RE: [FW1] Open Lotus Port inbound?

Fri, 01 Sep 2000 08:55:29 -0700 


It's my personal opinion you should throw the implementer and his crew out
of the project (and out of your office).  SecuRemote is definitely not hard
to set up; a monkey could click through the setup options and define a site.
If you use securemote to get to the lotus server-- that's alright.  I highly
suggest you -NOT- allow any other traffic other than SMTP from the internet
to that lotus server.  It would be optimal to stick an smtp relay in the DMZ
to forward the incoming mail to the lotus server.  The lotus server should
definitely sit on the internal network because it contains too much
information to be in the DMZ.  The relay in the DMZ would greatly reduce the
risk of compromise since no one would be allowed to connect to the internal
network. 

Why would you want to allow lotus traffic to the server from the Internet?

-Warren.

-----Original Message-----
From: Peter Goodridge [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 01, 2000 10:40 AM
To: firewall list
Subject: [FW1] Open Lotus Port inbound?



We are installing Lotus Notes to replace our current
e-mail system.  The people running the project want
allow employees to come though the firewall using a
browser and/or the lotus client without using
Securemote, etc.  Their claim is that because it is
encrypted it's perfectly safe, and SR is too hard to
install.

I can probably talk them out of of the web server
idea, but opening the lotus port inbound is going to
be a harder battle.  I doubt they'll want to set up a
server in the DMZ either.

Could I get some input on how disingenuous, I'm mean
counter productive, I'm mean contra-indicated....O.K.
how stupid this idea is?

THX,
Pete Goodridge

__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to