[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Best way to check email securely?
- Subject: Re: [cobalt-security] Best way to check email securely?
- From: Michael Korolew <admin@xxxxxxxxxxxxxx>
- Date: Sat, 23 Feb 2002 22:47:08 +1100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
At 12:15 AM 23/02/2002 -0800, you wrote:
Matthew Nuzum wrote:
> Install SquirrelMail (squirrelmail.org) or neomail/acmemail/other
> webmail program on the server. Install SSL on the site. Check your
> e-mail through a webbrowser using SSL.
>
> This is my preferred way.
I could never limit myself to using webmail; there's just too much I
can't do. And it's much too slow.
SSL over web mail is a secure option, and one that I would hope many of
your customers used. You never know who's sniffing who's subnet.
And even if I did, how could I convince my clients to? Tell them: "Our
security policy means you have to change everything you've ever done
before". Sorry, but I don't think that's conducive to keeping clients.
Most clients won't even know what the first thing is to keep themselves
secure. But if you, perhaps create a FAQ or security page on your web site
explaining the dangers of sending clear text passwords through pop, ftp,
telnet, web browsing, etc then you could help point out to them these
dangers clearly, and how to stop someone from snatching their
passwords. Using programs like Eudora with apop, sftp from openssh, ssh
program like SecureCRT instead of telnet, and using SSL whenever they need
to authenticate themselves browsing, also making sure to change around
their passwords regularly.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security