Re: security implications of allowing WAN access to LAN pop3 server.
From: Ray Dias (raymond_dias@hp.com)Date: 09/06/02
- Next message: J.W. Janssen: "Re: A Firewall that Hides IP Number?"
- Previous message: Jeff Grossman: "Re: xp built in firewall"
- In reply to: Joss: "security implications of allowing WAN access to LAN pop3 server."
- Next in thread: W. B.: "Re: security implications of allowing WAN access to LAN pop3 server."
- Reply: W. B.: "Re: security implications of allowing WAN access to LAN pop3 server."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ray Dias" <raymond_dias@hp.com> Date: Fri, 6 Sep 2002 08:31:01 -0700
Jo,
There are security issues with allowing any port from your wan to your
LAN.
What I would suggest is that you implement one of the following:
1.) implement a VPN solution with your Sonicwall so that user can connect
to your LAN from any where. This will encrypt all traffic and allow the
users to
have basically the same access that they have at the office.
2.) if pop3 access is all that you need, then I would use pop3/smtp over
ssl. Most
e-mail clients support this as do most e-mail servers. this will at least
require a
secure e-mail connection that is encrypted.
3.) Implement a web based e-mail system that uses SSL to encrypt all
traffic. You
can configure the firewall to accept requests from a non standard port (
>1024)
and redirect it to an internal system on an ssl port (usually 443). Or just
allow
ssl through to the web based e-mail system. Again, all traffic will be
encrypted.
The bottom line here is that allowing pop3 through your firewall for
e-mail access
will open up a hole in your security and the username/password would be
passed
in clear text. Anyone with a packet sniffer that is on your network segment
would
be able to see usernames and passwords. Very insecure. I prefer the VPN
method
because of the added functionality. Which one you use will be determined by
what
you have available as well as what client OS's your users have.
Hope this helps.
Ray Dias
(raydias at hotmail dot com)
"Joss" <joss@pleasereplytogroup.com> wrote in message
news:al9j1j$rg8$1@helle.btinternet.com...
> I would like to allow our remote users to retrieve their mail from our LAN
> mailserver. I figure it should be as easy as setting up the Sonicwall to
> allow POP3 retrieval (6,110) from the LAN to the WAN and setting up the
ISDN
> router to map TCP 110 to the mail server (or should that be the
Sonicwall?).
> Anyway, simple as this sounds, I still need to assure that this does not
> open up any gaping holes in to our LAN. Each POP3 account is protected by
> username/password, but is this enough (we have an NT based mailserver
> application, not Exchange)? VPN could be an option, but I have been told
> that it increases the amount of data traffic by 25% (is this true?). Other
> than straight forward connection by TCP and VPN, are there other ways of
> securing access/data transfer?
>
> Another approach would be to have the remote users' mail forwarded to
their
> ISP account, but I would like to keep all the pop3 boxes 'in house' for
> better reliability and easy administration.
>
> thanks for time and assistance,
> Jo
>
>
- Next message: J.W. Janssen: "Re: A Firewall that Hides IP Number?"
- Previous message: Jeff Grossman: "Re: xp built in firewall"
- In reply to: Joss: "security implications of allowing WAN access to LAN pop3 server."
- Next in thread: W. B.: "Re: security implications of allowing WAN access to LAN pop3 server."
- Reply: W. B.: "Re: security implications of allowing WAN access to LAN pop3 server."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
