Last week we highlighted the exposures that exist with attachments in Outlook Web. This week we look at protecting Outlook Web from Denial of Service and Brute Force Attacks. Depending upon how you have configured Outlook Web Access (OWA) and Active Directory, you will be opening your network up to either brute force attacks or denial of service attacks. This is an either/or decision for most organizations as it is difficult in native OWA to choose to protect against both at the same time. The reason for this is that OWA and the Active Directory are both governed by the same account lockout policy settings.