[ngw] GAFE security vs GW security

Joseph Marton jmmarton at gmail.com
Sun Feb 1 16:05:35 UTC 2015


No, you can't retract the message (once it's been opened).  But as an
administrator, you can delete the message from everyone's mailbox.  And
once that happens, when mobile devices sync, the items will be removed from
the mobile device as well.  The ITEMPURG feature would do exactly what IT
couldn't do here.  And yes, it's a sledgehammer approach, but when a
security issue arises that may be what's called for.

Joe

On Sun, Feb 1, 2015 at 9:50 AM, Jeffrey Sessler <jeff at scrippscollege.edu>
wrote:

> Joe,
>
> I'm not sure what your point was here. Even with GW, the damage would have
> been done, and there would be no undoing this issue. Sure, back in a day
> where email was only accessed by the native clients, bulk removing of a
> message was a decent way to undo something unfortunate. Today, with a lot
> of the access being via BYOD, within seconds of the message being sent it's
> already transferred to hundreds/thousands of devices with no way to get it
> back i.e. "third-party downloaded" in GW speak.
>
> I also believe that GAFE has a way to do this with filters, made simpler
> if using something like FlashPanel. Create a filter for the problem email,
> push it to all the users... poof, message is gone from user inboxes, but
> not from all the devices that have downloaded it. Likely, the technology
> department didn't know how to do it. Clearly the GW method isn't well known
> either as it's asked about in the support forms time and time again.
>
> Also, it should be pointed out that:
>
> 1) Distribution list security in GW is a mixed bag - sometimes it works,
> sometimes it doesn't. I can't remember if it's because the code is in the
> client, so something like the xplat client bypasses it.
> 2) A user can bulk-select individuals from the GW address book, so
> disabling wildcard just makes it a little more work.
> 3) I've never known itempurg to work in a matter of minutes. It's always
> been hours for me, and by the time it's done, it's too late anyway.
> 4) itempurg has no additional control for date, sender, etc. It's a sledge
> hammer, so if the subject is nondescript e.g. "Hello", or no subject, then
> it's going to get items that people may want to keep. On the other hand,
> both GAFE and Office365/Exchange offer expression-based search/removal,
> allowing an admin to directly target the problematic message.
>
> All the article says to me is that the district's IT staff didn't figure
> it out - and they could have been using GAFE, GW, Office365, etc. and the
> result would have been the same.
>
> What your email did is remind me that itempurrg is one of those areas that
> really needs some work.
>
> Jeff
>
>
> >>> On Saturday, January 31, 2015 at 8:25 AM, in message
> <CAMYRAPPvSdeJ33WUK++QdQwaQB=P759VHn=MfBiKhxaoc1yQcQ at mail.gmail.com>,
> Joseph Marton <jmmarton at gmail.com> wrote:
>
> All,
>
> There's an interesting article in the news here in Chicago about a Chicago
> area high school student who sent a pornographic image to about 5,000
> students in two high schools within that district.
>
>
> http://www.chicagotribune.com/suburbs/schaumburg-hoffman-estates/news/ct-high-school-student-charged-met-20150130-story.html
>
> Here's a really interesting part of the story: "The district's technology
> department workers had tried to remove the email directly from the student
> accounts but were not able to do so, officials said."
>
> I did some poking around and the district uses GAFE so I'm not surprised
> that the IT department wasn't able to remove the item from everyone's
> mailboxes. Of course, if they were running GW, it would be very easy to do
> this with GWCheck utilizing the ITEMPURG feature. So a couple of things can
> be learned by this security incident for those of you who have either
> already adopted GAFE or are thinking about it.
>
> - With GW, prevent security problems and cyberbullying incidents by
> disabling wildcard addressing and setting security on distribution lists so
> that students can't send mass e-mails in the first place.
> - With GW, if you don't do the preventative measures, you can always remove
> the offending e-mails en masse within a matter of minutes.
>
> Thanks.
>
> Joe
> _______________________________________________
> ngw mailing list
> ngw at ngwlist.com
> http://ngwlist.com/mailman/listinfo/ngw
>
> _______________________________________________
> ngw mailing list
> ngw at ngwlist.com
> http://ngwlist.com/mailman/listinfo/ngw
>
>


More information about the ngw mailing list