RE: POP3
From: Burleson, Lee (IA) (Lee.Burleson@ia.ngb.army.mil)Date: 02/28/02
- Previous message: Holmes, Ben: "RE: The Best Network Scanner?"
- Maybe in reply to: Nick: "RE: POP3"
- Next in thread: Gary McKinney: "RE: POP3"
- Reply: Gary McKinney: "RE: POP3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Burleson, Lee (IA)" <Lee.Burleson@ia.ngb.army.mil> To: "'shady@netway.at'" <shady@netway.at>, "'security-basics@securityfocus.com'" <security-basics@securityfocus.com> Date: Wed, 27 Feb 2002 22:17:36 -0600
Take the following into consideration...
Given:
* POP3 authentication is clear text
* MS Exchange authenticates against NT/2000 user accounts
Therefore:
* The POP3 username & password are the same credentials used to
access network resources.
* Compromised POP3 credentials will also compromise the entire
domain.
Conclusion: POP3 is a bad idea, even in a LAN.
- Lee
-----Original Message-----
From: shady@netway.at [mailto:shady@netway.at]
Sent: Saturday, February 23, 2002 4:00 PM
To: security-basics@securityfocus.com
Subject: POP3
My users want me to to give them POP3 access via
the firewall. We have an Exchange Server runnig with
a Checkpoint Firewall. Are there any security issues
that I need to watch out
- Previous message: Holmes, Ben: "RE: The Best Network Scanner?"
- Maybe in reply to: Nick: "RE: POP3"
- Next in thread: Gary McKinney: "RE: POP3"
- Reply: Gary McKinney: "RE: POP3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
