RE: email fowarding
From: Wilbur M. Sims III (pheh@the.whole.net)Date: 06/27/02
- Previous message: Ulrich Keil: "Re: Encryption Tool Wanted"
- In reply to: Marcus James: "email fowarding"
- Next in thread: Steve Vawter: "RE: email fowarding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Wilbur M. Sims III" <pheh@the.whole.net> To: "'Marcus James'" <marcus01@post.com>, <security-basics@securityfocus.com> Date: Thu, 27 Jun 2002 14:06:28 -0400
It really depends on the nature of the data being transferred. In the
organization I work for currently we have taken the time to numerically
weight all data in order of privacy concerns. Email traffic happened to
come up high on the list and we took steps to ensure that when possible
all email to and from remote offices, business partners and others be
routed via our private network. In addition PGP was issued to those who
regularly transferred or even dealt with privacy act information. (Grrr
NA).
If your foresee data being transferred by email which should only be
read by the intended recipient you shouldn't be using email to transfer
that data -- but more importantly you most definitely shouldn't be using
email to transfer that data over the internet.
Now... All of this goes under the assumption that you are using no form
of digital signatures or encryption on the data stored within said
email.
Re: Web Mail. -- It depends on a number of factors. Are you using SSL
from client -to-> webserver? Are you storing any of the email local to
web server? If not, are you locating the webserver outside of your
firewall while your email servers sit inside (only allowing access to
port 25 to them). In general however - Yes using this method would be
MUCH prefered to simply forwarding the email to a system at which you
maintain no control.
> -----Original Message-----
> From: Marcus James [mailto:marcus01@post.com]
> Sent: Wednesday, June 26, 2002 6:44 PM
> To: security-basics@securityfocus.com
> Subject: email fowarding
>
>
>
> Here's the situation:
>
> One of the companies I work at enables certain users to
> foward their email to an external address of their choice. So
> internal email sent to an employee may be fowarded externally
> to a hotmail account for example. What I am trying to
> determine is what the best practices are in this regard. My
> gut-feel says that this is not a good idea since email is
> "inherently insecure" and may be intercepted and so on and so
> forth. But on the other hand is this such a big deal? I'm not sure.
>
> A second question: Would forcing users to use a web interface
> to access their email instead be "more secure"?
>
> Thanks...
> --
> __________________________________________________________
> Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
Save up to $160 by signing up for NetZero Platinum Internet service.
http://www.netzero.net/?refcd=N2P0602NEP8
- Previous message: Ulrich Keil: "Re: Encryption Tool Wanted"
- In reply to: Marcus James: "email fowarding"
- Next in thread: Steve Vawter: "RE: email fowarding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
