Firewall Wizards mailing list archives
Re: POP3 Security Issues
From: Ian Poynter <ian () jerboa com>
Date: Sat, 28 Nov 1998 17:22:47 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 08:55 AM 11/16/98 -0500, mreiter () gwillness osd mil wrote:
My users want to use POP3 over the internet to access their e-mail through our firewall. There is a POP3 proxy built in to the firewall (not currently on), but I am leery of ANY access through the firewall over the internet. Does anyone know of security issues surrounding this?
My main issue is that if users are using the same passwords on their POP servers outside as on the inside, allowing POP-3 allows someone on the net to potentially sniff the passwords. Of course, since you can't stop them using their POP accounts from home, this is kind of a moot point... It does highlight how complicated password management can be, however ;-). Ian - ----- Ian Poynter ian () jerboa com Jerboa, Inc. +1-617-492-8084 PO Box 382648, Cambridge, MA 02238 http://www.jerboa.com Providing unbiased Internet consulting for businesses. Fingerprints RSA: BA 0C 82 C5 F2 03 3D 95 7C CE FD D3 57 4E 15 73 DSS: 2769 277A 9F69 F605 3743 D574 C8F5 C147 17D4 76B7 -----BEGIN PGP SIGNATURE----- Version: PGP for Business Security 5.5.2 Comment: Jerboa Inc. keys can be found in certserver.pgp.com iQA/AwUBNmB3t8j1wUcX1Ha3EQIZMACfYNPu8B5tNoo+pmfUqDT6q11qpS8An2ZK AJF44NQoP998LeGWaCq3vZ3p =Cxmv -----END PGP SIGNATURE-----
Current thread:
- POP3 Security Issues mreiter (Nov 27)
- Re: POP3 Security Issues Jason Axley (Nov 29)
- Re: POP3 Security Issues Nicholas Brawn (Nov 30)
- Re: POP3 Security Issues klynn (Nov 30)
- Re: POP3 Security Issues Frederick M Avolio (Nov 29)
- Re: POP3 Security Issues Jan B. Koum (Nov 30)
- Re: POP3 Security Issues Ian Poynter (Nov 29)
- <Possible follow-ups>
- Re: POP3 Security Issues Steven M. Bellovin (Nov 29)
- Re: POP3 Security Issues reynhout (Nov 29)
- Re: POP3 Security Issues Jason Axley (Nov 29)