A couple of previous corporate situations in France and Japan highlight the importance for companies to implement archiving systems. Email is the primary communication source for companies being able to track historical information. With both the Kerviel-Société Générale and Livedoor scandals, employee email and instant message archived records were critical to the companies as the scandals unfolded. This included executive communications, as well.

Both situations are reminders that these days electronic messages are a constant way of life for all business professionals. For company self preservation, it is important to keep track of commitments employees have made or have not been making on behalf of the organization. This is where archiving systems facilitate in maintaining message communications, while protecting a company’s business  interests.  As innovative new technologies, like the iPhone, move messaging outside the constraints of the traditional corporate IT infrastructure, an organization must strive to capture all instances of employees’ business related messages. This requires that archiving be taken out of employee’s hands.

Continue reading Archiving is Insurance against eBlackmail

Authentication of message integrity ensures no one has tampered with the message or modified its content. When authentication is requested, the Message Queuing runtime digitally signs the message when it is sent. Then the destination queue manager verifies the digital signature before it places the message in the destination queue. Once message integrity is established, Message Queuing verifies who sent the message.

The Authentication & Online Trust Alliance (AOTA) was established to create a trusted global online ecosystem and foster the elimination of email and internet fraud, abuse and cybercrime. OTA’s main goal is to  enhance trust, confidence and the protection of businesses and consumers.  Through their member companies, chapters and organization affiliates, AOTA represents over one million businesses and 500 million users worldwide.

To make good on its mission, the AOTA published the “Authentication Directory“.   This directory is a resource to assist companies in locating and working with companies that support leading forms of email and domain authentication.  While such authentication alone is not a silver bullet to counter online fraud and email abuse, it is a recommended best practice for all companies and email marketers.  Companies listed in the directory include mutual collaboration with Microsoft, AOL, Comcast, Netzero, Earthlink, Gmail etc.

Continue reading Is this email authentic?

“Honeypots: Tracking Hackers“  is a solid primer to this very necessary technology, which becomes a powerful teaching tool.  It starts with a basic explanation of honeypots and the different trapping roles they can play.  The book moves on to deeper explorations of six kinds of real world honeypot configurations, which include Back Officer Friendly, Specter, HoneyD, Mantrap, Homemade Honeypots and Honeynets.

What really makes this book thorough is a chapter focused on legal issues surrounding honeypot use. Three legal experts actually contributed to this section of the book. Crucial areas covered are entrapment, privacy and organizational liability. The book leaves no stone unturned by covering the Fourth Amendment, the Electronic Communications Privacy Act, the Wiretap Act, and the Pen Trap Statute. All these important areas are covered from the angle of how each relates to implementations of honeypots.

This book is definitely aimed at many levels of honeypot knowledge, from beginner to advanced technologists.  With this book you will gain an understanding of honeypot concepts and architecture, as well as the skills to deploy the best honeypot solutions for your environment. You will arm yourself with the expertise needed to track attackers and learn about them on your own.  In addition to technology staff, security professionals, researchers, law enforcement agents, and members of the intelligence and military communities will find this book indispensable.

Lance Spitzner spends quite a bit of time, in several chapters, to cover honeypot maintenance and how to interpret the data analysis being captured. Spitzner places a decent amount of emphasis to point out that honeypots are not just one time setups that you throw out on to your network and wait for the arrival of attackers. Honepots require constant monitoring  and must be properly maintained.  Otherwise, a honeypot only provides a firm grip on an empty learning sack with no real education being accomplished. “Honeypots: Tracking Hackers” is a very timely and informative reference guide for all email administrators to keep within easy reach.

The benefits associated with archiving Microsoft Exchange email and associated data, creates many cost effective solutions. Archiving facilitates government regulatory or civil litigation searches for ediscovery requests. It also allows for more complete archive journaling, and provides storage benefits for both mailbox growth and the various storage devices that can be utilized.

Although lowering storage reduction costs is a common denominator for email archiving, compliance requirements are moving more companies to implementing archiving strategies. Depending on the motivation factors, cost savings on storage are subject to interpretation by different people.  For some people, compressing email could reduce licensing, as well as storage hardware costs.  For others it may mean creating a mailbox for end users, which has virtually unlimited space.

Continue reading Archive Stubbing Techniques Not Recommended

Although we take email for granted, the use of email can easily get out of control for administrators. People rarely walk down to another office to have a discussion or idea exchange.  Writing an email that can be sent to multiple people with attachments slowly uses up massive amounts of hard disk space.

For any organization, this massive storage usage creeps up.  Savvy administrators keep an eye on these behind-the-scene scenarios that create this creeping storage nightmare:

• People are trying to maintain their position by copying everybody who’s anybody, which duplicates emails.
• People have that “pack rat” mentality and keep years worth of emails within folders. This includes the document attachments.
• Email box quotas attempt to manage disk space, but many staff find a way to circumvent this process to get approval to have their quota increased.
• The IT department gets tagged for managing high I/O hardware processing, whiling balancing backup storage costs.
• Let’s not forget the IT department’s added burden of trying to control bulging email data stores.

Continue reading Tips for controlling your archive storage system

Maybe your email archiving and retention project is far off down the road, so in the interim period now might be a good time to organize email folders on your Exchange 2007 server. While you’re waiting or planning an archiving strategy, you can leverage the new features of Exchange Server 2007. The “managed folders” feature allows setting email limitations and retention rules. How about being able to prevent email users from storing messages in their Inbox longer than a specified time period? This feature can also be used to make sure messages in other locations are retained for a certain period of time.

Other options with Exchange 2007 server allow for controlling how messages related to a particular topic are retained for a specific amount of time. You will need to combine managed folder capabilities with other Exchange 2007 email tools, such as transport rules, quota limits, and defining public folders to create an automated retention process.  You can also set email archiving rules.

Continue reading Exchange as a Temporary Archive Solution

Started in 2005, the Electronic Discovery Reference Model (EDRM) Project was created to address the lack of standards and guidelines in the electronic discovery market.  EDRM is a great reference tool to develop guidelines and standards for ediscovery consumers and service providers.  EDRM helps reduce the cost, time and manual work associated with ediscovery.

Referencing the  accompanying EDRM diagram on their web site, the 8 areas lay out a structured foundation for facilitating the implementation of an archiving software solution.  This makes life easier with providing all the players standard guidelines, as part of the archiving and information retrieval process related to legal and government requests.

We will cover a cursory overview of EDRM.

Information Management
Getting your electronic house in order to mitigate risk and expenses should electronic discovery become an issue. This covers the initial creation of electronically stored information all the way through its final disposition.

Identification
This refers to the process of learning the location of all data which a company has a duty to preserve and potentially disclose in an upcoming  legal proceeding.

Preservation
Preservation for electronic discovery has become a complicated, multi-faceted, steadily-changing concept in recent years.  Certain suggested standards and guidelines have been emerging to provide checklists for those preparing to respond to electronic requests for production.

Collection
The acquisition of electronic information, which is  tagged as potentially relevant in the identification phase. Continue reading EDRM Guides Archive Strategy

No matter how email users may complain, friendly reminders regarding email security protecting company information assets are part of the ongoing education process.  Email users quickly forget that the company owns the information within each email account. The email system is owned by the company, not the email user. This also implies that it’s up to each person to ensure that their email account is always secure. People lazily create passwords that are familiar and easy to hack.

Email administrators are the gate keepers to ensure email accounts are kept secure.  Sometimes this requires setting up secure procedures, which appear to be an inconvenience to the end user community. So forcing 8 character passwords, instead 6 character passwords can make all the difference.  The inconvenience is minimal compared to thwarting password dictionary attacks or brute force attacks.

Raising the security wall also calls for insisting people use pass phrases, rather than passwords.  Choosing a simple password typically makes a dictionary attack easier for the account hacker.  People take the path of least resistance by selecting names of pets, kids, spouses, birthdays, house address or basically something that ends up being an extremely poor password choice.

Continue reading Raising the Security Wall Higher

Before the email archiving software selection process starts or any implementation meetings begin, something more important must occur first.  Quite a few questions regarding email retention policy must be answered.  This is a difficult, but very necessary process. It will be time well spent, while making the implementation of an archiving solution much smoother.

What are the company’s current document retention policies? If there aren’t any policies, now is the time to establish how long and how far back email documents should be stored for immediate retrieval.  If there are established retention policies, a review of what works and what doesn’t is required. Does anything need to be modified?  Are policies that worked previously, appropriate for the current business climate?

Other driving factors that dictate retention policy is regulatory and eDiscovery requirements. Depending on a company’s industry, Sarbanes-Oxley will impact decisions for document retention periods. So a review of how the company currently handles these requirements must be performed.

Now is the time to review current manual or semi-automated retention procedures. This allows for early adjustments and modifications. If current retention and retrieval processes are outdated or inefficient, an archiving solution will only automate the same ineffectiveness.

Continue reading What is Our Email Retention Policy?

One reason organizations implement honeypots is to identify malicious botnets.  A honeypot, which is a fake network, is designed to attract and analyze botnet activity. In order for the honeypots to educate us with data, we need to develop a better understanding of how botnets achieve their missions. Let’s review potential activities performed by some of the various types of botnets.

1. Distributing Malware
Many times botnets are used to quickly distribute new bots on open networks. For our botnet friends this is actually not very hard to accomplish. The reason this is easy is due to bots being able to potentially implement scripts for downloading and executing any file via HTTP or FTP. This is exactly how email viruses are spread using a replicating botnet. In a very short period of time a self replicating botnet can hook into 10,000 computer hosts. This sets up a staging platform for exponentially spreading a mail virus around the world, in a very short period of time.

Continue reading 5 Lessons that Botnets teach Honeypots