Security Basics mailing list archives
RE: Best Practices on Web based email ?
From: Stefan Marx <marx.s () gmx net>
Date: 05 Sep 2003 01:25:26 +0200
The latter screening accounts lake hotmail.com, aol.com, Yahoo.com
... Then IMHO it is a matter of your security policy. Of course you can try to block all webmail sites that are in the internet, but there are simply to many sites that offer this service. You will end up like Sysiphus... The use of these services should be sanctioned by your policy and who gets caught while infecting your network, has to bear the consequences ;-)
From a technical view I prefer to have virus scanners running on the
single workstations and a different virus scanner on the server and of course keeping them up to date. This give me at least some security on the virus parts. Another good idea is to have a proxy for access to the web that is able to scan for viruses. Same goes for the email server. Content filters can be attached to the proxy, too. But another problem is that the webmail sites are mostly wrapped in SSL. So you can never be sure what your folks are going to view or download. It all comes back to the administrative solution, as ugly as it sounds. And keep the virus scanners running and up to date :-) Regards, Stefan --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Best Practices on Web based email ? Bill_Roswell (Sep 03)
- Re: Best Practices on Web based email ? chort (Sep 04)
- Re: Best Practices on Web based email ? Nick Warr (Sep 04)
- Re:Best Practices on Web based email ? Scott Ian P (Sep 04)
- Re: Best Practices on Web based email ? Stefan Marx (Sep 04)
- <Possible follow-ups>
- RE: Best Practices on Web based email ? Bill_Roswell (Sep 04)
- RE: Best Practices on Web based email ? Stefan Marx (Sep 04)