RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus
From: Joseph Steinberg (Joseph_at_whale-com.com)
Date: 06/18/03
- Previous message: Chris Hummel: "Re: [fw-wiz] Nokia and Cluster for Checkpoint"
- Next in thread: Marcus J. Ranum: "RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus"
- Reply: Marcus J. Ranum: "RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Wed, 18 Jun 2003 10:40:04 -0400
Thank you for the compliments on the article.
Vis-à-vis the Air Gap platform -- rather than repeat the same discussion
that we all had several years ago -- let's simply agree that if you have a
secure hardware architecture (to deal with level 2-4 attacks) and you add
Lotus-optimized application-filtering to prevent application-level attacks
by hackers and worms, browser-side security (to prevent leakage of data on
the user's access device), offload SSL from the Lotus servers to a
centralized appliance, and overlay strong authentication, you will gain a
much more secure platform for remote access to Lotus servers than by simply
putting a reverse proxy or generic so-called "SSL VPN" in place.
----------------------------------------------------------------------------
-
_.._
(_.-.\ Joseph Steinberg
.-, ` Director of Technical Services
.--./ / _.-""-. Whale Communications
'-. (__..-" \
\ a | joseph@whale-com.com
',.__. ,__.-'/ http://www.whalecommunications.com
'--/_.'----'`
----------------------------------------------------------------------------
-
Message: 4
Date: Tue, 10 Jun 2003 21:35:31 -0400 (EDT)
From: Paul Robertson <proberts@patriot.net>
To: Ben Nagy <ben@iagu.net>
Cc: firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus
Domino
On Tue, 10 Jun 2003, Ben Nagy wrote:
> Actually, though, the article linked from that page (including a snazzy
> picture of Mr Steinberg) "Secure Remote Access to Domino" is a very good
> overview, if you cover your ears and go 'la la la la' when you get to the
> 'airgap' bits.
I knew that phrase would cause problems, but since he directly met the
criteria of the original query, I let the message through- I'm going to
*not* let the "airgap" argument flare up (unless Mr. Steinberg *wants* to
take on all-comers, in which case he's entitled to the deathmatch that
ensues, I *know* there's a line, and I'll be standing in it.)
> solution that does nothing but simple SMTP relay. Jeff - clearly you know
> you should use a stripped open source box running qmail or postfix. Why
not
> pay a local place to paint something red? ;)
Some folks just can't deal with Open Source- they can get a commercial
Linux thing, or they can call Postfix the "IBM Secure Internet Mailer,"
which is my "FTP takes too many ports" for mail systems ;)
Paul
----------------------------------------------------------------------------
-
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Chris Hummel: "Re: [fw-wiz] Nokia and Cluster for Checkpoint"
- Next in thread: Marcus J. Ranum: "RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus"
- Reply: Marcus J. Ranum: "RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
