ExchangeDefender Mass Password Reset
ExchangeDefender has always been a great friend to the SMB community where folks hate passwords and password complexity right until the moment their password gets compromised. Once that happens, it’s up to the MSP or poor IT guy to sit around and reset all the passwords in the organization.
As mentioned previously, a number of ExchangeDefender Enterprise features is being delivered to ExchangeDefender Pro so now you’ll have the ability to reset every single users password quickly.
Under the domain login you will now see a “Security Reset” link that will allow you to either randomly assign a strong password (smart) and send your users a reset link or pick the same password for all users (outright idiotic but “business requirements”).
If you are an MSP assisting a client during an outage and this is the first time you’re making your users aware of ExchangeDefender LiveArchive for business continuity, you can also print out the passwords and/or email them to your users in plain text. This is a horrible, terrible, idiotic, really bad idea that virtually guarantees you’re going to get hacked but we are here to serve and Howard is a really good friend so here it is:
Just a word of warning: If you select to send your users a new password in clear text, and show the roster with the plain text password on the next page, for whatever ungodly reason, please add a note to come back later and lock your users down. Most MSPs keep the same password for ExchangeDefender and Exchange, and these services also affect ExchangeDefender Encryption, LiveArchive, WebFileShare, Compliance Archive, eDiscovery, FailPOP, mobile, etc and leave you open for collateral damage. Unless you’re using 2FA/OTP, restricting IP address ranges, rotating passwords frequently, I can guarantee that your passwords will be compromised. Please, please, please don’t do this, we are only making it available as the feature of last resort.
As we add these advanced security controls into ExchangeDefender Pro (and some even for Essentials) we will be tightening the security of the platform around. To hear more about our plan for 2019, please sign up for the webinar on February 6th at noon EST. Click the banner below to reserve your seat.
Introducing ExchangeDefender Security Audit Logs
ExchangeDefender launches New Security Logs
I have some great news – ExchangeDefender security logs are now available for all users of ExchangeDefender. This move is a part of our larger security ambition for 2019 to introduce Enterprise features of ExchangeDefender across our lower MSP, SMB and retail tiers in order to improve service security.
One of the biggest things in 2019 is the end of the era for plain text passwords. People love them, MSPs rely on them, they are super convenient for everyone including… the hackers that are looking to break in. But more on that in a minute.
The single simplest way to stay on top of account security… is identifying break-in attempts. ExchangeDefender Enterprise logs every event, login, escalation (and so, when you as the enterprise administrator or organization owner choose to automatically login as the user for support purposes) attempt.
We’re happy to bring this feature in across both the service provider, domain and user login. Free of charge.
As the admin or service provider you also have the ability to search the account log for specific user or address that is causing problems. In the Enterprise version you have the ability to further lock things down based on IP, location, charset, and more. But if/when there is an issue, you can clearly see if the account has been compromised. At all other times, you can see login failures that are a good indication that there is a problem.
This feature, and a whole lot more, is coming down to the ExchangeDefender SMB land. While all these features were a premium in the past, the extent to which everything from your PC and the network devices that surround you are susceptible to compromise – we have to treat these features as what they are – essential to your security. As a matter of fact, we’ll be discussing this next Wednesday in our webinar:
When:
Noon, Wednesday, February 6th
Where:
https://attendee.gotowebinar.com/register/4562047862967330307
Hope to see you there.
Sincerely,
Vlad Mazek
CEO
ExchangeDefender
ExchangeDefender launches 2 Factor Auth / OTP Service
Introducing ExchangeDefender 2 Factor Authentication / One Time Password Service
ExchangeDefender Pro is proud to announce the launch of a free 2 factor authentication / one time password service that will help our users better protect their ExchangeDefender accounts. Most people use the same password everywhere and if your password is compromised anyone can login from anywhere – what 2FA/OTP service enables you to do is use your cell phone as a secondary ID check.
When you login to ExchangeDefender, the system will immediately text you a 4 digit PIN to your cell phone. This way even if someone were to guess or steal your password, they will not be able to login without having access to your cell phone as well.
As we blogged about implementing advanced password security, plain text passwords are a thing of the past and the whole universe is moving towards having that additional layer of security to make sure unauthorized changes aren’t being made.
This is why we are making ExchangeDefender 2FA/OTP free for ExchangeDefender Pro and it works at all three levels – Service Provider, Domain administrator (domain.com login) and individual end user accounts at https://admin.exchangedefender.com. Once you’ve authenticated with a PIN on the top level you will not need to re-authenticate in order to manage and support your MSP clients or the end users so by all means enable it for everyone.
We hope you enjoy this feature and start relying on it, don’t worry this is no bait and switch, we do not intend to start charging for it down the road – it’s all about improving security and keeping our clients protected. It’s just what we do!
Dealing with Newsletter and Subscription bombs
Dealing with Newsletter and Subscription bombs
ExchangeDefender now protects you from malicious subscriptions to newsletters and emails you never opted into through “Subscription (Newsletter) Bomb Protection” available at admin.exchangedefender.com. By enabling the feature all newsletter “CAN-SPAM” “legitimate sender” content that you don’t want in your mailbox will automatically be filtered out as SureSPAM by ExchangeDefender.
The Bomb Issue
Hackers are currently exploiting security issues in newsletter software that allows them to add your email address to a mailing list without validation. If you’ve signed up for anything recently you know that you’re generally sent a confirmation email to validate you own the email address — well, hackers have found a way to add your email to the list without that step. Repeated thousands of times, it gives hackers a way to blow up your mailbox through a broadcast storm by otherwise legitimate senders who cannot tell your email address from thousands of others on their mailing list.
The ExchangeDefender Solution
ExchangeDefender already has a built-in newsletter management software (where you can have all of your newsletters skip your inbox and be available for reading online). We can effectively quarantine all the newsletters for you and allow you to read them online without them hitting your inbox and putting you over the quota. With the Subscription Bomb protection we go an extra step and outright classify these newsletters you haven’t subscribed to as SureSPAM. You can still access them but they won’t bother you or damage your Inbox or productivity.
There are 3 options:
Enabled: Protection is turned on and any newsletter will be flagged as SureSPAM. We do not recommend this option as it will catch all newsletters, whether you’ve subscribed to them or not.
Disabled: No protection. This is the default setting at the moment for all domains.
Whitelisted: Protection from newsletters but whitelisted ones will still get through. This allows you to have the best of both worlds: protection from newsletters you didn’t subscribe to but newsletters you want and have whitelisted will still come through. On January 1, 2019 this will be the default setting.
What do I tell my clients?
ExchangeDefender can now protect you from SPAM being generated by legitimate newsletter and subscription providers – if someone steals your identity (your email address, name, etc) they can subscribe you to newsletters without your knowledge or permission. Because the sending and management of these lists is automated, hackers can get an innocent third party to send you thousands of newsletters to clog up your inbox, make you wait for your email to download, and just make your email experience miserable.
ExchangeDefender can detect newsletters and “legitimate marketing emails” with unsubscribe or newsletter control keywords and automatically filter it out from you. Messages aren’t gone, you can still access them through admin.exchangedefender.com in realtime and on demand, but your Inbox will stay clean.
ExchangeDefender Office Macro (OLE) Dangerous Content Filtering
ExchangeDefender Office Macro (OLE) Dangerous Content Filtering
ExchangeDefender now includes advanced protection from dangerous Microsoft Office macro code (OLE). Since usage of Office macro code is very limited (and seldom moved via email) it’s almost universally used as an attack vector by hackers who send malicious macro code embedded in Microsoft Office documents that target vulnerabilities in Outlook, Word, Excel, Powerpoint, and more.
Specifically, our service scans the following attachments for the presence of dangerous, encrypted, malformed, malicious, or suspicious code: doc,dot,pot,ppa,pps,ppt,sldm,xl,xla,xls,xlt,xslb,docm,dotm,ppam,potm,ppst,ppsm,pptm,sldm,xlm,xlam,xlsb,xlsm, and xltm. If we detect something suspicious or dangerous the message will not be destroyed or quarantined (as is the case with virus or infected attachments) – rather we just filter it to SureSPAM.
Managing Your OLE Protection
We will start strictly enforcing macro protection on January 1, 2019. However, the feature is available now and can be enabled at any time by going to https://admin.exchangedefender.com and logging in as a domain administrator (if you don’t see the setting, you aren’t logging in with your domain account but your personal or service provider account).
Click on Configuration > Policies > Phishing Options.
At the bottom of the form you will see “ExchangeDefender Office Macro Protection” section that is currently (October 2018) set to Off. The following options are available:
Off – Turns off ExchangeDefender Office Macro (OLE) protection
On – Turns on the protection but whitelisting the domain/email will bypass it
Strict – Turns on the protection and ignores whitelists
ExchangeDefender recommends this setting be configured as Strict in order to protect from spoofing where clients own domain or vendor (that doesn’t have SPF/DKIM implemented) address is used to deliver a dangerous attachment. Using “Strict” setting bypasses whitelist checks so if the message contains dangerous content it will automatically go into SureSPAM even if the domain is whitelisted.
What do I tell the users?
First, set the setting to Strict. Then, adjust the date in the message below and make sure SureSPAM settings are set to Quarantine.
“Starting with January 1, 2019, ExchangeDefender will protect you from dangerous attachments that contain rarely used Microsoft Office macro (OLE) code. If dangerous macro code is detected in an attachment, message will go into SureSPAM category and if configured to quarantine the message will be accessible at https://admin.exchangedefender.com in the SureSPAM quarantine. We have enabled the protection for you. If you ever see a familiar contact/domain but you were not expecting the message, it’s likely being spoofed/forged in order to trick you to click on a dangerous attachment. Take an extra step and contact the sender asking them if they sent you a document. If not, delete the message.”
We hope this helps keep your users more secure and in our production use so far it’s helping stop 100% of dangerous content
New Feature: Encryption Enrollment Account Reset
ExchangeDefender Encryption Enrollment Account Reset
Encryption is hot – with daily news of hackers breaking in or compromising one system after another, taking that extra step to make sure your information is safe and secure has never been on the minds of business owners more. We may sound like a broken record when it comes to encryption but it is one of our more popular products and today we’re happy to announce another quick feature that is coming.
October 1st: You can now reset your recipients accounts (PIN+Password) in Corporate Encryption.
ExchangeDefender Corporate Encryption has an alternate [ENCRYPT] flag that can allow the users to encrypt messages on demand and require the recipient to enroll in the ExchangeDefender Corporate Encryption in order to access the message. Enrollment process is quick and simple and requires the recipient to provide their name and phone number along with a selection of a password and a 4 digit PIN. This additional security step is put in place to eliminate man in the middle attacks where a hacker may have compromised the firewall, disgruntled employee is trying to spy on inbound mail, or a variety of other threatening issues. It is the ultimate layer of protection because PIN is only known to the user.
If you support ExchangeDefender Corporate Encryption, you’re going to like this feature a lot because you’ve likely had to deal with the inevitable case of a recipient forgetting both their password and their PIN. Since we have no way to verify the users identity, we’ve always processed reset requests manually. Now, this process is automated.
Just go to admin.exchangedefender.com and login as the domain administrator. If you subscribe to Corporate Encryption you will see it under the Configuration menu. Simply type in the recipients email address and their account at ExchangeDefender will be reset allowing them to enroll again.
As a security precaution, they will not be able to see emails sent to them prior to the enrollment period – only new messages after they have created their account. On the backend, there are additional checks in order to make sure that this is actually a user that receives email from your domain, etc, etc so we don’t open the door to a malicious ExchangeDefender client attempting to reset accounts of unknown contacts. Obviously there is far more going on in the background that we cannot disclose in a blog post but if you’re interested in the technology, we have patents pending on several of these and would be happy to discuss privately.
There you have it, October 1st. Another cool feature that will save a lot of time for our users while keeping everyone just a little bit safer. We’re adding more features all over the place so please stay tuned to our blog and our Facebook page.
ExchangeDefender Encryption Positioning
Email encryption is on the rise, ExchangeDefender offers two types of encryption.
Corporate Encryption
ExchangeDefender Encryption (Corporate Encryption) has been one of our hottest products for years, the demand for it is fueled by daily news of exploits, hacking, data theft and so on. Just last night, one of the largest retailers in the world was exploited and for over a month hackers stole credit cards and client information. This sort of daily reporting is creating an unprecedented demand for encryption products, with Let’s Encrypt becoming the largest SSL certificate issuer on the planet.
One thing remains, if the data you are sending or receiving is sensitive to you it’s your responsibility and best interest to assure it is protected.
When it comes to email encryption things get a bit more confusing, complicated, fragmented and unclear. One thing remains, if the data you are sending or receiving is sensitive to you it’s your responsibility and best interest to assure it is protected. Whether you’re the sender or the recipient. Unfortunately, email alone isn’t secure enough by design and <big deal>it is the most exploited and hacked medium available.</bigdeal> . Why hack a bank when I can hack your mailbox and get all your accounts, credentials, reset mechanisms, notes, private information and more?
This is where ExchangeDefender, and ExchangeDefender Encryption, become such a big deal and such a valuable <i>service</i> for your business. You can exchange emails back and forth securely, without installing any software, without requiring the recipient to install any software. Your still use your same email program, desktop, mobile phone, tablet – but your information goes from point to point in an encrypted and protected process. Not just that but you get things you typically can’t get from IT – knowing when the message was was received, when it was read, how many times it’s been read, and you get a reply in the same secure way.
Request your complimentary branded marketing collateral. Looking for something else? Give us your feedback.
It’s clear to see how easy and essential selling ExchangeDefender Encryption is: but you can’t show up empty handed. We have marketing collateral available for our partners – Click on the PDF to download.
ExchangeDefender Corporate Encryption: New Features
ExchangeDefender Corporate Encryption
ExchangeDefender Corporate Encryption now allows you to send encrypted attachments and share files securely from any device, even many of you that aren’t on Microsoft Outlook/Exchange. It was one of the more popular parts of the webinar we held yesterday (hope you had a chance to attend it, you can watch it anytime in our secure portal at https://support.ownwebnow.com)
ExchangeDefender Corporate Encryption was designed to eliminate the pain point of traditional key-based email encryption: too much software, too much management, exchange of public keys, software deployment, and more. It also eliminates the complaints about cloud based solutions that are often clunky, unfriendly, not to mention expensive. ExchangeDefender Corporate Encryption is none of those: it is friendly, affordable, requires no additional software or hardware.
And as of this week, it allows the sender and the recipient to exchange attachments so that the content is encrypted in both directions. Furthermore, because it is cloud based, you can resume work when you get back to your desk. The upgrades to the UI allow you to quickly see new messages, respond to them, or forward them elsewhere. It is truly turning into a highly secure, policy-based, email solution for businesses that require compliance and content security.
We’ve also made the UI more friendly by putting actions on top of the page so that it resembles popular webmail products end users have gotten used to for over a decade. Attachments are a lot more prominent and go both ways: not only can you send them, but when the recipient logs into our portal to reply they can attach anything they want to in response as well – assuring that content is protected and encrypted at all times.
ExchangeDefender SMTP Headers
ExchangeDefender mail flow and email analysis troubleshooting is at times a long and difficult process that has been automated through our admin portal at https://admin.exchangedefender.com. We realize that it’s not an option for some of our end users and new MSPs so we often get tickets in our support portal asking us why a certain message got delayed, rejected, classified as SPAM or allowed to get through if it had SPAM content, etc.
In order to troubleshoot an issue with a specific message we always ask for SMTP headers. The following blog post will help you find them in Outlook Web App, Outlook 2013 and Outlook 2016.
Outlook Web App
From the message listing, right click on the message and select “View Message Details”:
You will see Message details screen. Copy and paste it in the ticket and we can help you with the rest.
Outlook 2013 / Outlook 2016
From the message listing double click on the message so it pops up in it’s own Outlook window.
Then click on File and you will be shown the message file options:
Click on Properties and you will see the SMTP headers. Copy and paste it in the ticket and we can help you with the rest.
Important: Please copy and paste the contents of the screen into our support ticket instead of taking a screenshot. Sometimes the SMTP headers contain characters that are very similar (qf9mfIlI1IlI) and it can take a lot longer to locate the message rather than having a specific text search.
What happens next is that our team is able to locate the specific message in our database and then with that data do further analysis using the node that processed the message and look at all the logs generated by hundreds of different services that are analyzing every message for dangerous content.
ExchangeDefender’s New PIN Retrieval Process
About the PIN requests
Several years ago we introduced the ExchangeDefender Phone PIN support to enable our clients and partners to obtain full support over the phone as if they were in our support portal. Being able to talk to someone that can directly make any change you need to make on the go is incredibly valuable for on-the-go business manager that is typical in SMB.
Our implementation left a lot to be desired. We put the PIN in the area where few people looked. We had no system to quickly retrieve your PIN. Some of our support techs took advantage of the system to avoid helping clients. All these issues have been addressed so we wanted to go over our phone support process again.
Our Support Process
We have a typical 3 tier support system – people on the phones (Level 1), people in the support portal (Level 2), and people managing network services and software that approve overrides and make changes manually (Level 3).
When you call 877-546-0316, you will always be speaking to a Level 1 person. Their job is to be friendly and help you figure out how to get things done. In general, they will walk you through the portal, provide our manuals and walk through guides, open a ticket on your behalf, and sometimes even provide additional information about services. Their goal is to eliminate the clutter, the transfers, the “not my department, not my job” you often get when you call a company for help.
If you call our support and are active, in good standing (no late or past due invoices), with proper credentials – our team will greet you with “Thank you for calling ExchangeDefender, whom do I have the pleasure of speaking” and will try to locate your profile and your PIN. From there, we’ll take good care of you. If you don’t know your pin, or if we cannot locate you in the portal, our support will still provide basic public information about our services but is prohibited from discussing pricing, settings, passwords, company data and so on. This is for your security and protection – we’ve all experienced identity theft, people pretending to be someone else, people that have been terminated looking to sabotage their employer, etc – the PIN removes that from being an issue.
What requires a PIN?
Anything that is not public or available on our web site will require you to provide an email address and a PIN. Things that don’t require a PIN are basic answers about how our products work, where to find documentation, if there are any issues with services at the moment, how to become a partner, marketing collateral requests, etc.
Everything else that is account-confidential will require a PIN, for example:
– Getting a copy of the invoice, pricing information
– Account modification, service change, settings change
– Opening a new support ticket on your behalf
– Adding a new service or subscription
– Modifying service settings (passwords, IP addresses, credentials)
There are only two things that our support on the phone will not do regardless of whether you know your PIN or not: add a new contact to the support portal and delete any service/subscription. For legal, compliance, and past experience reasons that is a red line we cannot cross.
OK so how do I get my PIN?
You can find it in your Contact information at https://support.ownwebnow.com
If you don’t know your PIN or support password, you can request a new PIN at https://exchangedefender.com/pin
If you don’t have a contact in our portal at all, you will be provided with a PDF to provide to whoever manages the ExchangeDefender relationship in your organization.
We hope that as we introduce chat and more phone support you can still get everything you want done much faster and more efficiently – but most of all: securely.