General discussion

Locked

Outlook 2000 Security

By pintob ·
My company is using Outlook 2000 as the primary emailer. We are on a Windows 2000 server which is located offsite. There has been some discussion that information from some confidential emails is being leaked out slowly. Is there a possible vulnerability in Outlook 2000 that would allow someone to access an email account through a computer other than the individuals computer?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Outlook 2000 Security

by timwalsh In reply to Outlook 2000 Security

Possibilities:

1. You can set up an email profile on ANY number of computers for a given user. If someone else knows a specific user's email account ID and password, that account is obviously vulnerable. You would never know if someone else was reading your email if your password has been compromised.

2. Who controls the mail server? Is it an internal email server or is your email being hosted by an ISP? An unscrupulous email administrator is always a security risk. And someone with administrator privileges would probably be able to read any email sitting on the server.

3. Are you using Internet email or are you connected to an Exchange server? If you are using Internet email, since all email is saved in a user's .pst file on a specific computer, the vulnerability exists only on incoming email that is new since the "intruder" established his "connection". The "intruder" would not be able to see any outgoing email. If you are using Exchange, and all mail is saved on the Exchange server (vs. individual .pst files), an "intruder" (or unscrupulous administrator) would be able to see EVERYTHING (incoming, outgoing (through the Sent Mail folder), and any saved emails).

There isn't much you can do about an unscupulous administrator unless you can catch him in the act unless you start encrypting sensitive email. You can do this by either using the built-in encryption capabilities of Outlook (but which requires you to acquire a certificate from a valid Certificate Authority (such as Verisign), or by using third-party encryption software such as PGP (which unfortunately is no longer being supported or sold by Network Associates).

You can do things about compromised passwords. Change them on a regularbasis. Make sure they are strong passwords. Don't share passwords.

These vulnerabilities are not endemic to either Outlook or Exchange but really are of a general nature.

Collapse -

Outlook 2000 Security

by pintob In reply to Outlook 2000 Security

This backs up what I thought, and gives me additional support in my effort to convince the bosses we need to be more cautious in the way we treat our system. Thanks for the help!

Collapse -

Outlook 2000 Security

by pintob In reply to Outlook 2000 Security

This question was closed by the author

Back to Software Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums