Penetration Testing mailing list archives
Re: Risk of Redirecting Email.
From: dgonzalez () merituspayment com
Date: Sat, 4 Apr 2009 02:53:56 +0000
For the obvious already stated below, there is no reason why an employee who is no longer employed by a company should be allowed to have their company email redirected to a personal one. There are legal reasons that I'm not fully knwoledged on also. The only reason why would be if there was an extended consulting contract for the individual, but even so they would continue to use their company email. Regards. Sent on the Now Network� from my Sprint® BlackBerry -----Original Message----- From: Joshua Gimer <jgimer () gmail com> Date: Fri, 3 Apr 2009 10:06:08 To: M.D.Mufambisi<mufambisi () gmail com> Cc: <pen-test () securityfocus com> Subject: Re: Risk of Redirecting Email. On Tue, Mar 31, 2009 at 9:54 AM, M.D.Mufambisi <mufambisi () gmail com> wrote:
Hi people. I have seen on some clients of mine, that when an employee leaves the organisation, they request IT to redirect their emails to a particular email address....personal. What are the risks of this? I can only think of company information being directed to this individual....which could be bad if he/she has gone to work for a competitor. What other risks or security issues could this give rise to? Thanks. Munyaradzi Dumisani Mufambisi
I think that you are on the right track. You run the risk of trade secrets being leaked, insider information, PII, PHI, and so on. There are also some regulatory standards that prevent messages containing certain types of information from leaving the "trusted" network. In addition to this some also require that this information be encrypted in transit as well as at rest, which may be difficult to guarantee if you do not run the mail servers in which the messages will rest. -- Thx Joshua Gimer ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT. http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------
Current thread:
- Risk of Redirecting Email. M.D.Mufambisi (Apr 03)
- Re: Risk of Redirecting Email. Dotzero (Apr 03)
- Re: Risk of Redirecting Email. David Schekaiban (Apr 03)
- Re: Risk of Redirecting Email. Joshua Gimer (Apr 03)
- Re: Risk of Redirecting Email. dgonzalez (Apr 04)
- Re: Risk of Redirecting Email. Barry Archer (Apr 07)
- Re: Risk of Redirecting Email. dgonzalez (Apr 04)
- Re: Risk of Redirecting Email. Todd Haverkos (Apr 03)
- Re: Risk of Redirecting Email. JoePete (Apr 04)