> That is what I want to do. However, people are bypassing. Oh common users *never* try to do that ;)
> They can access via their home computer. The difference is the home > computer is not on their hip around town with a much greater chance of > getting lost or stolen. I guess management is certain that none of your users have a personal laptop that they bring into starbucks or on vacation. > Also, unlike a browser based view, the method they are using is > downloading every message, as well as storing the password. I hope it isn't breaking news that all three of the top browsers (IE, Firefox, Opera) will save user login information. Hmmm, what about that pesky cache directory... > So with the blackberry, they aren't just accessing the webpage (in the > classic sense) I hope that smart aleck John Doe from accounting doesn't figure out how to use foo mail utility he found on file forum, or powershell or Perl or Python scripting or ... Darnit, is that Jane over there taking CSC classes at the local community college? Yikes, and they're learning about networking and http too!? I'm not trying to be denigrating here, but hopefully you'll see some of the very real possibilities. (FYI: no less than three non-IT personnel here are doing exactly what I am talking about in the latter example). I think the bottom line is that your problem is one of policy, not of inadequate technical solutions. You will have to spearhead a paradigm shift away from a reactive and security-through-obscurity based culture to one of proactive and decisive control. One way to start is locking certain things behind a VPN. Then, make sure that policy requires the CEO or some other high level executive to sign off on requests for access. Many users won't even ask. :) At worst, make it policy not to access corporate email via BIS. When people do it anyway, document and write them up. When people complain about performance point at the policy; point at lack of support and enforcement from management. You don't have to be offensive, but do lay the facts on the table. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
