*>>That employee (assuming he didn't do anything nasty with the guessed passwds) did you a big favor*
No, the former employee didn't. Just because the result was comparatively *better* than having external malicious parties do it, doesn't make it *good*. Weak company security policies (or lack thereof) = *bad*. Employee exploiting said weak company security policies = *bad*. External entity exploiting said weak company security policies = *much worse *(but doesn't turn #2 into "good") . *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market...* On Thu, Nov 13, 2014 at 6:06 PM, Edward A. Berry <[email protected]> wrote: > <another lurker> > Are you kidding? > That employee (assuming he didn't do anything > nasty with the guessed passwds) did you a big favor by exposing > the weak passwords before the really bad boys got them. > > On 11/13/2014 02:24 PM, Gordon Pegue wrote: > >> <lurker response> >> >> Wouldn't a more effective solution be to: >> >> 1.Terminate the employee who "guessed" the pwds >> >> 2.Institute a password change for all OWA users immediately requiring a >> strong pwd >> >> Seems to me that turning off OWA is a business-line decision in this >> case, not an IT decision >> >> Gordon >> >> *From:*[email protected] [mailto:listsadmin@lists. >> myitforum.com] *On Behalf Of *Stefan Jafs >> *Sent:* Thursday, November 13, 2014 12:14 PM >> *To:* [email protected] >> *Subject:* [NTSysADM] OWA and Exchange 2007 >> >> We had a security breach where an employee have guessed about 20 peoples >> passwords and ben able to access their e-mail with OWA. Since most people >> use company Laptops and / or Surfaces to access their e-mails while on the >> road using RPC / HTTP with Outlook we are thinking about disable OWA for >> all but a few users, will that break anything else? Did some Googling and >> looks like it may be a problem in Exchange 2013 but we are still on 2007. >> >> __________________________________ >> >> *Stefan Jafs*** >> >> > >
