Hello, I think I've got an easy one here but I need some help figuring out some technical issues and translating them to management and others. We run Novell GroupWise (!) internally and one of its "features" is the support of various client platforms, including a browser- based client (FYI, our web environment is Netscape Enterprise on Solaris with a Secure Computing Sidewinder for our firewall). A team was formed to organize a company-wide migration to GroupWise 5.5 and one of their ideas was to allow access through the firewall to each individual's e-mail box via the web client. I, of course, had a little problem with that. The mechanism for access, with or without a firewall involved, is that a user goes to a web page that calls an executable that in turn presents the user with an HTML form-based login page. Authentication is accomplished by the default Group- Wise mechanisms. My problem with allowing this product to be used through our firewall is primarily that GroupWise authentication is weak, to be polite. Thus, even though I can authenticate our external web server through to the back-end GroupWise server and encrypt everything in between via SSL, it doesn't solve the problem that I don't have a good (enough) idea who initiated the conversation (login) in the first place. I'm also not able to do even IP address restriction, either at the router or the web server because access is supposed to be granted to users with home machines that could be dialed in to God-knows-which ISP. What else can you guys think of that is completely stupid about this proposal - or isn't it? Without knowing our security policy, what could be done to make this more secure? Radius server? Software/hardware tokens on the client side? Thanks for any info/advice you can give. Brent Stackhouse Sys Admin Texas Association of School Boards Austin, Texas - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
