Key Strategies for Simplified Exchange 2010 Auditing

For a moment, think of how you would feel about a stranger rifling through your house, opening up bills and examining your personal life? If not for obvious footprints left behind within the confined area, would you even know that a break-in occurred?

Now consider the value of your exchange servers. How would unauthorized access to a CEO’s mailbox affect the company? How would unauthorized access to the server impact the business? With access to Exchange configurations such as server permissions, E-mail delivery settings and so on, former employees and current staff members can easily take advantage of their excessive permissions, whether intentionally or not, and modify settings that compromise the privacy and operation of an entire network. Moreover, access to specific confidential E-data stored in user mailboxes can jeopardize the integrity of documents and business plans.   Think about all the legal contracts, the sensitive financial data, product designs, contacts and private information. Security breaches like this happen every day, but unlike the above trespassing, they often go un-reported and unnoticed—until disaster strikes.

That is why it is crucial for all organizations to implement both an effective security permissions model and an efficient audit strategy to make sure that the above permissions are actually working. An auditing system is what allows administrators to gain visibility into their system, and it is what allows them to take immediate action if an unwelcome change is detected. A sufficient auditing solution tells administrators when Exchange permissions were modified and when attributes were changed. Often times, administrators wait until disaster strikes to implement a formidable auditing solution, simply because they do not understand the value. It does not take a burglary to understand the importance of an at-home alarm system — to protect valuables and belongings from outsiders — so it shouldn’t take an Exchange infringement to understand the importance of proper auditing. Being proactive with an audit solution saves money down the line in case of security breaches, data compromises or system failures, much the same way an alarm system saves money by preventing theft.

And while the native Microsoft Exchange auditing tools are free, consolidation of security logs from multiple servers underneath the built-in tool is difficult and time-consuming. Tools like NetWrix Exchange Change Reporter, however, make Exchange 2010 auditing thoughtless and effortless. Automatic reports are generated daily and sent to administrators with a record of all changes made within the exchange server, keeping administrators abreast of attribute changes, failed attribute change attempts, deletions, deletion attempts, and permission changes. Knowing what’s happening within promotes a secure network and as a result, a secure business.

Not only will tools like these promote security within any given Exchange Server by way of observation, magnification and expansion of all qualified events that take place within the server, but they will note exactly who did what.

It’s important to understand the value of a proper Exchange auditing solution. Keep sensitive data private, and protect your server from intrusion with cost-effective auditing tools. Don’t wait until a security breach compromises your entire network.

Have you ever undergone failures because of unauthorized changes in Exchange settings? Or did a proper auditing solution help you detect them before they occurred? Please share your thoughts and experiences with other readers below.

Stephen is a former Product Manager at Netwrix.