Firewall Wizards mailing list archives
Re: POP vs IMAP vs MAPI - security through firewalls?
From: Rick Murphy <rmurphy () mitretek org>
Date: Mon, 26 Feb 2001 08:38:14 -0500
At 05:06 PM 2/22/2001 -0500, Joseph S D Yao wrote:
Is anyone aware of any verifiable security testing that's been done on MAPI? Is it in fact "more secure" than POP3 and IMAP4? You needn't tell me that the latter two have security vulnerabilities - I've heard this - but details would help [I haven't collected those], and if there is a comparison to MAPI that would be so much the better. Is MAPI that much better? [It had better be, to use up 7+ ports! ;-(]
MAPI is an API, not a protocol. What they're actually asking for is for you to permit Microsoft RPC through the firewall.
Port 135 is the location service (portmapper equivalent)Port 137-139 are the NetBIOS ports; the 50000 ports are the Exchange server RPC endpoints.
Why it's "more secure" is purely because the authentication is challenge-response rather than passwords in the clear; from my point of view, APOP is equivalent.
Hope this helps. -Rick _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- POP vs IMAP vs MAPI - security through firewalls? Joseph S D Yao (Feb 25)
- RE: POP vs IMAP vs MAPI - security through firewalls? Chris Crozier (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Joseph S D Yao (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Michael Nelson (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Patrick Darden (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Rick Murphy (Feb 26)
- <Possible follow-ups>
- RE: POP vs IMAP vs MAPI - security through firewalls? Ben Nagy (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Joseph S D Yao (Feb 26)
- RE: POP vs IMAP vs MAPI - security through firewalls? Jan van Rensburg (Feb 26)
- RE: POP vs IMAP vs MAPI - security through firewalls? Chris Crozier (Feb 26)