Currently we have SMTP service only allowed between our exchange server and
the ISP mail server. This firewall rule is working fine and we have had no
security incidents with this arrangement. Due to the usual political masters
which are this company they wish to enable POP3 service on our exchange
server so that executives at home could retrive their mail on the company
exchange server. We would have to allow the POP3 service on the firewall
available to the internet to make this work.
I know that this bad security practice to allow the POP3 service to come in,
but I need additional internet white papers, concrete evidence, best
practices info on why we should not allow this.
Any additional info anybody has would be most appreciated and also lessons
on how to deal with political masters.
Peter Watson
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
