Understanding Remote Web Workplace security features
The Remote Web Workplace has the following security features, which help prevent malicious users and programs from accessing the Windows Small Business Server network.
Secure Connections. The Remote Web Workplace incorporates the Secure Sockets Layer (SSL) protocol, which enables the server and a client computer to be authenticated before helping to establish a secure, encrypted connection.
Log Off. The Remote Web Workplace prevents future users of the same computer from pressing the Back button and reconnecting to the Remote Web Workplace. When users end a Remote Web Workplace session, they select Log Off, which removes the cookie from their computer and ends any Terminal Services and Outlook Web Access connections. Using this security feature is critical, particularly if users are accessing the Remote Web Workplace from a public computer, such as an airport kiosk.
After a user logs off, the following message is displayed, reminding the user to close the browser window to help prevent unauthorized access:
You have successfully logged off from the Remote Web Workplace. Close this window to help protect your Windows Small Business Server network.
Timeout. The default timeout for external users is 10 minutes. If there is no activity from an external user for 10 minutes, the connection is terminated, and the user must reconnect. This helps safeguard the Remote Web Workplace, in case a user forgets to log off from a public computer.
The default timeout for internal users is 20 minutes, which allows for extended remote desktop connections or e-mail correspondence.
One minute before the connection is terminated, users are prompted to confirm that they want to continue the Remote Web Workplace session. Responding to this prompt resets the timer.
Access Control List (ACL). Only administrators have Change permissions for Remote Web Workplace files. All other users have Read Only permissions.
IIS Settings. Internet Information Services (IIS) has bandwidth throttling enabled to prevent Denial of Service attacks, which flood the server with requests for authentication. Bandwidth throttling limits the bandwidth used by IIS to a value set by an administrator. If the bandwidth used by IIS approaches or exceeds this limit, bandwidth throttling delays or rejects IIS requests until more bandwidth becomes available.
Using Internet Explorer 6 Service Pack 1 or later is recommended when accessing the Remote Web Workplace.