So, there is always this conflict over whether accounts for email (POP3, IMAP) should be tied to your normal account. In most situations, companies are trying to consolidate accounts. And companies with directories (be it LDAP or AD) definitely see this trend continuing. Yet, there is the risk that a compromised email password will then compromise the network.
Now, let's assume that the communication channel is encrypted with SSL. That should just be a given. But we still have the issue of people having passwords stored on their phones, laptops, home computers, etc., for their email. I know I've had several phones lost in the past few years. None had my network information, but that could have been there. What are your thoughts on whether email accounts should be separate from normal network accounts? Pros? Cons? Should companies just not allow external access to email via POP or IMAP and just require Webmail access so users have to manually enter passwords? Does that solve the real problem? I'm interested in hearing what everyone has to say. --- Puryear Information Technology, LLC Baton Rouge, LA * 225-706-8414 http://www.puryear-it.com Author: "Best Practices for Managing Linux and UNIX Servers" "Spam Fighting and Email Security in the 21st Century" Download your free copies: http://www.puryear-it.com/publications.htm
