Exchange Security Risk Auditor (ESRA) - who's reading your email?


More Info on this Product: Features News White Papers Webinar/Demo Request

Subscribe here to keep updated

Solution Areas

Mailbox Size, Quotas
& Retention

Email Discovery, Archiving
& Classification
LCS & Sametime Tools
Blackberry Availability
& Usage

Email Encryption
& Digital Rights

Content Filtering & SPAM
Availability, Metrics
& Alerting

OWA, Calendar & I-Notes
ZeroHour, Targeted
Threats

Solutions By Platform

Instant Messaging

Microsoft Exchange

Lotus Notes

SMTP Perimeter

Home

Whats New

White Papers & Reviewers Guides

Send to a Friend

Archive One Access Security Manager
ESRA - EXCHANGE SECURITY RISK AUDITOR
who's reading your email?

Exchange Security Risk Auditor (ESRA) and Archive One Access Security Manager (ASM) allow the monitoring and controlling of permissions in an Exchange system. In most Exchange systems there can be at least tens of thousands of permissions. It is virtually impossible to ensure that all permissions are correct, giving you the appropriate security you require.

Three permissions areas are checked:

Mailbox/Public Folder Access Permissions - Checks which Exchange users have access to which mailboxes and folders. Incorrectly set Access Permissions can lead to users being able to read mail of other users.
Send On Behalf Of Permissions - Shows which user can send mail on behalf of another – send on behalf of (SOBO) rights are dangerous, as messages appearing to come from one user can have huge consequences for corporations
NT rights associated with mailboxes/folders - Illustrates which users have NT rights allowing them to enter the mailbox of another user and assume that Exchange user's identity and security rights

Security Auditing

ESRA/ASM make it easy to find all objects over which a user has rights across the whole Exchange system

The information store can be searched for specific permissions or roles, or for all the roles that are assigned to specific users or groups of users. This makes ESRA the ideal tool for an Exchange security audit. Who does have access to the board of directors' e-mail accounts? Are the secure public folders as secure as we need them to be? The application has been designed to be operated by professionals concerned with the security of corporate e-mail.

Permission Maintenance

Not only is ESRA/ASM an ideal tool for the security audit, it is also an invaluable tool for day to day permissions maintenance. For example, cleaning up the rights and permissions of deleted users is no longer a problem. With ESRA/ASM, the deleted user can be described and located anywhere in the Exchange public or private information stores.

Other tasks such as reassigning rights is easy as you do not need to know where the original user had rights, only that the new users will have the same ones.

Once a permission is located it can be changed in a simple fashion.

If you have chosen to alter permissions in any way then ESRA/ASM will highlight the changes before any update is performed, meaning that you are always in control of permissions updates. You will also be able to export the results of a permissions search directly to Excel.

Deployment and support

ESRA/ASM is a standalone application (not requiring a service) that is controlled using a standard MMC Snap-in. It is run on NT, 2000 and XP operating systems and supports both Exchange 5.5 and Exchange 2000.

It is suggested that the application be installed on a desktop machine as opposed to being installed on the same machine as the Exchange Server.

It uses Windows messaging (minimum Outlook 98 required on ESRA machine) to access the Exchange server and sufficient permissions will be needed by the user both installing and operating ESRA. The specific permissions that are needed are outlined in the ESRA manual.