Security Basics mailing list archives

Re: Exchange <--> Outlook Monitoring

From: "Steve" <securityfocus () delahunty com>
Date: Fri, 28 Jan 2005 17:10:54 -0500

Some related issues.

A challenge is how to ensure they are not using another email client to send
out such information.  Or USB drives, or burning CDs, etc.  But good to at
least monitor the contractor email, would want to do that anyway.

A word of caution, make sure your computer use policy notes that such
monitoring is acceptable.  These contractors may have a case against you if
not.  I always had contractors using our systems to sign our computer use
policy.



----- Original Message ----- 
From: "Eric McCarty" <eric () piteduncan com>
To: "Doll, Josh" <Doll () pbworld com>; <security-basics () securityfocus com>
Sent: Friday, January 28, 2005 2:28 PM
Subject: RE: Exchange <--> Outlook Monitoring


Since SMTP is plain text it can be pulled off the wire @ the gateway, if
your patient enough to use ethereal w/a filter you can pull all SMTP
from a certain IP. Or you can use a graphical IDS like the Etrust
product which isn't free but provides an easier and cleaner interface
for such things.

E.

-----Original Message-----
From: Doll, Josh [mailto:Doll () pbworld com]
Sent: Friday, January 28, 2005 8:27 AM
To: security-basics () securityfocus com
Subject: Exchange <--> Outlook Monitoring

Is there any effective way of capturing exchange / outlook data from a
3rd party machine?  We have a number of sub consultants with email
access from our company, who's email needs to be monitored / archived
for breech of contract and sharing of company secrets.  Problem is, we
don't maintain our exchange server here in this office, and the office
that does is unwilling to cooperate in this matter (Read: upper
management catfight).  Therefore we need a way to ensure that what they
send and receive is legit.  It is a relatively small number of users
(~5) that are still on our LAN that need to be monitored, the rest have
been moved to another subnet without company email.

My understanding is that it is nowhere near as easy to capture these
emails when it is an exchange environment vs.. the options available
when using POP or others.

Any help, or nudges in the right direction would be helpful.

C. Josh Doll
Network Administrator - Houston
Parsons Brinckerhoff

Current thread:

Exchange <--> Outlook Monitoring Doll, Josh (Jan 28)
- RE: Exchange <--> Outlook Monitoring Shawn Wall (Jan 31)
- <Possible follow-ups>
- RE: Exchange <--> Outlook Monitoring Eric McCarty (Jan 28)
  - Re: Exchange <--> Outlook Monitoring Presley, Steven (Jan 31)
  - RE: Exchange <--> Outlook Monitoring Sarbjit Singh Gill (Jan 31)
  - Re: Exchange <--> Outlook Monitoring Steve (Jan 31)
  - Some Few Doubts on IIS Vuln kaps lock (Jan 31)
- RE: Exchange <--> Outlook Monitoring Eric McCarty (Jan 31)
  - Re: Exchange <--> Outlook Monitoring Joe Hood (Jan 31)