RE: Best Practices on Web based email ?

[Stefan Marx <marx.s () gmx net>]

> The latter screening accounts lake hotmail.com, aol.com, Yahoo.com
...
Then IMHO it is a matter of your security policy. 

Of course you can try to block all webmail sites that are in the
internet, but there are simply to many sites that offer this service.
You will end up like Sysiphus... The use of these services should be
sanctioned by your policy and who gets caught while infecting your
network, has to bear the consequences ;-)

> From a technical view I prefer to have virus scanners running on the
single workstations and a different virus scanner on the server and of
course keeping them up to date. This give me at least some security on
the virus parts. Another good idea is to have a proxy for access to the
web that is able to scan for viruses. Same goes for the email server.
Content filters can be attached to the proxy, too. 

But another problem is that the webmail sites are mostly wrapped in SSL.
So you can never be sure what your folks are going to view or download.

It all comes back to the administrative solution, as ugly as it sounds.
And keep the virus scanners running and up to date :-)

Regards,

Stefan


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------