View blogs | Login

How to Monitor Secure Logins

As an administrator, it's crucial for all of your users to make sure they are connected securely. Data being compromised is no joke; sensitive information such as credit card, social security, tax return numbers and even passwords are exchanged through multiple devices where it can be leaked if the users are connected unsecured. This results in breached attacks, such as identity theft, and compromised user accounts. According to INC.com, over 2.5 Billion user accounts have been hacked in the year 2019. To prevent data breaches, confirm all of your users are not connecting to your server unsecured.


Monitoring Secure Logins Users can connect to your mail server with multiple devices. This include desktop computers, laptops, and mobile devices.

Monitoring Users

In an email server, users login through multiple channels:
  • IMAP
  • POP3
  • SMTP
  • HTTP
Most passwords are hacked because users are not very careful when connecting to the server through each channel. Users often connect unsecurely. Xeams makes it easier to identify users who are not logging in securely. The SuccessfulLogins.log will record any user that entered their credentials correctly. This includes SMTP, HTTP, IMAP and POP3. This is useful to find out which user logged in during a specific time, and if they are logging in securely or not.

Here's an example of how the contents of the log file will look like:

2020-07-24 16:12:25,189 - [IMAP] {SECURE} - mary@mydomain.com - 10.11.12.110 (LAN)
2020-07-25 09:02:29,287 - [IMAP] {SECURE} - charle@mydomain.com - 75.76.77.78 (United States)
2020-07-25 09:12:36,662 - [SMTP] {SECURE} - charle@mydomain.com - 10.11.12.105 (LAN)
2020-07-26 16:12:37,250 - [IMAP] {SECURE} - jimmy@mydomain.com - 79.80.81.82 (United States)
2020-07-26 16:12:45,389 - [IMAP] {SECURE} - sue@mydomain.com - 10.11.12.125 (LAN)
2020-07-27 09:12:46,293 - [HTTP] {SECURE} - derek@mydomain.com - 79.77.75.73 (United States)
2020-07-28 12:12:46,946 - [HTTP] {SECURE} - michael@mydomain.com - 10.11.12.115 (LAN)
2020-07-28 16:12:02,759 - [IMAP] {UNSECURE} - bob@mydomain.com - 10.11.12.102 (LAN)
2020-07-28 16:15:52,132 - [HTTP] {SECURE} - bob@mydomain.com - 10.11.12.102 (LAN)


In the example above, all the users except for bob did not log in securely for IMAP. Investigating further, their email client is not connected to Xeams IMAP SSL server:



After making adjustments, the log file now shows the correct value:

2020-07-28 16:12:02,759 - [IMAP] {UNSECURE} - bob@mydomain.com - 10.11.12.102 (LAN)
2020-07-28 16:15:52,132 - [HTTP] {SECURE} - bob@mydomain.com - 10.11.12.102 (LAN)
2020-07-28 16:42:02,759 - [IMAP] {SECURE} - bob@mydomain.com - 10.11.12.102 (LAN)


Video

If you are unclear with the instructions above, please see the video that demonstrates this feature:

Tip

View this log and search for the word UNSECURE. This will help you find any connections that were logged in unsecured.



Note: In order to use SSL/Starttls, you will need a valid SSL certificate. Please see this page on how to obtain one.

Summary

Users only care about being able to successfully connect to the email server so that they can receive and send emails. Because of this, users are not aware if they did login with SSL or not. This creates a problem where users are logging in unsecured, leaving them vulnerable to leaking sensitive information and attacks. With Xeams, administrators can monitor any unsecured logins by inspecting log files, thus reducing any vulnerabilities of getting their accounts breached. This logging makes it much easier to see who did not securely accessed your server.


Created on: Sep 14, 2020
Last updated on: Nov 28, 2020

LEAVE A COMMENT

Your email address will not be published.