Re: Newsgroup filtering with host server software

Moe Trin wrote, On 28/12/07 19:58:
On Thu, 27 Dec 2007, in the Usenet newsgroup comp.security.firewalls, in article
<j7hd45xoh6.ln2@xxxxxxxxxxxxxxxxxxxxxxx>, Flash Gordon wrote:

Moe Trin wrote, On 27/12/07 20:00:

where I wrote:

]]]] at work we simply block access to the IP ranges used by Hotmail
]]]] (and yahoo, and gmail, and others).

it might understand hotmail, et.al. just isn't an option.

In my case I can be behind another companies firewall and that other
company may well block access to hotmail et.al. but *might* be prepared
to poke a hole to let me access my companies system.

Depends

Yes. Where I used to work there was no option of *any* access from the outside. If you were not in the office you had no access to email.

- we're an R&D facility, so we're rather tightly controlled. We
basically don't allow "visiting computers", though we do have several
computers scattered about that are isolated from our network that can
be used by visitors (and employees for non-business activities).

Some of our customers are like that as well. This is where Blackberries and 3G cards come in useful. Then although you cannot plug in to the customers network you can still get at your email.

"company WebMail access"???
Yes, my employer provides me with a web portal to the company email
system, i.e. company webmail. I know that both the Domino Server from
IBM and Exchange from MS can provide this.

We tend to frown on web access - especially for mail.

My attitude is that the email has already passed unencrypted through the internet before it hit my inbox. So if a customer allows me to plug in to their network and allows web access but not the other email protocols we use or VPN it is useful for me to have web access to email.

Allowing Joe User (or more likely, Joe User's son/daughter because
Joe has trouble just using a web browser) to set up remote access on
his work desktop is the height of folly.
Fortunately I am not "Joe User" but someone who helps out our
undermanned IT department and probably know more about making *my*
machines secure than our IT department. I agree with your points though.

My wife works at a large, but privately held company, and the owner had
been cutting corners and underfunding things like computer security.

My company is not large, but all IT in it is underfunded.

One of the users got owned, and through lack of security setups, the
company's network because an open spam relay and mail-drop. That was

Painful. We (when I was not involved in our IT infrastructure) have had machines "owned" and spewing out spam before. Now outbound port 25 is blocked except for our outbound mail server.

bad enough, but then the law got involved because some idealist had
filed a criminal complaint (I dunno - maybe the pills didn't work).
Fun, frolic, and a new IT department.

Oh what fun.

If you need access from "outside", you should be using an SSL service
requiring both dedicated hard/software and a "password" (that isn't
"remembered" by some application).

I would not always go that far. That is our *main* method of external
access to email, but I can use webmail when there is no other method.

Our auditors (internal, and those from customers) won't allow that.

Yes, some companies have more stringent requirements than others. Personally I am trying to push my company slowly in to making things more secure, but as I am the only one who seems to have any real concept of security or risk (and I am *not* an expert) it is slow going. Fortunately it is not actually my responsibility so if I fail to get things tightened up and we hit major problems it is not my neck on the line.
--
Flash Gordon
.

Relevant Pages

  • JOBS: Sr. Embedded Software Developer Openings- F/T - Austin, TX
    ... Write device drivers for network interface and other proprietary ... Embedded Software Applications Engineer- Consumer Audio Decoder Software Dev ... sessions to customers and distributor field application engineers. ... PDA) and help with software development required to ...
    (comp.arch.embedded)
  • Re: [Full-Disclosure] MS Anti Virus?
    ... customers about security, ... protect our customers'. ... seemingly relieve Microsoft of any such responsibility, ... means their network connection gets hosed or their OS is rendered ...
    (Full-Disclosure)
  • Re: 71% Say Finding New Energy Sources More Important than Conservation
    ... The argument of the techies is that the network providers should compete on the basis of providing low cost, ... The network providers want an additional competitive edge based on selling a higher quality service to selected customers. ... CenturyTel is the only telephone company here in the San Juan islands and it was only when the local electrical company installed fiber that we got broadband service. ...
    (soc.retirement)
  • BT to close 21CN Trial Network
    ... Following the successful migration of the first live customers onto ... BT's 21st Century Network in South Wales, ... The closure of the 21CN voice trials marks the end of one critical ...
    (uk.telecom)
  • Re: New every Two - Downgrade
    ... These are all great features, but as things stand today, they're all ... gimmicks to get the business away from Verizon. ... I sincerely hope the network situation ... Ultimately, Sprint/Nextel, Cingular and T-Mo customers will start screaming ...
    (alt.cellular.verizon)
Quantcast