Re: Securing Corporate Web Based Email

[sil <jesus () resurrected us>]

On Thu, 29 Jan 2004, Meritt James wrote:

> A number of places are with their people not realizing they are.
> Consider web interfaces to a corporate mail system...
>
> Jim
>
> Jeff McLaughlin wrote:

IMO, Configuring something similar to say OpenWebmail via SSL is
definitely worth looking into. I have a couple of sites which users
are using web based mail via SSL and other sites where users need to
access things like say http://www.somesite.foo/config*, http://*/admin.*
and I've set up SQUID using the auth options with static addresses for
those who need to make changes, everyone else gets redirected via
mod_security, and .htaccess files.

Same follows for those who I allow to access web mail. (.htaccess, ipf
rules, and SQUID based auth) Firewalls can be configured to allow certain
blocks for those who don't have static addresses, and for those who
don't, using their address ranges, one can narrow things down to times
someone checks their mail and allow that range in within that specified
time.

I'm wondering how many admins/sec engineers monitor log events just for
the sake of understanding what is going on within their networks. For
instance, on my PERSONAL sites, I always have had the habits of tail
-f'ing various logs to see in real time what is happening in order to make
my sites/networks more effective for the end user and for myself.

One can understand the actions of users based on repetitiveness at times,
and configure things from there, as well as get an understanding if
someone is trying to `beat the system' if you will, and address things
from there on.

When it comes to corporate mail systems however, too many fortune 500's
will shoot down the notions of using programs such as Open Web mail due to
FUD. (Not understanding the workings of the program, the whole open source
concept is foreign, unexperienced admins don't have a clue as to how to
set them up, etc.)



=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Quis custodiet ipsos custodes? - Juvenal

J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D

sil @ politrix . org    http://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------