Cyber-crime is on the rise, and it is old news that organizations need to secure all access points into their corporate networks to protect against online threats. This means that this security should extend to your Microsoft Exchange Outlook Web App (OWA) deployment as well.
There are many attack vectors that cyber-criminals can exploit to gain access to your networks and OWA is one of them because it is easily accessed by anyone with an internet connection.
The FBI recently released a security fraud alert warning of the increased cyber-criminal activity targeting financial institutions’ corporate networks, and has set out a list of best practices to protect against external security threats. These recommendations should be considered by all companies when planning their security policies, not just banks. Two in particular should be considered by any organization deploying OWA. Continue reading below to learn how you can monitor and protect against suspicious OWA logon activity, and read our previous post to learn how you can safeguard the corporate information contained in your OWA email attachments.
FBI Recommendation #2 - Monitor Employee Logins that Occur Outside of Business Hours
The FBI alert warned against monitoring “unauthorized logins that occurred outside of normal business hours” through the use of stolen employee logon credentials, yet how are these cyber criminals acquiring stolen logon credentials to begin with? Phishing attacks are one common option used, but so too are computer generated attacks such as dictionary attacks and brute force attacks against your OWA logon page. OWA is becoming one possible attack vector for computer generated attacks because it is easily accessed from anywhere there is an internet connection. Whether your intention is to allow your users to access OWA from the other side of the world or not, you have also allowed everyone else from the other side of the world to access your OWA logon page as well. This means that one of the advantages of having OWA, quick access to email for the mobile workforce, also becomes one of the risks.
One problem with many security systems is that it is difficult to monitor logon and connection activity in real time, and to have such information presented in a clear and insightful way. Often, by the time system admins recognize that something is amiss, it is too late and the damage has been done. The system that should be in place needs to be able to detect and classify suspicious logon behavior; for example, logon activity that is occurring after-hours or from worldwide locations where you do not normally conduct business. In fact, after-hours access is a common vector as the likelihood of detection is significantly reduced. For OWA, most employees would not be actively on their corporate email in the wee hours of the morning, providing a perfect opportunity for criminals to do their work.
Messageware OWA Guard provides the ability for security administrators to monitor and identify suspicious logon behavior, creating an opportunity to analyze key data and improve security. End-users are also alerted to suspicious account access and can report incidents and take additional steps to secure their accounts, including changing their passwords. Messageware OWA Guard provides an eco-system where security can easily be monitored, analyzed, and continually improved.
For more information regarding the security alert provided by the FBI on September 17, 2012, please visit the Internet Crime Complaint Center (IC3) website.