At 12:22 PM 11/9/95 -0800, Rob Sansom wrote:
>There are some at my organization (upper management) who believe that there
>is little danger in allowing access to POP accounts on my Unix host thru
>our router. My attitude is that the fewer types of connections that I
>allow through the router to our internal hosts the better, and a good
>solution to allowing access to POP accounts from the outside would be to
>set up terminal server/modem
>access with SLIP/PPP functionality so that people can dial in and download
>their mail via Eudora or whatever, over a SLIP connection. In light of the
>recent syslog(3)/Telnet problems, it scares the hell out of me to allow
>this type of connection. Besides sending passwords in the clear over
>unsecured nets, I don't want to find out the hard way that there is some
>bug in my POP server, or function call that it uses. Am I being overly
>cautious (loaded question)?
>
No, not really. These are certainly valid concerns.
It would, however, be (almost) harmless if the remote users were dialing
into your internal network directly via a terminal server behind your
firewall. Of course, you would be well advised to use a reliable
authentication mechanism to allow the PPP/SLIP logins.
If this (loaded question) were POP traffic traversing your firewall from
external networks, then it would be extremely foolish. ;-)
- paul
--
Paul Ferguson || ||
Consulting Engineering || ||
Reston, Virginia USA |||| ||||
tel: +1.703.716.9538 ..:||||||:..:||||||:..
e-mail: pferguso @
cisco .
com c i s c o S y s t e m s
|
|
