exchange's questions - English 1answer

68 exchange questions.

I'm seeing a virus in our network with some strange headers. Sometimes they are coming (sourced) from a netscaler VIP, other times they seem to come from an Exchange hub server. How do I determine ...

I am trying to create a method to securely pair devices with JavaScript and hopefully prevent MitM attacks. The method uses vibration to initially pair devices and I have come up with the following ...

Shot paper I am reading a paper about key exchange and trying to understand the protocol described in Figure 4 on page 6 in the above paper. I understand the majority of the notation but am having a ...

I'm creating app that will run as an automated service with no user interaction to process to connect to a mailbox and process emails (download attachments, move emails to a "processed" folder, etc.). ...

From what I've understood by reading message headers and settings in Outlook, mails sent between Outlook on my PC and the Exchange cloud service are encrypted with TLS 1.2. Messages moving within the ...

I am evaluating the possibility of using Outlook mobile client with an on-premise Exchange 2013 server. However it seems that the app sends quite a bit of data to Microsoft's cloud servers. It also ...

As per recent updates in UK data protection legislation I have been trying to find ways of encrypting all outbound emails from my server and was considering moving all our emails from a basic email ...

A client uses a big company for email control. A feature is encrypting, mainly, documents when they are sent(web portal based to access them). I was under the impression that sending an email out ...

My organization has an in-house user authentication system shared between a very large number of internal systems. One of these systems needs to retrieve information from the logged in user's ...

In our environment, we provide user certificates to sign or encrypt emails. This is an internal setting, meaning the CA is internal to our organization (not a public CA) and handled by our Active ...

What kind of information can we get from a Message Recall in Outlook, e.g a spammer/phisher recalls an email sent to another email id. Is it an alternative to read receipts? Is it a check that these ...

For my own domain (mydomain.com, hosted with a free G Suite), I have setup DMARC in testing mode: v=DMARC1; p=none; sp=reject; aspf=s; adkim=s; rua=mailto:dmarc@mydomain.com I have sent out test ...

We use contractors from out of state and from other countries. An Active Directory account is created, which creates an Exchange email account. We forward email from the Exchange email address to a ...

I am working on an auditing process for my company's email system (Exchange 2010). From this process, we're hoping to expand it out to other systems and start to clean up the rampant security issues ...

In Office 365, Emails can accessed from anywhere (within or outside of the company). Want to block Email attachment download from outside of the company. Emails should be accessible from outside of ...

I have a web project where I need to store a username and password in an SQL database. the username/password are for exchange web services.(so it cannot be hashed, I need to be able retrieve a clear ...

An email was sent from our MS Exchange server and the addresses were listed in the bcc area. This email was forwarded to another person who was able to somehow extract the bcc list and email everyone ...

My company's SSL Certificate for basically all their websites and Activesync servers have expired long ago. For my upcoming meeting's sake I need to explain how this is very insecure. Unfortunately I ...

Our company emails are getting blocked (blacklisted) every other day. Can someone tell us why the emails are getting blocked. And how to rectify for being blocked. Your advise will be highly ...

Reading Microsoft's Publishing Exchange Server 2010 with Forefront Unified Access Gateway 2010 and Forefront Threat Management Gateway 2010, it looks like encryption is baked in for client access in ...

I wonder what server I put in DMZ zone. I know the DMZ zone is for all servers or services who must be accessed from the internet, like Web Server, or mail server and sometimes DNS servers. But I ...

I recently observed that Exchange Online has switched to a lower version of TLS protocol. Emails from Exchange Online to Gmail and other Office 365 tenants are now sent over TLS 1.0 instead of TLS 1....

The procedure suggested by forensics companies to make a copy of a users's mailbox in a forensically sound manner is to use New-MailboxExportRequest. What information is modified (if any) by the use ...

I conducted MiTM attack at one of our customers. the results showed that Cain was able to gather user credentials of some users, when they tried to connect to a remote exchange server (outlook....

Recently we had an issue with the Exchange autodiscover.xml appending ".com" to our mail servers autodiscover address. It resulted in a certificate error due to the name not matching the certificate. ...

From what I can tell, Apple Watch apps act like a remote control to a nearby iPhone using Bluetooth or BLE. Conversely Android watches have the ability to run full applications, and therefore have ...

For the fourth time in over a year, Exchange OWA has put our internal network at risk due to a remote code execution flaw that exists on the server runtime. This risk is compounded by the fact ...

Can someone please explain the Diffie-Hellman key exchange for me. I have been studying it but I don't actually get the concept

Is sending emails between different Office 365 account owned by entirely separate entities secure? I.e. The email never leaves the Microsoft network? If the two are in the same data centre (E.g. ...

There was a case when employee A thought he was getting legitimate emails from employee B, as the email address was valid, there were no CC/BCC addresses and just plain text in the body. Some ...

A vendor is asking me to change the PSLanguageMode from within IIS on my Exchange server(s). What potential vulnerabilities am I opening myself up to? I'm surprised to see this option present within ...

Using the Exchange control panel feature/tool of MS Exchange 2010, you can search all the emails belonging to any domain user and read them. Allowing an Exchange administrator to read the emails of ...

We have our Exchange server in a remote site administered by an external provider. We would like to avoid the possibility of provider employees to access the email and calendar of critical accounts in ...

I'm required to audit various communications (email, sms, messenger, social media) for keywords relating to financial data, HIPPA, and other PII. Is there any rational reason I should extend my ...

If users bring their own device (BYOD) and they have corporate Exchange (or Goodlink email) on that device, could the other email accounts on that device be open to a legal search? Would the SMS ...

For a Diffie–Hellman (D-H) key exchange (TLS) the server generates a prime p and a generator g, which is a primitive root modulo p. When setting up a webserver with SSL/TLS (e.g. nginx) one can use a ...

Today I changed the SSL certificate that 3,000+ Outlook clients are using. In doing this I changed the certificate to an "older" one that had the same subject name, expiration and everything else. ...

We allow 4 gb space per employee in outlook mail exchange, beyond that the user has to create a pst file . That is the policy. We have given admin rights to all employees since there is a lot of ...

I'm concerned that old versions of Android may be hacked through unpatched WebViews (in PhoneGap and other apps), exposing Activesync email data, and other sensitive information. To mitigate this, ...

I'm new to the security stack exchange, so feel free to edit the question or redirect me to another forum if this is not fitting. I'm currently working on a web application that will allow the user ...

I am looking at Activesync authentication and want to know if Certificate Authentication ignores a client username and password or Certificate Authentication requires a username and password For ...

Suppose I issue a signing certificate in January, and have a daily CRL issued (expires in 1 day) to verify the validity of that signature. Then sometime in July I need to revoke that certificate. My ...

I'm looking for an easy to deploy way to make email clients (MUAs) display my email messages in a secure manner. PGP and SMIME both do this today, but they are high touch, and require software or ...

We have received the below finding from an IT audit. Missing Secure Attribute in Encrypted Session(SSL) Cookie: It is best business practice that any cookies that sent over (Set-cookie) an SSL ...

Yesterday, I got an alert from a client's IDS that a Base64 auth packet was detected. Looking at the ASCII decode, I can see that it is for their OWA (Outlook Web Access), and indeed, the auth info ...

We have a long-standing ActiveSync device policy that requires an unlock code for all phones that use corporate email. It seems that iPhones with "swipe to unlock" and Android phones with similar ...

My Exchange Admin is setting up 2013, and it is set to block txt file attachments specifically (as well as others). I have tried searching for risks associated with txt attachments but could not ...

I started looking at OAuth - Google's and Facebook's implementation. Both of the implementations, in the authorisation flow, seem to send the "Authorization code" back to the web browser. I was ...

We run Exchange 2010. Our edge servers run "passive opportunistic TLS" for 99% of the domains we communicate with. For a handful of domains, we have forced TLS on both our end and the other domain's ...

I have read quite a bit on the subject of securing MS Exchange - most notably the Client Access role. With the retirement of Microsoft's Threat Management Gateway many people seem to be looking for an ...

Related tags

Hot questions

Language

Popular Tags