Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: MS Exchange

from [Miha Pihler] Network Security [Permanent Link]
Subject: RE: MS Exchange
Date: Sun, 30 Jul 2006 11:27:20 +0200 
True, this will only work on RMS Enabled applications which include
Office applications (Outlook, Word, Excel, PowerPoint ...), Visio, IE,
Acrobat Reader with 3rd party add-on. There are some others planed for
next version of RMS.

Also true that if you receive RMS protected document you don't have to
play with my RMS policy -- but in this case you are left with encrypted
file if it helps you... ;-)

The owner of data or e-mail sender must set what actions are allowed on
e-mail/document (e.g. who can open it, can it be printed, can it be
forwarded, what are time limits on the document), before sending e-mail
or document out...
What I like about this is if someone who is allowed to forward e-mails
sends it out of organization either by mistake or intentionally the
recipient still won't be allowed to open it since the data owner didn't
add him as someone who can open the e-mail or document. 

Or course if data owner forgets to set RMS permissions before sending
e-mail or document everyone will be able to read, forward and print this
document/e-mail.

Mike

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com] 
Sent: Sunday, July 30, 2006 2:04 AM
To: Miha Pihler; Kirby Boteler; Steveb@tshore.com; Focus-MS
Subject: Re: MS Exchange

On in RMS-Enabled applications.  If I don't want to "play" with your RMS
policy, I don't have to.  If the RMS policy allows the email to leave
your RMS protected infrastructure and it makes it to my SMTP server, I
can do whatever I want with it from there.

t


On 7/29/06 4:14 PM, "Miha Pihler" <Miha.Pihler@snt.si> spoketh to all:


Yes. Once the e-mail is out of the network the recipient has to check 
in with RMS server which is still in your network. RMS server will ask



for e.g. username and password and if the person authenticates 
successfully and is in the right group it will allow the e-mail to be 
opened (e-mail is actually encrypted IIRC so when you authenticate you



get a private key that will allow you to decrypt the e-mail).

This way you can revoke access to the e-mail or document at any time 
unless you allow credentials to be cached which is configurable. You 
might want to allow cached credentials to allow opening of a document 
while offline. If you don't allow caching of credentials - client will



be required to contact RMS server any time he or she wants to open an 
e-mail or document.
You can also limit access to the document by date. After certain date 
access to the document is no longer available.

Mike

-----Original Message-----
From: Kirby Boteler [mailto:Kirby.Boteler@waggonereng.com]
Sent: Sunday, July 30, 2006 1:03 AM
To: Miha Pihler; Steveb@tshore.com; thor@hammerofgod.com; 
focus-ms@securityfocus.com
Subject: RE: MS Exchange

Even after the email makes it outside of our network, so someone that 
accesses it from a different non-windows based application? i.e.
mac/unix/et al

________________________________

From: Miha Pihler [mailto:Miha.Pihler@snt.si]
Sent: Sat 7/29/2006 6:00 PM
To: Kirby Boteler; Steveb@tshore.com; thor@hammerofgod.com; 
focus-ms@securityfocus.com
Subject: RE: MS Exchange



Hi,

Windows Rights Management Services can do that. It can prevent 
forwarding, printing, etc. of e-mails and documents.

Even if e.g. e-mail got out somehow only users with read permissions 
will be able to open the e-mail...

You can find more info here:
Windows Rights Management Services
http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/def
au
lt.mspx

Mike

-----Original Message-----
From: Kirby Boteler [mailto:Kirby.Boteler@waggonereng.com]
Sent: Saturday, July 29, 2006 11:41 PM
To: Steveb@tshore.com; thor@hammerofgod.com; 
focus-ms@securityfocus.com
Subject: RE: MS Exchange

In this regard, do you guys know of any software available that will 
restrict a recipient from forwarding an email? Is this possible?

________________________________

From: Steveb@tshore.com [mailto:Steveb@tshore.com]
Sent: Fri 7/28/2006 2:04 PM
To: thor@hammerofgod.com; focus-ms@securityfocus.com
Subject: RE: MS Exchange



I agree with Thor on this one.  It's a waste of time putting those 
"legal disclaimers" on your emails.  If you are afraid that an 
unintended recipient may see the email, then it's in your best 
interest not to send it.

The only way that something like this would be legally binding is if 
the email is encrypted and the recipient must accept that agreement 
before decrypting the contents.

The way that it's used today is much the same as blurting out phrases 
in a crowded supermarket and then afterwards, telling everyone around 
that they can't listen to what you just told them or repeat it in any 
way or you'll bring legal action against them.  How crazy is that?!

Whoever puts these things on their emails are surely not thinking the 
logic through enough.

Thank you,

Steve Bostedor
Bozteck President
http://www.bozteck.com



-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: Friday, July 28, 2006 1:36 PM
To: Focus-MS
Subject: Re: MS Exchange


Just as a matter of curiosity, does anyone have any *real* examples of



where those annoying "legal disclaimers" have provided any actual 
legal protection or any evidentiary value?

Most of the ones I've seen are insipidly stupid, saying things like 
"if you have received this email in error, or are not the intended 
recipient, you may not view, forward, print, or do anything for that 
matter."  Of course, you have to read the damn thing to get to the 
part where it says you can't read it. And who defines "intended

recipient?"

My server intended for me to get it, so I must be the intended 
recipient.  Or am I to be held legally liable for determining what the



intent of the original sender was?  It all seems like a colossal waste



of time to me.

t


On 7/28/06 6:51 AM, "Tupker, Mike" <mtupker@mtmercy.edu> spoketh to

all:



I've been looking into this a little as well. The cheapest way to do 
it that I've found, if you are using exchange, is with an SMTP event

sink.

Many spam filters that I've seen have the ability to append text to 
emails as well. The only one that I can think of off hand is GFI Mail



Essentials. http://gfi.com/mes/

I'm not sure if these would allow you to pull info from AD though. I 
hope this helps a little.


Mike Tupker

-----Original Message-----
From: dave kleiman [mailto:dave@davekleiman.com]
Sent: Thursday, July 27, 2006 4:48 PM
To: focus-ms@securityfocus.com
Subject: MS Exchange


Can anyone recommend a auto-signature application that adds 
signatures



to outgoing email and those annoying legal disclaimers?

It needs to black the user from making changes to the sig /

disclaimer.


Additionally, it needs to pull variables from AD (e.g. Organization, 
Title,
Department)

Most important, it needs to work! I have tried a couple and they 
crashed and burned, either the sig did not pull AD info properly or 
the user could override it.


Respectfully,

Dave Kleiman


---------------------------------------------------------------------
-
--
---
---------------------------------------------------------------------
-
--
---


---------------------------------------------------------------------
-
-----
---------------------------------------------------------------------
-
-----







----------------------------------------------------------------------
--
---
----------------------------------------------------------------------
--
---



----------------------------------------------------------------------
--
---
----------------------------------------------------------------------
--
---




----------------------------------------------------------------------
--
---
----------------------------------------------------------------------
--
---









---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Impact of removing administrative rights in an enterprise running XP, Fabian Wenk
Next by Date:  Re: MS Exchange, Thor (Hammer of God)
Previous by Thread:  RE: MS Exchange, Jason Wieland
Next by Thread:  Re: MS Exchange, Thor (Hammer of God)
Indexes:  [Date] [Thread] [Top] [All Lists]