Re: how to detect mailbox snooping?
From: Jason (Nospam_at_forme.thanks)
Date: 02/09/05
- Next message: .removethis,: "Re: Exchange Server removing stripping deleting X-header lines in some stores"
- Previous message: derlenbusch: "Re: How to add disclaimer"
- In reply to: Brandon Vogel: "how to detect mailbox snooping?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 9 Feb 2005 11:02:46 -0800
I havent had to do this, but this is what I would do. First, have the users
change their paswords. Make sure it is the users changing their passwords,
and not asking the admin to change it for them. (which I have seen, and
still dont understand). Then, I would monitor the mailboxes in question,
and make sure the admin doesnt add himself or herself to either of the
mailboxes. They could easily and quickly add themselves with full mailbox
access, then copy the mailbox down as a pst with xmerge then unadd
themselves. This way they could read the mail at their leisure. Or they
could just add themselves and then open the mailbox within their mail client
and just snoop around.
Of course, if they were smart about it, they wouldnt be using their own
account, and would be using a backup account or some other account to gain
access. The other thing you can do is monitor the admin's email and or
activity. There are many programs out there that can be installed and run
in stealh mode for monitoring everything that goes on a desktop.
But then again if they were smart they wouldnt be doing it at work, and
would be doing it remotely through VPN. However, then you can always check
the VPN logs and see who and what was logged on when.
Something else you could do is have one of the people not log into their
account, and then watch the last access and logon by, under the mailbox
store. You can look at logons under the mailbox store and check the admins
account and see what they are doing. I dont put much trust in this method
though, but it may help.
Most of the time, emails are snooped by weak passwords. Or by a user giving
out their password to an admin or someone else in the office to help with
something. Or for gods sake, have it on a sticky note taped to their monitor
or keyboard. As an admin, I never ask a user for their password. If I need
to do something and they are not around, I will set a default password and
gain access, then force a password change on the next logon, and instruct
the user I have done so.
As far as a quick way to do it, I do not know. Hopefully someone else will
be able to provide you with some easy and better solutions. But maybe
something I have mentioned above will help. I would also check with the
users and make sure that their converstations are behind closed doors. It
is easy to blame and admin, since you know they could have the access, but I
would assume that someone overheard something, or someone just speculated
correctly and got the rumor mill started.
"Brandon Vogel" <Brandon Vogel@discussions.microsoft.com> wrote in message
news:A8AC2C10-29C1-4AD3-801E-1C0EF4505BB9@microsoft.com...
> Hi - I have a situation where one of my clients think their exchange 2003
> admin or someone else is snooping into their inboxes. (Someone has been
> sharing information that was only known to two people e-mailing back and
> forth.)
>
> Anyone know a quick way to detect this? Is there an event log entry or
some
> other way to know that this is happening?
>
> I haven't looked at 2003 before, as I'm a 5.5 administrator, but any help
or
> links to articles or whatnot would be greatly appreciated.
- Next message: .removethis,: "Re: Exchange Server removing stripping deleting X-header lines in some stores"
- Previous message: derlenbusch: "Re: How to add disclaimer"
- In reply to: Brandon Vogel: "how to detect mailbox snooping?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
