|
Posted by Segue on July 4, 2007, 9:30 am
Please log in for more thread options
Well, casual snooping is the greatest security threat in an office
environment - as most security breaches are still caused by coworkers rather
than by external hackers.
And while it's possible for a knowledgable person to crack the security
of a PST file that a person has access to, it's just as easy to crack a
Windows login account if you know what you're doing, so you don't really
accomplish much by using one over the other. However, if multiple users use
the same machine, and they require the same access other than for things
like email, it adds time and inconvenience to make them swap windows
logins - and that makes it the less desireable choice between the two.
> If you are concerned with security I would strongly recommend switching to
> separate Windows log-ons for each user. You really aren't gaining
> anything by password protecting Outlook profiles apart from detering
> casual snooping -
> don't think using WDS changes that situation.
>
>
>>
>> Well, thank you for the effort - I do appreciate that. I guess I
>> don't have much choice but to remove WDS under the circumstances. Given
>> WDS's behavior, with it installed, there is literally no longer any
>> purpose to Outlook profile passwords, as all emails are an open book to
>> anyone sitting down at that machine whether Outlook is running or not.
>>
>> Thanks again for trying. :)
>>
>>
>>
>>
>>
>>>
>>> I did some asking around internally about this and generally the
>>> recommendation is to use multiple Windows user accounts if you are
>>> concerned about the security implications of this behavior. Windows
>>> Desktop Search bases its security around Windows user accounts and so
>>> any data which is accessible when logged on as that user account can be
>>> indexed.
>>>
>>> What actually happens is that WDS does only do indexing on the Outlook
>>> profile that is currently active, but the data is in the index is
>>> preserved {that's the whole point of the index - to make later searching
>>> faster} so later search results can be viewed when that profile is no
>>> longer in use. There isn't really a way of changing this behaviour save
>>> disabling Outlook indexing altogether.
>>>
>>> There's some more information in these links that discuss the different
>>> approaches to sharing Outlook data across multiple users and the
>>> relative security implications:
>>> http://office.microsoft.com/en-us/outlook/HA011110031033.aspx
>>> http://office.microsoft.com/en-us/outlook/HA011471581033.aspx
>>>
>>>
>>>
>>>>
>>>>
>>>> Indeed, there are multiple Outlook profiles being used by different
>>>> users on the same Windows log-on session. However, their data is
>>>> normally kept private via passwords on their Outlook profiles. Up
>>>> until now, this has been sufficient, but WDS has made that security
>>>> feature effectively moot. Even should a user shut down Outlook before
>>>> stepping away from their station, they still have no security as
>>>> someone can simply load WDS and gain access to all of their Outlook
>>>> data. That's why it's still a security issue.
>>>>
>>>> If there is no workaround for this, than I would strongly suggest
>>>> Microsoft address this issue, as it creates a very large vulnerability
>>>> on systems which have WDS installed.
>>>>
>>>>
>>>>
>>>>
>>>>> If you have multiple Outlook profiles and different users are using
>>>>> them from the same Windows log-on session then yes, in some cases all
>>>>> profiles will be searchable. But this wouldn't be regarded as a
>>>>> security issue because all of that profile data is accessible to all
>>>>> of the users through the filesystem. On the other hand if you have
>>>>> different Windows log-on accounts for different users, then the
>>>>> Outlook data will be completely separate for each user and you won't
>>>>> see search results from multiple users.
>>>>>
>>>>> Dave Wood
>>>>>
>>>>>
>>>>>
>>>>>> I have a question in regards to Windows Desktop Search 3.01 (on WinXP
>>>>>> Pro). The default behavior of this program seems to yield security
>>>>>> issues in regards to Outlook emails. When multiple users are using
>>>>>> Outlook 2007 on the same machine, seperated by Profiles - doing a
>>>>>> search in WDS comes up with results from all Outlook profiles. This
>>>>>> is a serious security issue.
>>>>>>
>>>>>> What I would like to know is this - is there any way to restrict WDS
>>>>>> so that it only comes up with Outlook results if Outlook is running,
>>>>>> and only for any Data Files the active profile has access to? This
>>>>>> way, when it comes to email results, people will only see results for
>>>>>> data files they have access to.
>>>>>>
>>>>>> Is this possible?
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>
| 
XML Sitemap