Home > Ask the Microsoft Exchange Experts > Richard Luckett: Spam and Security Questions & Answers > Securing Exchange mailboxes from internal attacks
Ask The Exchange Expert: Questions & Answers
EMAIL THIS

Securing Exchange mailboxes from internal attacks

Richard Luckett EXPERT RESPONSE FROM: Richard Luckett

Pose a Question
Other Exchange Categories
Meet all Exchange Experts
Become an Expert for this site


Exchange Server tips, tutorials and expert advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 15 November 2005
How do I secure Exchange 2000 from internal attacks from valid users who might plan to check others' mailboxes? Can password guessing attempts be traced to exact computer names, even if the password is tried against the Exchange login?

>
This is a great security question. If you have a small network environment, this will actually be pretty easy to do. If you have a more complex internal network that also allows wireless access, it may be a bit more difficult.

It is fairly easy to log the source IP address of a connection with network sniffing devices and the logs that are available on managed switches. Windows servers can be configured to audit object access so you can see when logon attempts occur.

You should set your password policies in the domain to lock accounts after a certain number of attempts. I recommend three attempts as a threshold. You should also configure the policy to reset the account after 15 minutes (less administrative overhead). This is the best practice for protecting yourself from dictionary attacks and password guessing.

Password guessing/dictionary attacks are really just one of many security issues you face as a Microsoft Exchange administrator. If you are very serious about protecting your Exchange servers from internal attacks, you might want to consider using an ISA server to control even internal access. ISA includes built-in intrusion detection settings that could also be beneficial to you.

For bonus reading, search the Internet for behavior-based intrusion detection systems. These systems learn your network behavior and then take actions when something like a dictionary attack begins -- like quarantining the source IP/MAC address.

Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:

  • Reference Center: Mailbox management
  • Reference Center: Password management


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



    RELATED CONTENT
    Richard Luckett: Spam and Security
    How effective is tracking the IP address of an email hacker?
    Why can't I grant users permissions to an Exchange public folder?
    How can I configure Exchange IMF to allow an IP address or DNS?
    Tool helps identify inbound Exchange Server email flow issues
    Configure SMTP relay restrictions in Exchange Server 2003 to stop spam
    How to lock down an SMTP relay to prevent spam in Exchange Server 2003
    Connecting an Apple iPhone to Exchange Server on Windows SBS 2003
    Why does a security alert pop up when accessing Outlook Web Access?
    Exchange email sent to a domain using SPF authentication is returned
    Selectively set email permissions for Exchange groups

    Microsoft Exchange Server Password Management
    Lock down direct file access and protect OWA users
    Configure a POP3 connector to receive external email on SBS 2003
    Manage user rights and access to Outlook Web Access (OWA) mailboxes
    Unsecured devices worry IT professionals
    Protecting Outlook Web Access from keystroke loggers
    Creating one password for both local and Microsoft Outlook user accounts
    'Error: Domain not available' after password change
    Multiple new Sober variants spy on passwords
    Password prompt when attempting to view a replicated public folder
    Third-party tools to crack Windows passwords

    Microsoft Exchange Server Mailbox Management
    Delivering email between Exchange server test and production domains
    Microsoft Outlook error message: 'Mailbox Size Limit exceeded'
    Restoring user accounts and mailbox links in Active Directory
    Problems receiving email from outside a Exchange Server 2003 domain
    Best practices for moving mailboxes in Exchange Server
    Exchange admins: Is it time to rethink your email address policy?
    Exchange Server 2003 collects email from only specific POP3 domains
    Troubleshoot 'System Attendant' error messages in OWA
    Relocating Outlook email messages on a hosted Exchange 2007 server
    Restore contacts from an Exchange public folder

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    bounce email  (SearchExchange.com)
    messaging server  (SearchExchange.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Outlook Web Access (OWA) Tips and Advice
    HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT Downloads
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2004 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts