Microsoft Exchange Server is a widely used email server that is used with all versions of Microsoft's Outlook, Entourage, IMAP, and POP3 clients. It is also used to host Microsoft's Office 365 cloud offering.
Questions tagged [exchange]
78 questions
18
votes
2 answers
Is there an SSL / TLS Certificate state-cache on Windows, IE, and Outlook and how it it managed?
Today I changed the SSL certificate that 3,000+ Outlook clients are using. In doing this I changed the certificate to an "older" one that had the same subject name, expiration and everything else. Only the thumbprint and one SAN name changed. …
makerofthings7
- 50,090
- 54
- 250
- 536
9
votes
3 answers
To DMZ, or not to DMZ
So for an assignment, we need to create a scheme (and eventually also the set-up) of a couple of servers in a network.
The 'networks' are:
Internal network
DMZ
The internet
And the servers we need to place are the following:
DNS Server
Active…
voluminat0
- 193
- 1
- 1
- 6
8
votes
2 answers
Do any Exchange hardening guidelines recommend disabling OWA Webready? Should they?
For the fourth time in over a year, Exchange OWA has put our internal network at risk due to a remote code execution flaw that exists on the server runtime. This risk is compounded by the fact Microsoft won't support OWA in the DMZ.
The issue has…
makerofthings7
- 50,090
- 54
- 250
- 536
7
votes
3 answers
Is it possible for a phishing link to install a major virus on a Mac?
My girlfriend recently had her university MS Exchange account hacked. The attacker took over her email account and started using it to send thousands of spam emails. After a while, her email account must've hit some kind of limit, and the university…
Joseph Humfrey
- 173
- 1
- 1
- 6
6
votes
1 answer
What are concerns with storing passwords in a restricted public folder on exchange?
Is it safe to store data such as account log-in information (for vendor websites, not administrative accounts), settings policies, activation documentation, and operating system keys in a public folder on microsoft exchange and setting the…
Jeff
- 509
- 1
- 4
- 8
5
votes
4 answers
Exchange 2013 blocks txt file attachments - are there security reasons?
My Exchange Admin is setting up 2013, and it is set to block txt file attachments specifically (as well as others).
I have tried searching for risks associated with txt attachments but could not find any. Are there any risks I need to be aware of…
schroeder
- 123,438
- 55
- 284
- 319
5
votes
4 answers
Non-repudiation in Exchange/Outlook without Digital Signatures
Scenario: Acme Corp. needs to collect evidence to support their side of a case in court. Part of this evidence may include e-mail messages. Certain employees who do not have administrative access to the e-mail server, but may have administrative…
Iszi
- 26,997
- 18
- 98
- 163
5
votes
3 answers
Allow a PA to see a director's emails, but keep some emails private
We have a problem with email potentially being viewed by directors PAs, which we need to protect, the situation is as follows:
Director A wants to send an email to Director B, both director A and director B have PAs, who we will call PA A and PA…
Barry Scott
- 51
- 2
5
votes
3 answers
Outlook rule to forward all emails - is that a common scam?
Recently we had a security problem. One email account which is based on MS Exchange 365 was hacked and the hacker forwarded all emails per rule to a Gmail account.
I checked all relevant PCs and I didn't find any viruses. And I changed the…
Edgar
- 161
- 6
5
votes
1 answer
What is the security impact of changing PowerShell's PSLanguageMode?
A vendor is asking me to change the PSLanguageMode from within IIS on my Exchange server(s).
What potential vulnerabilities am I opening myself up to?
I'm surprised to see this option present within IIS. What other locations can I set…
makerofthings7
- 50,090
- 54
- 250
- 536
5
votes
1 answer
Should I have special emoticon handling for compliance, audit and logging?
I'm required to audit various communications (email, sms, messenger, social media) for keywords relating to financial data, HIPPA, and other PII.
Is there any rational reason I should extend my current audit log support to also index (perhaps as a…
makerofthings7
- 50,090
- 54
- 250
- 536
4
votes
1 answer
Understanding Shake on IT key exchange
Shot paper
I am reading a paper about key exchange and trying to understand the protocol described in Figure 4 on page 6 in the above paper. I understand the majority of the notation but am having a hard time understanding steps 7 and 11.
It states…
Future
- 43
- 2
4
votes
1 answer
How to Audit an Email System
I am working on an auditing process for my company's email system (Exchange 2010). From this process, we're hoping to expand it out to other systems and start to clean up the rampant security issues we have (my place of employment neglected…
Tchotchke
- 151
- 4
4
votes
1 answer
How much does TLS version matter when using the same cipher suite?
I recently observed that Exchange Online has switched to a lower version of TLS protocol. Emails from Exchange Online to Gmail and other Office 365 tenants are now sent over TLS 1.0 instead of TLS 1.2, albeit with the same cipher suites…
ȷ̇c
- 174
- 6
3
votes
2 answers
What are the privacy and infosec risks with Apple Watches and Android Wear?
From what I can tell, Apple Watch apps act like a remote control to a nearby iPhone using Bluetooth or BLE.
Conversely Android watches have the ability to run full applications, and therefore have a local storage component.
Some regulations…
makerofthings7
- 50,090
- 54
- 250
- 536