Email, one the greatest innovations in communication since the telephone. One could even argue that it is the most important. The ability to have a conversation (albeit in electronic format), send vast quantities of data, and involve an unlimited number of recipients is the backbone of modern business.
With each iteration, Exchange gets more and more security features. Litigation hold and classification are good examples of this. However, as useful as they are, they don’t address the most basic security risk of all – the simple act of logging into a mailbox. Specifically, logging into someone else’s mailbox – a Non-Owner Mailbox Logon.
A mailbox is an object in an Exchange Database. That object can be looked at as a container of other objects, which in themselves can contain other objects.
When you look at what those ‘objects’ are, you can see that a mailbox is not simply just an ‘inbox’. It’s a document repository that gets larger every day. That said, mailbox limits are almost redundant these days with storage medium being so cheap.
No longer does a user have to clean out their mailbox on a regular basis when they can store gigabytes of data with no problems. It’s also an appealing option as that data is always there, on the desktop, laptop, mobile device, and web. All of this begs the question: Why wouldn’t a user keep all of their emails with attachments in their mailbox?
And therein lies the risk.
From a permission model standpoint, a mailbox is more secure, however, a mailbox has a purpose built transport mechanism. The Exchange platform is designed for sending data. Traditional file systems have no transport mechanism.
A few simple clicks and data can be sent to an unlimited amount of recipients, globally.
That data could be an email containing classified data, PID, R&D, financial data.
It’s not all bad though. At least a mailbox is not publicly available like a file share. Only a restricted set of people can access a mailbox:
There are two approaches to this: Auditing and blocking.
Auditing is a heavy duty process, both in terms of resources required for auditing in Exchange and the sheer volume of events created. Use best practice with any form of auditing and if possible, only target what you really need to see. In this instance does anyone really care if a person logs on to their own mailbox?
This leads us on to ‘object level auditing in an Exchange Mailbox’. Watch this space for future blogs on the subject.
Mark Wilson is a Director of Product Management at STEALTHbits Technologies.
He is lead Pre-Sales consultant in the EMEA region and a key member of the global Product Marketing team.
Mark has 18 years’ experience working in virtually all technical support and consulting roles across both public and private sectors in the UK, EMEA and Globally.
Areas of specialism include compliance, data governance, IAM, migrations and consolidations.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.
Read more© 2022 Stealthbits Technologies, Inc.
Leave a Reply