Firewall Wizards mailing list archives
RE: Re: SMTP Proxies and Application Proxies for Lotus
From: Joseph Steinberg <Joseph () whale-com com>
Date: Wed, 18 Jun 2003 10:40:04 -0400
Thank you for the compliments on the article. Vis-à-vis the Air Gap platform -- rather than repeat the same discussion that we all had several years ago -- let's simply agree that if you have a secure hardware architecture (to deal with level 2-4 attacks) and you add Lotus-optimized application-filtering to prevent application-level attacks by hackers and worms, browser-side security (to prevent leakage of data on the user's access device), offload SSL from the Lotus servers to a centralized appliance, and overlay strong authentication, you will gain a much more secure platform for remote access to Lotus servers than by simply putting a reverse proxy or generic so-called "SSL VPN" in place. ---------------------------------------------------------------------------- - _.._ (_.-.\ Joseph Steinberg .-, ` Director of Technical Services .--./ / _.-""-. Whale Communications '-. (__..-" \ \ a | joseph () whale-com com ',.__. ,__.-'/ http://www.whalecommunications.com '--/_.'----'` ---------------------------------------------------------------------------- - Message: 4 Date: Tue, 10 Jun 2003 21:35:31 -0400 (EDT) From: Paul Robertson <proberts () patriot net> To: Ben Nagy <ben () iagu net> Cc: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus Domino On Tue, 10 Jun 2003, Ben Nagy wrote:
Actually, though, the article linked from that page (including a snazzy picture of Mr Steinberg) "Secure Remote Access to Domino" is a very good overview, if you cover your ears and go 'la la la la' when you get to the 'airgap' bits.
I knew that phrase would cause problems, but since he directly met the criteria of the original query, I let the message through- I'm going to *not* let the "airgap" argument flare up (unless Mr. Steinberg *wants* to take on all-comers, in which case he's entitled to the deathmatch that ensues, I *know* there's a line, and I'll be standing in it.)
solution that does nothing but simple SMTP relay. Jeff - clearly you know you should use a stripped open source box running qmail or postfix. Why
not
pay a local place to paint something red? ;)
Some folks just can't deal with Open Source- they can get a commercial Linux thing, or they can call Postfix the "IBM Secure Internet Mailer," which is my "FTP takes too many ports" for mail systems ;) Paul ---------------------------------------------------------------------------- - Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Re: SMTP Proxies and Application Proxies for Lotus Joseph Steinberg (Jun 22)
- RE: Re: SMTP Proxies and Application Proxies for Lotus Marcus J. Ranum (Jun 23)