Re: Securing Corporate Web Based Email

From: sil (jesus_at_resurrected.us)
Date: 01/30/04

  • Next message: Bruyere, Michel: "RE: Domain HiJacking by SPAMMERS" 
    Date: Thu, 29 Jan 2004 18:23:46 -0500 (EST)
To: Meritt James <meritt_james@bah.com>

    On Thu, 29 Jan 2004, Meritt James wrote:

    > A number of places are with their people not realizing they are.
    > Consider web interfaces to a corporate mail system...
    >
    > Jim
    >
    > Jeff McLaughlin wrote:

    IMO, Configuring something similar to say OpenWebmail via SSL is
    definitely worth looking into. I have a couple of sites which users
    are using web based mail via SSL and other sites where users need to
    access things like say http://www.somesite.foo/config*, http://*/admin.*
    and I've set up SQUID using the auth options with static addresses for
    those who need to make changes, everyone else gets redirected via
    mod_security, and .htaccess files.

    Same follows for those who I allow to access web mail. (.htaccess, ipf
    rules, and SQUID based auth) Firewalls can be configured to allow certain
    blocks for those who don't have static addresses, and for those who
    don't, using their address ranges, one can narrow things down to times
    someone checks their mail and allow that range in within that specified
    time.

    I'm wondering how many admins/sec engineers monitor log events just for
    the sake of understanding what is going on within their networks. For
    instance, on my PERSONAL sites, I always have had the habits of tail
    -f'ing various logs to see in real time what is happening in order to make
    my sites/networks more effective for the end user and for myself.

    One can understand the actions of users based on repetitiveness at times,
    and configure things from there, as well as get an understanding if
    someone is trying to `beat the system' if you will, and address things
    from there on.

    When it comes to corporate mail systems however, too many fortune 500's
    will shoot down the notions of using programs such as Open Web mail due to
    FUD. (Not understanding the workings of the program, the whole open source
    concept is foreign, unexperienced admins don't have a clue as to how to
    set them up, etc.)

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    Quis custodiet ipsos custodes? - Juvenal

    J. Oquendo
    GPG Key ID 0x51F9D78D
    Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D
    http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D

    sil @ politrix . org http://www.politrix.org
    sil @ infiltrated . net http://www.infiltrated.net

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------

  • Next message: Bruyere, Michel: "RE: Domain HiJacking by SPAMMERS"