Re: POP3 Security Issues

[Ian Poynter <ian () jerboa com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 08:55 AM 11/16/98 -0500, mreiter () gwillness osd mil wrote:
> My users want to use POP3 over the internet to access their e-mail through
> our firewall.  There is a POP3 proxy built in to the firewall (not
> currently on), but I am leery of ANY access through the firewall over the
> internet.  Does anyone know of security issues surrounding this?

My main issue is that if users are using the same passwords on their POP
servers outside as on the inside, allowing POP-3 allows someone on the net
to potentially sniff the passwords.  

Of course, since you can't stop them using their POP accounts from home,
this is kind of a moot point...  It does highlight how complicated password
management can be, however ;-).

Ian


- -----
Ian Poynter                                        ian () jerboa com
Jerboa, Inc.                                      +1-617-492-8084
PO Box 382648, Cambridge, MA 02238          http://www.jerboa.com
Providing unbiased Internet consulting for businesses.
Fingerprints RSA: BA 0C 82 C5 F2 03 3D 95  7C CE FD D3 57 4E 15 73
           DSS: 2769 277A 9F69 F605 3743  D574 C8F5 C147 17D4 76B7
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5.2
Comment: Jerboa Inc. keys can be found in certserver.pgp.com

iQA/AwUBNmB3t8j1wUcX1Ha3EQIZMACfYNPu8B5tNoo+pmfUqDT6q11qpS8An2ZK
AJF44NQoP998LeGWaCq3vZ3p
=Cxmv
-----END PGP SIGNATURE-----