I asked the lawyers here that same question and havent gotten a response yet if it is required. If it isnt now, I imagine it will be very soon.
----- Original Message ----- From: "Ed Crowley" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Wednesday, January 15, 2003 11:50 PM Subject: RE: The SEC is killing me. > What are you doing about instant messaging? Don't you have to keep all > IM transactions as well? > > Ed Crowley MCSE+I MVP > Technical Consultant > hp Services > "There are seldom good technological solutions to behavioral problems." > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Dupler, Craig > Sent: Wednesday, January 15, 2003 6:34 PM > To: Exchange Discussions > Subject: RE: The SEC is killing me. > > > This will not help you with your SEC problem. It's just a musing and is > merely to suggest that no audit technique is fool proof. I think that > any system that you can design, a clever person can get around. > > Let me suggest a scenario from back in the days when I was working on > virus delivery techniques and counter measures. The key to this > particular "almost impossible to detect" nefarious message delivery > technique would be to send a message to an external mailbox that had a > client running against it with in-box rules enabled. The client could > parse the message and execute a script or even an external program that > would generate another message, which could be sent to any smtp address > (or in the case of a virus, do nefarious things on its own local > network). So let's say I send a one word message to my home mailbox > that says "hi." That could trigger a script that sends a message to > tell someone to sell. Another script triggered by "dinner tonight" > could trigger a script that generates the buy message. You get the idea. > The offending message itself can be as simple or complex but apparently > harmless cipher that you could imagine. It could even be embedded in a > pattern that looks like I'm sending a daily (or better yet, apparently > random and occasional) note commenting on tonight's menu, with an "if > message text contains" filter at the other end. A hindered word note > that contained the phrase "rare steak" could be the trigger. The "to" > address is not that of the ultimate recipient, and the instruction in a > form that you could detect is beyond the reach of your archives and > searches. There reality is, that you simply cannot filter for this sort > of thing in your archives. You can find someone that is being stupid or > careless, but not someone that is cunning and deliberate. > > The extent to which variations on this technique can be used is > frightening. Consider what a batch file on a DOS machine could do, in > terms of generating an Assembly language program by having VB Script > simply write stings from an Excel or Word document to a text file. The > VB Script does not even have to travel with the Office document, but can > simply be running on the machine on the receiving end. Such a trigger > can be hidden behind layer upon layer of isolating techniques. The > initial trigger instruction does not have to be sent via SMTP. A FAX to > something like a SatisFAXtion modem or a call to an IVR system listening > for a specific DMTF sequence that would not be recorded by your phone > system can do it. A web site can do it. Web mail to your home smtp > address can do it. A cellular call . . . You get the idea. Every link > will leave some tracks, but those tracks can be incomplete and look very > harmless. > > Back in the 80's before Microsoft Office became the dominant office > suite, there was a product called "Smartware" by a small company in > Lenexa, Kansas that was later purchased by Informix and destroyed. > Smartware had the equivalent of VBA in all of its modules, and it had a > communications module. The second version of the package even had PEEK > and POKE instructions. Imagine what you could do with that today in and > administrative security context on a Win2K machine in an Internet world. > > > Nedry (a transposition of "nerdy") is still out there. > > > -----Original Message----- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 15, 2003 4:45 PM > To: Exchange Discussions > Subject: Re: The SEC is killing me. > > > There are a number of archival solutions out there. Some of them are > listed at www.mail-resources.com in addition to the ones Gary mentioned. > Contact me offline, I might have some other ideas. > > On 1/15/03 17:05, "Clemens, Rick" <[EMAIL PROTECTED]> wrote: > > > > Mixed Exchange 5.5 SP4 / Exchange 2000 SP3 > 100% Active Directory > 100% Windows 2000 Advanced Server SP4 > > Our Legal and Security department wants us to provide the ability to > access > every e-mail the company sends or receives for a period of 90 days to > satisfy certain SEC requirements. > > The original plan was to Journal everything into a mailbox using an > Exchange > > 5.5 server. It worked in so far as all the mail went to the > mailbox...but...After it got over 1000000 messages outlook didn't do a > very > good job searching it. > > So we moved the Journal to Exchange 2000 and are Indexing it. With > 500000 > messages so far Outlook searches it pretty fast. So far so good. > > I guess my questions is....what is everyone else out there doing to > satisfy > SEC requirements for Electronic Documents Retention? Is there a better > way? > > Or Better Software? > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
