Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: POP vs IMAP vs MAPI - security through firewalls?

From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Mon, 26 Feb 2001 12:48:09 -0500
On Mon, Feb 26, 2001 at 01:44:44PM +1030, Ben Nagy wrote:
...

That doesn't help you with your security comparision, though, sorry. I
wasn't aware that _any_ of those protocols were "secure" - they're all
cleartext, for a start. 


Part of our problem.  ;-/

...

(Neater solution: Run a Citrix box outside the firewall, run the ICA client
on your SUNs and then use Citrix sessions to read mail. Solves two problems
at once.)


Thanks, Ben.  Interesting thought.  And, is THAT protocol supposed to
be fairly "secure"?  ;-)

I guess, what I really mean by "secure" is at several levels.  First,
is there any chance that something that the user hadn't intended
[either data or control, either accidentally or maliciously] could ride
on this protocol?  Yes, I know that HTTP fails the test.  We advise
people to lock it down, and tell them it's their fault when [not if,
I'm afraid] they ignore us.  Second, is any authentication done in at
least a protected manner or, better, using strong auth?  The strong
auth is more of a requirement incoming than outgoing.  Third, is data
protected?  SSL and SSH and few others meet the last.  In summary, where
are the risks?  This is almost never a yes, secure / no, not secure
answer.

As always, we have to try to figure out a way that the users can get
what they need ["need"] without compromising the rest of the network.
As always, there are external [policy] considerations that may outweigh
the technical ones.

Do you [or anyone] also have any pointers to documentation of the MAPI
protocol per se?  I know, it's an MS protocol and therefore closed by
definition; but I was hoping there might have been an MRI taken
somewhere to find the warts inside.  ;-)

-- 
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: