name to keep track of the purpose of the profile. Set the profile type to Web Application and Defaults to Basic. (The followingexample shows owa profile as the profile name.)Configure the security checks of the newly added profile by clicking on the profile name and clicking on Edit on the profile list page. Enable the Block, Log, Learn, and Stats actions for the SQLInjection and Cross-Site Scripting checks. Enable the Block, Log and Stats actions for the BufferOverflow check. Disable all actions for the rest of the security checks.citrix.com6

Solution GuideSecuring Outlook Web Access (OWA) 2013 with NetScaler AppFirewallConfigure the profile’s settings. Bind the signatures to the profile and select the check box forExclude Uploaded Files from Security Checks.Now, navigate to Security Application Firewall Policies Application Firewall Policies. Create anapplication firewall policy for the OWA profile and bind the policy to the LB vserver.citrix.com7

Solution GuideSecuring Outlook Web Access (OWA) 2013 with NetScaler AppFirewallThe following example uses the expression HTTP.REQ.HOSTNAME.EQ(“www.mail.com”) to selectthe target traffic. (replace www.mail.com with your email domain)On the policy listing screen, select the newly added policy and click Policy Manager. From the BindPoint options, select Load Balancing Virtual Server. The Virtual Server field now becomes visible.From this field’s drop-down list, select the OWA virtual server that you created earlier. ClickContinue to display the Bind Point pane.citrix.com8

Solution GuideSecuring Outlook Web Access (OWA) 2013 with NetScaler AppFirewallIn the Select Policy field, click the arrow to display the policy options. Select the OWA policy andclick Select. Click Bind.Now, in the Bind Point pane, click Done.citrix.com9

Solution GuideSecuring Outlook Web Access (OWA) 2013 with NetScaler AppFirewallIn the Application Firewall Policies pane, refresh the page. A Green check mark appears in theActive Column to indicate that the policy is now active.The Microsoft OWA application is now protected by the application firewall. You can monitor the /var/log/ns.log to verify whether any violations are being detected, and fine-tune the security checkconfiguration by adding relaxation rules if needed.ConclusionCitrix NetScaler AppFirewall enables a completely secured application delivery experience forenterprises with Outlook Web Access by utilizing the right mix of licensing and policy/rule/signature definitions. With the recommendations provided in this guide, enterprises can expect a secureexperience while providing continued access to email, calendar, tasks and other essential businessinformation to their employees and partners.Corporate HeadquartersFort Lauderdale, FL, USAIndia Development CenterBangalore, IndiaLatin America HeadquartersCoral Gables, FL, USASilicon Valley HeadquartersSanta Clara, CA, USAOnline Division HeadquartersSanta Barbara, CA, USAUK Development CenterChalfont, United KingdomEMEA HeadquartersSchaffhausen, SwitzerlandPacific HeadquartersHong Kong, ChinaAbout CitrixCitrix (NASDAQ:CTXS) is leading the transition to software-defining the workplace, uniting virtualization, mobility management,networking and SaaS solutions to enable new ways for businesses and people to work better. Citrix solutions power business mobilitythrough secure, mobile workspaces that provide people with instant access to apps, desktops, data and communications on any device,over any network and cloud. With annual revenue in 2014 of 3.14 billion, Citrix solutions are in use at more than 330,000 organizations andby over 100 million users globally. Learn more at www.citrix.com.Copyright 2015 Citrix Systems, Inc. All rights reserved. Citrix, other trademarks are trademarks of Citrix Systems, Inc. and/or one ofits subsidiaries, and may be registered in the U.S. and other countries. Other product and com-pany names mentioned herein may betrademarks of their respective companies.0116/PDFcitrix.com10

Introduction NetScaler AppFirewall technology is included in and integrated with Citrix NetScaler MPX and VPX, Platinum Edition, and is available as an optional module that can be added to NetScaler MPX . Securing Outlook Web Access (OWA) 2013 with NetScaler AppFirewall 7 Configu

Related Documents:

Signing into the Outlook Web App . You can still sign into OWA using the same URL, https://mail.cityoftacoma.org. Please Note: Users who access OWA using Windows XP may experience extended response times within the new Outlook Web Appl ication (OWA). The New OWA User Interface . The image below displays the mail area of the new OWA interface

Outlook Web App - OWA . Let's take a look at the new features and functionality available on OWA. Feature & Functionality Description User experience . Logon Screen User logon screen for Outlook Web App (OWA) - see Image 1 The logon screen is redesigned to more clearly present the logon options to users. Users may

Logging into Outlook Web Access (OWA) To log into OWA, launch your web browser and type the following in the . When to use the light version of Outlook Web App Select this option if you do not want the following features Tasks modules . clicking sign out in the tool bar. It is important understand that OWA

2010 Outlook Web App Client Overview The upgrade to Microsoft Exchange 2010 includes an updated web-based e-mail client, OWA. OWA stands for “Outlook Web App” and gives you access to your district e-mail (your e-mail @sdccd.edu). It is available from any

Outlook 2013, Outlook 2016, or volume-licensed versions of Outlook 2019 Support for Outlook 2013, 2016, and volume-licensed versions of Outlook 2019 ends in December 2021. To continue using the Outlook integration after the end of 2021, make plans now to upgrade to the latest versions of Outlook and Windows. Outlook on the web

The Client Access Server role accepts connections to your Exchange 2010 server from different clients such as, but not limited to, Microsoft Outlook. The ive Client Access modes are: Outlook Web App (OWA) – access your email from any Web browser Outlook Anywhere – access your email from the Internet using Microsoft Outlook Messaging .

For the best experience with Outlook Web App, use one of the operating system and browser combinations labeled "Best". Outlook Web App is supported by other operating system and web browser combinations, but not all features will be available. Some browsers will support only the light version of Outlook Web App. Best: All features will work.

three main factors used for determining the premium rates under a life insurance plan are mortality, expense and interest. The premium rates are revised if there are any significant changes in any of these factors. Mortality (deaths in a particular area) When deciding upon the pricing strategy the average rate of mortality is one of the main considerations. In a country like South Africa .