Securing IIS within an Outook Web Access 2000 environment

In the past couple of years, e-mail has become an essential work tool that many people use on a daily basis. What used to be an easy way to send jokes and letters to family and friends is now for some businesses the most important tool of their enterprise. With the increase of people working on the road or from home, accessing the corporate e-mail has become a difficult task. Even though there exists many ways of accessing e-mail while out of the office, many of these solutions can lead to high security risks for servers on the internal network. Furthermore, it is possible for communication between the employee and the office to be altered or listened to while transmission of the e-mail occurs. One method of accessing e-mail externally of the network is using Outlook Web Access (OWA). The purpose of this document is to show you how to harden the security on the Internet Information Service 5.0 (IIS 5.0) on a Windows 2000 server where OWA is running. Once this step has been completed, a detailed procedure on the installation and configuration of the SecureIIS software on the OWA server will be given.