GroupWise Rules are extremely useful--they allow you to automate the organization of much of your emails coming in and going out. But, there is a security issue that every GroupWise administrator should be aware of concerning Rules.

Let me tell you a short story to illustrate the point.

I worked for a company that was made up of GroupWise geeks, and we all knew the product extremely well. One day, one of the new sales guys went to lunch and left his computer turned on (everyone did it since there wasn't much of a security risk with only a handful of employees and we all sat at desks in an open area without cubicles or walls).

Someone (I plead the fifth) slipped over to the salesperson's machine where they had left GroupWise running--a few taps of the keys and a few seconds later and the practical joke was put in place.

The salesperson came back from lunch, as did most everyone else. Only a couple of us were in on the joke. Things went along fine for about an hour when someone sent the salesperson an email asking them what they did for lunch.

The next thing you know the salesperson has sent an email out to everyone at the company talking about how much he likes himself and that he is such a stud with the ladies.

A few heads looked up in confusion from their machines, but the sales person seemed oblivious to anything going on. No one said anything and everyone shrugged and went back to work. A few minutes later another email was sent to the sales person asking their advice about comparing two products, something about apples and oranges.

Next thing you know another email goes out to the company from the salesperson's account, this time describing the wonderful time he had had on a date the weekend before.

This time someone made a comment and asked him what he was doing. He looked up with a blank stare, still oblivious that anything was happening.

The GroupWise Admin got involved, then the operations guy, then the President of the company. It appeared to everyone that a virus or intruder had hacked the network and was sending out emails from the salesperson's computer. Things became tense...

OKAY, I CONFESS, I DID IT!!

But what was it that I did that would allow me to control another person's email account?

The first guess that anyone would make would be Proxy settings. Good guess, but wrong. However, it will be a great topic for another article.

If not Proxy settings, then I must have changed the password. Nope, that would have alerted him to something. I didn't know the password.

Okay, you have guessed it by reading the beginning of the article: Rules, I modified the this account's Rules inside of GroupWise.

RULES? How could I do this with Rules?

I went into the person's GroupWise, opened Tools|Rules, and then created two new Rules.

The first Rule said, "If ever an email is received with the word 'LUNCH' in the subject line, then send an email to the user 'ALL' with the following text," and then I entered in the text about the salesperson being a ladie's man.

The second rule was just like the first except the key words were "Apples" and "Oranges". Email comes in looking innocent and goes out to "ALL" with the latest weekend exploits, which were fabricated since I didn't have that kind of access.

We all laughed it off and walked away thinking how clever I was. okay, I thought I was clever and everyone else thought I was a pain, but that episode has stayed with me because there is something about it that bothers me and should bother you also.

Tell me, when was the last time you looked closely at your Rules? If a Rule was placed there, would you be able to notice it quickly? Sure if you only have one or two, but if you have a dozen rules filing and filtering then it would be easy to hide one or to modify a current one with additional actions that you wouldn't be aware of.

I did a test this morning to see how bad it could be. You can create a rule that says to execute each time you send an email to someone. And the execution of the rule is to forward a copy of the email that you just sent to a Hotmail account outside of your organization. A second Rule could be created or modified that would delete the sent items of any of those outbound Hotmail emails.

Someone could gain access to an unsuspecting computer, modify the rules to send a copy to the anonymous email address, and cover their tracks. It would be a longtime until someone took notice of how this was happening, especially because you would never be able to tell who set up the Rule in the first place.

VERTIGO is a Security Management Tool for GroupWise from GWAVA that allows a GroupWise administrator to quickly generate a report on all the Rules being used by an individual, a post office or a domain. This allows only a quick glance to identify if an email policy is being violated by emails going outside of the company or some other odd use of a Rule.

Rules are a great tool, but careless security practices by End Users or focused efforts by an unethical employee can result in the Rules being abused to steal information from the company.

You can find out more information about VERTIGO, the GroupWise Security Management Tool, at www.gwava.com/vertigo.