Since the recent Sony hacks took place, the attackers have published troves of data from users' email accounts. Some of this data is very detrimental to the company's image. I suspect that based on an organization that size, they likely use some sort of Exchange or OWA service. I was curious how data that was related to email accounts was stored locally. It appears that the data is stored in an OST file at the following location for our network.
C:\Users\%USERNAME%\AppData\Local\Microsoft\Outlook
This document appears to be unencrypted, however, it is reliant on the user or admin credentials to access the file location. Microsoft recommends using EFS for encrypting files, such as this, to protect it's contents. The problem with EFS is a large scale deployment of a company Sony's size would make this difficult to complete a roll-out due to the complexity of creating individual certificates and storage locations for each individual user. Without using EFS, are there easier to implement solutions that incorporate into Outlook to protect User's OST files from prying eyes in the event of a major breach?
Aucun commentaire:
Enregistrer un commentaire