Thanks Darryl,
so, may I sugest webmail access ? Is it possible to encript that traffic
wiht some https ? How can I advice secure email download without using VPNs
? Is it necessaire to use digital certificates (I think it may be used but
I've never done) or is there other forms ?
Thanks in advance,
Daniel Cen�culo
Darryl Luff
Sent by: To: [EMAIL PROTECTED]
darryll cc:
Subject: Re: pop3
06-02-2002
02:08
Hi Daniel,
POP3 authentication and message content is not encrypted in any way, so
any third party in the data path between the server and the client can
read both the emails and the account username/passwords.
To decide whether that's OK or not, you have to consider what risk this
involves for your company.
Someone sniffing the POP3 traffic will be able to:
1. Read all the email. Is there any data there that you or your company
would not want an unauthorised third party to read?
2. Capture the POP3 usernames and passwords. What can they do with
these? eg. If the CEO checks his mail, you (or anyone else) will be able
to get his username and password. Is that a worry?
If your company is happy with these things, then they should be
confident about allowing POP3 access.
If the mail server is on the internal network, it means that when
someone breaks into it from the internet, they are on your internal
network and can do whatever they want. If they're on the DMZ, they
should be at least partly contained. The level of containment depends on
your firewall rules, and on what else is on the DMZ that they could get
to.
Darryl Luff
CDM Security Group
[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
>
> Hi,
>
> I've installed a firewall and I want to permit that users may consult
their
> email from home. Is is correct to give them access from home with pop3 ?
> What are the riscs with the email server on the internal network or in
DMZ
> ?
>
> Thanks in advance,
> Daniel Cen�culo
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
