NavGuard 2010 – Outlook Web App Security for Exchange 2010

NavGuard monitors an OWA user’s activity in order to alert the user to a potential security exposure that occurs when a new web page is opened in the current window, leaving the OWA session active in the background. In this scenario the OWA session is left vulnerable and open to use by an unauthorized individual who can hijack the OWA session without being required to re-authenticate. The active session can easily be restored by anyone using the computer by simply pressing the back button. Even with RSA or ISA Server installed, this security vulnerability exists. NavGuard’s friendly prompt alerts the user to the potential exposure and provides the option to either logoff before continuing to another page or return to the active OWA session.

NavGuard can be configured by the Exchange Systems Administrator to apply different security policies based on criteria such as logon ID or Security Group membership, IP address and Corporate Device Recognition. For example, NavGuard could be turned on for users on a public machine at an airport kiosk and turned off for a user on a company-secured desktop computer in the corporate office.

NavGuard works with other perimeter based security systems such as ISA and RSA two factor authentication to offer total protection for OWA users.