RE: Exchange <--> Outlook Monitoring

["Sarbjit Singh Gill" <ssgill () gilltechnologies com>]

OUTLOOK <---> Exchange comms is in MAPI i.e rpc and not SMTP.  

> -----Original Message-----
> From: Eric McCarty [mailto:eric () piteduncan com] 
> Sent: Saturday, January 29, 2005 3:28 AM
> To: Doll, Josh; security-basics () securityfocus com
> Subject: RE: Exchange <--> Outlook Monitoring
>
> Since SMTP is plain text it can be pulled off the wire @ the 
> gateway, if your patient enough to use ethereal w/a filter 
> you can pull all SMTP from a certain IP. Or you can use a 
> graphical IDS like the Etrust product which isn't free but 
> provides an easier and cleaner interface for such things. 
>
> E.
>
> -----Original Message-----
> From: Doll, Josh [mailto:Doll () pbworld com]
> Sent: Friday, January 28, 2005 8:27 AM
> To: security-basics () securityfocus com
> Subject: Exchange <--> Outlook Monitoring
>
> Is there any effective way of capturing exchange / outlook 
> data from a 3rd party machine?  We have a number of sub 
> consultants with email access from our company, who's email 
> needs to be monitored / archived for breech of contract and 
> sharing of company secrets.  Problem is, we don't maintain 
> our exchange server here in this office, and the office that 
> does is unwilling to cooperate in this matter (Read: upper 
> management catfight).  Therefore we need a way to ensure that 
> what they send and receive is legit.  It is a relatively 
> small number of users
> (~5) that are still on our LAN that need to be monitored, the 
> rest have been moved to another subnet without company email. 
>
> My understanding is that it is nowhere near as easy to 
> capture these emails when it is an exchange environment vs.. 
> the options available when using POP or others.
>
> Any help, or nudges in the right direction would be helpful.
>
> C. Josh Doll
> Network Administrator - Houston
> Parsons Brinckerhoff