Firewall Wizards mailing list archives
Re: POP vs IMAP vs MAPI - security through firewalls?
From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Mon, 26 Feb 2001 12:48:09 -0500
On Mon, Feb 26, 2001 at 01:44:44PM +1030, Ben Nagy wrote: ...
That doesn't help you with your security comparision, though, sorry. I wasn't aware that _any_ of those protocols were "secure" - they're all cleartext, for a start.
Part of our problem. ;-/ ...
(Neater solution: Run a Citrix box outside the firewall, run the ICA client on your SUNs and then use Citrix sessions to read mail. Solves two problems at once.)
Thanks, Ben. Interesting thought. And, is THAT protocol supposed to be fairly "secure"? ;-) I guess, what I really mean by "secure" is at several levels. First, is there any chance that something that the user hadn't intended [either data or control, either accidentally or maliciously] could ride on this protocol? Yes, I know that HTTP fails the test. We advise people to lock it down, and tell them it's their fault when [not if, I'm afraid] they ignore us. Second, is any authentication done in at least a protected manner or, better, using strong auth? The strong auth is more of a requirement incoming than outgoing. Third, is data protected? SSL and SSH and few others meet the last. In summary, where are the risks? This is almost never a yes, secure / no, not secure answer. As always, we have to try to figure out a way that the users can get what they need ["need"] without compromising the rest of the network. As always, there are external [policy] considerations that may outweigh the technical ones. Do you [or anyone] also have any pointers to documentation of the MAPI protocol per se? I know, it's an MS protocol and therefore closed by definition; but I was hoping there might have been an MRI taken somewhere to find the warts inside. ;-) -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- POP vs IMAP vs MAPI - security through firewalls? Joseph S D Yao (Feb 25)
- RE: POP vs IMAP vs MAPI - security through firewalls? Chris Crozier (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Joseph S D Yao (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Michael Nelson (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Patrick Darden (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Rick Murphy (Feb 26)
- <Possible follow-ups>
- RE: POP vs IMAP vs MAPI - security through firewalls? Ben Nagy (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Joseph S D Yao (Feb 26)
- RE: POP vs IMAP vs MAPI - security through firewalls? Jan van Rensburg (Feb 26)
- RE: POP vs IMAP vs MAPI - security through firewalls? Chris Crozier (Feb 26)