ms exchange server security

Discussion in 'Computer Security' started by BFM, Jun 29, 2005.

  1. BFM

    BFM Guest

    Just wondering how hard it would be to crack an exhange server email account
    if I already have the username and only had to crack the password.(?)
     
    BFM, Jun 29, 2005
    #1
    1. Advertising

  2. BFM wrote:

    > Just wondering how hard it would be to crack an exhange server email
    > account if I already have the username and only had to crack the
    > password.(?)


    Certainly having the usernames is helpful...

    Depends upon a couple of things

    1) What is the password policy? How strong is it?
    example: Is it required that passwords have uppercase and numbers?
    2) How long is the aging policy? 30 days? 60, 90 days? Never?
    3) Do I have access from the "outside" World (ie Internet access) in the
    case where you allow authenticated email forwarding.

    -Michael
     
    Michael J. Pelletier, Jun 29, 2005
    #2
    1. Advertising

  3. BFM

    Winged Guest

    BFM wrote:
    > Just wondering how hard it would be to crack an exhange server email account
    > if I already have the username and only had to crack the password.(?)
    >
    >

    If you don't have access to the server system files and a complex
    password was used and you have big pipes and only 1 computer you should
    be able to crack it in about 100,000 years or so. If the admins put a 3
    missed trys on the password before it locks the account, it may take
    somewhat longer. If complex password enforcement is not in place and
    the administrators are complete idiots and did not set a max number of
    tries before it locks the account...it is an indeterminable variable.

    Bear in mind trying to brute force the account should ring off alarm
    bells everywhere if even minimal security monitors are in place. A
    decent network will lock you safely away from the server at the firewall
    if you try cracking too hard. If there is any possibility that the
    system is at all sensitive and business or governmental in nature, you
    should be safely in jail long before you access the account.

    There are far better ways to access exchange servers with much higher
    probabilities of success.

    Winged
     
    Winged, Jun 30, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jose Luis

    Exchange 5.5 with Exchange 2000 Cluster problem

    Jose Luis, Feb 13, 2004, in forum: Microsoft Certification
    Replies:
    0
    Views:
    731
    Jose Luis
    Feb 13, 2004
  2. winman
    Replies:
    9
    Views:
    693
    Consultant
    Jul 30, 2003
  3. =?Utf-8?B?am9zdWU=?=
    Replies:
    3
    Views:
    1,009
    =?Utf-8?B?U2xpY2tERFNB?=
    Aug 15, 2007
  4. Juan
    Replies:
    3
    Views:
    2,153
  5. Fraser Scott

    Exchange 2007 or Exchange 2010???

    Fraser Scott, Jul 21, 2009, in forum: Microsoft Certification
    Replies:
    0
    Views:
    1,490
    Fraser Scott
    Jul 21, 2009
Loading...

Share This Page