Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: SMTP Proxies and Application Proxies for Lotus

From: Joseph Steinberg <Joseph () whale-com com>
Date: Wed, 18 Jun 2003 10:40:04 -0400

Thank you for the compliments on the article. 

Vis-à-vis the Air Gap platform -- rather than repeat the same discussion
that we all had several years ago -- let's simply agree that if you have a
secure hardware architecture (to deal with level 2-4 attacks) and you add
Lotus-optimized application-filtering to prevent application-level attacks
by hackers and worms, browser-side security (to prevent leakage of data on
the user's access device), offload SSL from the Lotus servers to a
centralized appliance, and overlay strong authentication, you will gain a
much more secure platform for remote access to Lotus servers than by simply
putting a reverse proxy or generic so-called "SSL VPN" in place.

----------------------------------------------------------------------------
-
            _.._
           (_.-.\         Joseph Steinberg
       .-,       `        Director of Technical Services
  .--./ /     _.-""-.     Whale Communications
   '-. (__..-"       \
      \          a    |   joseph () whale-com com
       ',.__.   ,__.-'/   http://www.whalecommunications.com
         '--/_.'----'`    

----------------------------------------------------------------------------
-

Message: 4
Date: Tue, 10 Jun 2003 21:35:31 -0400 (EDT)
From: Paul Robertson <proberts () patriot net>
To: Ben Nagy <ben () iagu net>
Cc: firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus
 Domino

On Tue, 10 Jun 2003, Ben Nagy wrote:


Actually, though, the article linked from that page (including a snazzy
picture of Mr Steinberg) "Secure Remote Access to Domino" is a very good
overview, if you cover your ears and go 'la la la la' when you get to the
'airgap' bits.


I knew that phrase would cause problems, but since he directly met the 
criteria of the original query, I let the message through- I'm going to 
*not* let the "airgap" argument flare up (unless Mr. Steinberg *wants* to 
take on all-comers, in which case he's entitled to the deathmatch that 
ensues, I *know* there's a line, and I'll be standing in it.)


solution that does nothing but simple SMTP relay. Jeff - clearly you know
you should use a stripped open source box running qmail or postfix. Why

not

pay a local place to paint something red? ;)


Some folks just can't deal with Open Source- they can get a commercial 
Linux thing, or they can call Postfix the "IBM Secure Internet Mailer," 
which is my "FTP takes too many ports" for mail systems ;)

Paul
----------------------------------------------------------------------------
-
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: