Firewall Wizards mailing list archives

Re: POP vs IMAP vs MAPI - security through firewalls?

From: Rick Murphy <rmurphy () mitretek org>
Date: Mon, 26 Feb 2001 08:38:14 -0500

At 05:06 PM 2/22/2001 -0500, Joseph S D Yao wrote:

Is anyone aware of any verifiable security testing that's been done on
MAPI?  Is it in fact "more secure" than POP3 and IMAP4?  You needn't
tell me that the latter two have security vulnerabilities - I've heard
this - but details would help [I haven't collected those], and if there
is a comparison to MAPI that would be so much the better.  Is MAPI that
much better?  [It had better be, to use up 7+ ports!  ;-(]

MAPI is an API, not a protocol. What they're actually asking for is for youto permit Microsoft RPC through the firewall.

Port 135 is the location service (portmapper equivalent)

Port 137-139 are the NetBIOS ports; the 50000 ports are the Exchange serverRPC endpoints.

Why it's "more secure" is purely because the authentication ischallenge-response rather than passwords in the clear; from my point ofview, APOP is equivalent.


Hope this helps.
        -Rick

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

POP vs IMAP vs MAPI - security through firewalls? Joseph S D Yao (Feb 25)
- RE: POP vs IMAP vs MAPI - security through firewalls? Chris Crozier (Feb 26)
  - Re: POP vs IMAP vs MAPI - security through firewalls? Joseph S D Yao (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Michael Nelson (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Patrick Darden (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Rick Murphy (Feb 26)
- <Possible follow-ups>
- RE: POP vs IMAP vs MAPI - security through firewalls? Ben Nagy (Feb 26)
  - Re: POP vs IMAP vs MAPI - security through firewalls? Joseph S D Yao (Feb 26)
- RE: POP vs IMAP vs MAPI - security through firewalls? Jan van Rensburg (Feb 26)