Skip to main content

Keyloggers and Outlook Web Access

There are lots of questions on the Internet about possibility of keyloggers being installed on the public computers and the use of Outlook Web Access (OWA) on such machines.

Let's presume that you are using public computer in an Internet Café anywhere in the world. You want to connect to your company's e-mail by means of Outlook Web Access interface.

Since you are not the administrator of the machine or have higher privileges on that same computer, you are not able to install programs on it. It means you have to use the computer AS IS.

You can't prevent keylogger from collecting your data, since you lack the privileges to do so, but your e-mail system can use two-factor authentication as a form of letting the users in.

Two factor-authentication is a system wherein two different methods are used to authenticate. Using two factors as opposed to one delivers a higher level of authentication assurance. Using more than one factor is sometimes called strong authentication. (Wikipedia, 2008)

One Time Password (OTP) tokens can be used to enter random number found on the token as a first factor of authentication. If the first factor authentication is positive then the usual OWA domain\username\password authentication is used as a second factor of authentication.

Since one time password is used only once, keylogger will log already old data thus preventing possible intruder to use it again.

Keylogger will of course log your domain, username and password but such data will be useless to certain extent as your online services would be probably protected with two factor authentication and OTPs.

Since you are now NOT the only owner of your username and password, domain password expiration policy IS A MUST and passwords must be changed constantly.

Your data could be stored by keyloggers on the public machines even if you are using On-screen keyboard. Current keyloggers have even built-in option to save screenshots thus making any other authentication option (for public computers at this very moment) than two- or more-factor, unable to prevent possible intrusions that would use logged data.

 

References

Wikipedia (2008) Two-factor authentication. Available at: http://en.wikipedia.org/wiki/Two-factor_authentication (Accessed: 11 April 2008).

Comments

Popular posts from this blog

Netscaler vs Exchange 2019 "time out during ssl handshake stage

If you are using Citrix Netscaler as load balancer in front of Exchange 2019 server you must know this: Microsoft Exchange 2019 is secured by default and allows only TLS 1.2. Therefore default schannel settings are as follows (using IISCrypto tool from Nartac Software): While Citrix Netscaler offers following Cipher Suites: TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 TLS_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA Now, you will fi

Exchange Admin Center language

Depending on your computer language settings, Exchange Admin Center can take those and open in a language you actually don't want to use. You'll Google that this can be changed if administrator/ admin user has mailbox by openening OWA settings and changing Regional parameters. But usually Admin user does not have mailbox or you don't want her/him to have it. You will search again and find that you can add mkt=en-US (as an example) to the URL of the Exchange Admin Center (https://yourexchangehostname/ecp?ExchClientVer=15&mkt=en-US) Third option you have is opening Internet Explorer settings (I am using Windows 2016) Click languages Click Set Language Preferences Add language you want to use by clicking Add language Use Move up or Move Down options to put desired language on top Close Internet Explorer Open it again and login again to Exchange Admin Center

Free/Busy missing - Cloud to On-Premises

We had a problem where M365 users could not retreive Free/Busy information from on-premise Exchange server. Hybrid setup was run and everything was working fine except this. After research I found out that TargetSharingEpr is the way to look at. There are many sites out there that are pointing to the same setting but only Set-OrganizationRelationship is used to change the value. The problem is, this value is available for two commands: Set-IntraOrganizationConnector Set-OrganizationRelationship While we changed the value in  Set-OrganizationRelationship it didn't work until we changed the value in  Set-IntraOrganizationConnector too. By default it should work with just  TargetAutodiscoverEpr but for us it didn't. Finally we ran this command on Intra Organization Connector which is used from Cloud to On-prem:  Set-IntraOrganizationConnector -TargetSharingEpr   https://mail.domain.com/ews/exchange.asmx And it worked.