Re: Exchange and untrusted Administrators
- From: "Mark Arnold [MVP]" <mark@xxxxxxxx>
- Date: Mon, 03 Dec 2007 21:04:06 -0500
On Tue, 04 Dec 2007 02:10:36 +0100, Rainer Duffner
<rainer@xxxxxxxxxxxxxxx> wrote:
Hello,
the company I work for has does Hosted Exchange.
They have been approached by another company suggesting to run their
Exchange-Setup (just a couple of users) on our Hosted infrastructure
for the simple reason that they don't trust their own administrators.
(We are based in and operate in a country that is generally perceived
as "Trusted" and "Discreet" by the world, the prospective customer is
from another country with slightly more corruption...).
Anyway, these people still want to have all their mail encrypted on
our servers so that nobody can recover it. Not even the administrators
here.
I must admit I know next to nothing about Exchange, but from what I
know, using a full backup it would be possible to restore the server
on another machine and extract mailboxes from it via some tools
(exmerge?) or just use a backup-software to restore single messages to
another mailbox (does that work?).
I would have proposed using PGP's Universal Email Gateway, maybe
operated by (different) trusted 3rd-party MSP - but I don't see if
they can also encrypt "local" mail.
Google doesn't really come up with useful links.
More suggestions anybody?
cheers,
Rainer
Impossible really. If you want a server recovering then someone has to
be able to restore it. Who is that person going to be? Anyone really,
you have to make the backups secure not by encrypting them necessarily
(although you should consider that) but by restricting access to them.
Then there's the issue of access to physical servers. One assumes
they're in some old RAF bunker somewhere in Northrein Westphalia or
such like controlled by no end of pass cards and pin numbers as well
as AD?
Then there's the most important access, that of some random admin in
some random location getting onto ADU&C (or whatever) and granting
themselves full mailbox access to the information. All the encryption
you can wish for in the store comes to absolutley nothing if someone
in AD is just going to wander straight in with perfectly valid
credentials.
So, that's just wrecked the whole idea of encryption for you. Not so,
really. Exchange 2007 and Outlook 2007 encrypt the data end to end and
traffic between Exchange 2007 servers is also encrypted. IPSec is also
used to secure and encrypt data between hosts.
Short answer is that encryption on its own is utterly pointless. Take
a holistic approach and remember that Level 8 (the user/admin) trumps
everything. Give him too much access or the ability to change things
and you might as well not have bothered doing anthing else.
.
- References:
- Exchange and untrusted Administrators
- From: Rainer Duffner
- Exchange and untrusted Administrators
- Prev by Date: Re: smtp smarthost on edge
- Next by Date: Re: smtp smarthost on edge
- Previous by thread: Exchange and untrusted Administrators
- Index(es):
Relevant Pages
|
