Security Basics mailing list archives
RE: Exchange <--> Outlook Monitoring
From: "Jeff Gercken" <JeffG () kizan com>
Date: Mon, 21 Feb 2005 14:21:15 -0500
If you have the authority to intercept their mail you can just connect to the exchange server and mount their mailbox. If you are not officially sanctioned/authorized you'll probably be violating your company's security policy. Your actions need to be legit as well as theirs otherwise if you do find something as much attention will be on you as on them. Been there, done that, not going there again. If you insist on working in the grey, you might try nabbing their credentials by shoulder surfing, keylogging, etc. This would probably be easier than sniffing and decrypting the mapi traffic, or mitm. -jeff -----Original Message----- From: Steve Gan [mailto:SGan () keysys com] Sent: Monday, January 31, 2005 8:52 PM To: Doll, Josh; security-basics () securityfocus com Subject: RE: Exchange <--> Outlook Monitoring There are 2 solutions from GFI that will allow you to easily audit email communications. The solutions allows you to easily fulfill regulatory requirements (such as the Sarbanes-Oxley Act) and provide users with easy, centralized access to past email via a web-based search interface. If the subcon uses your exchange server for email access, then you can use the MailArchiver for Exchange product. If you use a firewall that could redirect all SMTP traffic to a designated SMTP gateway, then you might be able to use the Mail Monitoring and/or Mail Archiving feature of MailEssentials for Exchange/SMTP. Hope this helps. Steve Gan KEYSYS INC Phone: +63 (2) 920-8476 to 77 Fax: +63 (2) 920-8533 Mobile: +63 (917) 816-8476 Email: sgan () keysys com Website: http://www.keysys.com/ -----Original Message----- From: Doll, Josh [mailto:Doll () pbworld com] Sent: Friday, January 28, 2005 9:27 AM To: security-basics () securityfocus com Subject: Exchange <--> Outlook Monitoring Is there any effective way of capturing exchange / outlook data from a 3rd party machine? We have a number of sub consultants with email access from our company, who's email needs to be monitored / archived for breech of contract and sharing of company secrets. Problem is, we don't maintain our exchange server here in this office, and the office that does is unwilling to cooperate in this matter (Read: upper management catfight). Therefore we need a way to ensure that what they send and receive is legit. It is a relatively small number of users (~5) that are still on our LAN that need to be monitored, the rest have been moved to another subnet without company email. My understanding is that it is nowhere near as easy to capture these emails when it is an exchange environment vs.. the options available when using POP or others. Any help, or nudges in the right direction would be helpful. C. Josh Doll Network Administrator - Houston Parsons Brinckerhoff ----------------------------------------------------------------- KEYSYS INC This communication is confidential and intended only for the use of the individual(s) to whom it is addressed. The information contained in it may be the subject of professional privilege or protected from disclosure for other reasons. If you are not the intended addressee, please delete it, notify the sender, and do not disclose or reproduce any part of it without specific consent. This mail was content checked for malicious code and viruses by MailSecurity. MailSecurity provides email content checking, exploit detection and anti-virus for Exchange. Spam, viruses, dangerous attachments & offensive content are removed automatically. Key features include: . Multiple virus engines; . Email content & attachment checking; . Exploit shield - email intrusion detection & defence; . Email threats engine - analyses & defuses HTML scripts, .exe files & more. In addition to MailSecurity, GFI also produces the FAXmaker fax server & LANguard network security product ranges. For more information on our products, please visit http://www.keysys.com. This disclaimer was sent by Mail essentials for Exchange/SMTP -----------------------------------------------------------------
Current thread:
- RE: Exchange <--> Outlook Monitoring Steve Gan (Feb 01)
- <Possible follow-ups>
- RE: Exchange <--> Outlook Monitoring Jeff Gercken (Feb 24)