RE: Interesting Observation

  • From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 10 Jun 2004 13:36:46 -0700

No. Don't tell me. You were in Oregon on Monday. Dag nab it. So was I. Flew
out at 1:15 PM.

So close, yet so far...

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


> -----Original Message-----
> From: Mark Fugatt [mailto:mark@xxxxxxxxx]
> Sent: Thursday, June 10, 2004 1:12 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Interesting Observation
> 
> http://www.MSExchange.org/
> 
> I agree 100% John, it was a long flight home from Oregon (left at 2am and
> got in my house an 2.30pm), and I was not really thinking clearly when I
> posted :-)
> 
> Mark
> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Thursday, June 10, 2004 4:01 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Interesting Observation
> 
> http://www.MSExchange.org/
> 
> > I was teaching an Exchange 2003 support class for Symantec this week,
> > so that their gold and platinum support guys had a good understanding
> > of how Exchange really works :-), he talked about log files, and one
> > of the guys asked what would happen if you created a new log file, for
> > example, the
> last
> > log file is E0000001.LOG and you create E0000002.log manually.
> >
> > We tried it to see, and the effect was that the Outlook clients would
> > hang when trying to send mail, until you deleted the manually created
> > log file, the other effect was when you performed an online backup the
> > backup would fail, and then dismount all the Stores in the Storage
> > Group that you were trying to backup, this then led them to ask what
> > type of security risk
> this
> > would be, if someone managed to create a worm that created a log file
> > manually it would bring down all the Stores when you perform a backup.
> 
> 1. The worm would have to reach the server. Defense rule: All computers
must
> have AV installed to protect the server itself.
> 2. The worm would have to get past the firewall. Defense rule: All
computers
> must be behind a firewall.
> 3. The worm would have to be executed by e-mail if not through the
firewall.
> Defense ruleA: All incoming e-mail must be scanned for viruses,
> vulnerabilities and possible malicious content, ie executable attachments.
> Defense ruleB: Generally, you should not be viewing e-mail on a server.
> 
> So, the way I see it, if the worm is able to execute on the server in the
> first place, you have other problems to deal with.
> 
> However, having said that, that is a real problem, although with proper
> defences in place, the probability of it occurring is minimized. If there
is
> a way that behavior can be changed/protected, it should be looked into and
> work needed weighted out.
> 
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
> Resource Site: http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> mark@xxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> 
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



Other related posts: