General discussion

  • Creator
    Topic
  • #2329142

    Outlook 2000 Security

    Locked

    by pintob ·

    My company is using Outlook 2000 as the primary emailer. We are on a Windows 2000 server which is located offsite. There has been some discussion that information from some confidential emails is being leaked out slowly. Is there a possible vulnerability in Outlook 2000 that would allow someone to access an email account through a computer other than the individuals computer?

All Comments

  • Author
    Replies
    • #3485249

      Outlook 2000 Security

      by timwalsh ·

      In reply to Outlook 2000 Security

      Possibilities:

      1. You can set up an email profile on ANY number of computers for a given user. If someone else knows a specific user’s email account ID and password, that account is obviously vulnerable. You would never know if someone else was reading your email if your password has been compromised.

      2. Who controls the mail server? Is it an internal email server or is your email being hosted by an ISP? An unscrupulous email administrator is always a security risk. And someone with administrator privileges would probably be able to read any email sitting on the server.

      3. Are you using Internet email or are you connected to an Exchange server? If you are using Internet email, since all email is saved in a user’s .pst file on a specific computer, the vulnerability exists only on incoming email that is new since the “intruder” established his “connection”. The “intruder” would not be able to see any outgoing email. If you are using Exchange, and all mail is saved on the Exchange server (vs. individual .pst files), an “intruder” (or unscrupulous administrator) would be able to see EVERYTHING (incoming, outgoing (through the Sent Mail folder), and any saved emails).

      There isn’t much you can do about an unscupulous administrator unless you can catch him in the act unless you start encrypting sensitive email. You can do this by either using the built-in encryption capabilities of Outlook (but which requires you to acquire a certificate from a valid Certificate Authority (such as Verisign), or by using third-party encryption software such as PGP (which unfortunately is no longer being supported or sold by Network Associates).

      You can do things about compromised passwords. Change them on a regularbasis. Make sure they are strong passwords. Don’t share passwords.

      These vulnerabilities are not endemic to either Outlook or Exchange but really are of a general nature.

      • #3485243

        Outlook 2000 Security

        by pintob ·

        In reply to Outlook 2000 Security

        This backs up what I thought, and gives me additional support in my effort to convince the bosses we need to be more cautious in the way we treat our system. Thanks for the help!

    • #3485242

      Outlook 2000 Security

      by pintob ·

      In reply to Outlook 2000 Security

      This question was closed by the author

Viewing 1 reply thread