Skip to main content

Keyloggers and Outlook Web Access

There are lots of questions on the Internet about possibility of keyloggers being installed on the public computers and the use of Outlook Web Access (OWA) on such machines.

Let's presume that you are using public computer in an Internet Café anywhere in the world. You want to connect to your company's e-mail by means of Outlook Web Access interface.

Since you are not the administrator of the machine or have higher privileges on that same computer, you are not able to install programs on it. It means you have to use the computer AS IS.

You can't prevent keylogger from collecting your data, since you lack the privileges to do so, but your e-mail system can use two-factor authentication as a form of letting the users in.

Two factor-authentication is a system wherein two different methods are used to authenticate. Using two factors as opposed to one delivers a higher level of authentication assurance. Using more than one factor is sometimes called strong authentication. (Wikipedia, 2008)

One Time Password (OTP) tokens can be used to enter random number found on the token as a first factor of authentication. If the first factor authentication is positive then the usual OWA domain\username\password authentication is used as a second factor of authentication.

Since one time password is used only once, keylogger will log already old data thus preventing possible intruder to use it again.

Keylogger will of course log your domain, username and password but such data will be useless to certain extent as your online services would be probably protected with two factor authentication and OTPs.

Since you are now NOT the only owner of your username and password, domain password expiration policy IS A MUST and passwords must be changed constantly.

Your data could be stored by keyloggers on the public machines even if you are using On-screen keyboard. Current keyloggers have even built-in option to save screenshots thus making any other authentication option (for public computers at this very moment) than two- or more-factor, unable to prevent possible intrusions that would use logged data.

 

References

Wikipedia (2008) Two-factor authentication. Available at: http://en.wikipedia.org/wiki/Two-factor_authentication (Accessed: 11 April 2008).

Comments

Popular posts from this blog

Error "<#5.5.2 smtp;554 5.5.2 Invalid data in message> #SMTP#" when you send attachment in your mail

Some users were receiving error <#5.5.2 smtp;554 5.5.2 Invalid data in message> #SMTP# when they sent message with attachment. The problem is when attached document name is longer than 50 characters. Some Firewalls have header size restriction and that limit blocks this messages to be sent. To correct this, change header limit on affected Firewall or shorten the name of the document you are sending (which is probably not good permanent solution).******
Update #1: Default header size limit in Exchange 2007 is 64K.Update #2: It might be the SMTP version problem. Mail is rejected with CONTENT-DISPOSITION error (overly long message header field for CONTENT-DISPOSITION) but not for all SMTP servers (same mail sent through different SMTP servers). If you send mail with attachment that has name longer than 50 characters from Exchange 2007 directly through DNS you may encounter this error, but if you send same mail from Exchange 2007 through smart host (other than Exchange) mail is d…

Change SMTP port 25 in Exchange 2007, 2010

For some reason you might want to change default SMTP port number 25 Exchange 2007 is using. Exchange 2007 uses RECEIVE AND SEND connectors, one for receiving mails and other for sending mails (obviously ;)
So you need to change ports on those connectors. I will not say those two, because you might be using more than two.
You change Receive connector port by opening the connector properties in Exchange Management Console --> Hub Transport --> RECEIVECONNECTORNAME --> Properties --> Network --> Local IP Addresses (Edit Receive Connector Binding)
Just to clarify what "Local IP Addresses" and "Remote Servers" are (from Exchange 2007 help), because I find it little bit confusing: Use these local IP Addresses to receive mail Use this list to specify the IP addresses and port numbers on which this Receive connector listens for incoming mail. Receive mail from remote servers which have these IP addresses Use this list to specify the remote IP address range fr…

The Windows component Server-Gui-Mgmt-Infra isn't installed on this computer and needs to be installed before Exchange setup

You get this error "The Windows component Server-Gui-Mgmt-Infra isn't installed on this computer and needs to be installed before Exchange setup" when you try to install Exchange 2016 on Windows 2016 server. Exchange 2016 pre CU3 does not support Windows 2016, therefore you need to download Exchange 2016 CU3, which is in fact full copy of Exchange 2016 server in order to install it on Windows 2016 machine.