|< Day Day Up >|| |
In this exercise, you will read a scenario about a company's challenge with protecting e-mail communications and then answer the questions that follow. The questions are intended to reinforce key information presented in this chapter. If you are unable to answer a question, review the lessons and try the question again. You can find answers to the questions in the 'Questions and Answers' section at the end of this chapter.
A couple of months ago, a systems administrator was fired when he was caught reading one of the executive's e-mail messages. He bought and sold some stock based on the inside information contained in memos within the executive's mailbox, collecting a healthy but illegal profit. He didn't sell enough shares to attract the US Securities and Exchange Commission's attention, and he might have gotten away with it if he hadn't bragged loudly in your company's cafeteria about his antics.
You were asked to explain why he had access to the executive's e-mail, and you determined that it wasn't simply an abuse of administrative privileges. Authorization to your messaging infrastructure had been carefully restricted, and the systems administrator's user account did not have access to the executive's e-mail account.
Fortunately, the team that provides your organization's physical security has had previous experience with questioning employees who have breached the organization's ethical standards. After they explained that they would need to rely on the judicial system if he didn't cooperate, your former coworker quickly confessed that he had gathered the executive's e-mail password by using a sniffer. Specifically, he had run Network Monitor on your mail server and extracted the e-mail password from the captured network communications.
Most of the client computers in your organization are members of an Active Directory domain, though there are a handful of computers that have not joined a domain because they are managed by the users themselves. Microsoft Outlook is your organization's standard mail client, but many users use other mail clients, including non- Microsoft mail clients and some rather obscure clients built into mobile devices, such as two-way pagers. You use Microsoft Exchange Server as your mail server.
How can you prevent internal employees from capturing other employees' passwords in the future?
Which of the built-in IPSec policies would you assign to the mail server?
Will you use Kerberos, certificates, or a preshared key to authenticate the IPSec connections?
Besides IPSec, what measures can you take to reduce the risk of an attacker capturing network communications and misusing that information?
|< Day Day Up >|| |