On Mon, 3 Jun 1996, Anton J Aylward wrote:
[snip]
> In that case the denial of service attack still applies, even though the
> store and forward nature of UUCP make penetration of your site completely
> impossible.
Nothing is for sure in this world and hacking into machines via UUCP
accounts is not unheard of. You would surprised how many open UUCP
accounts one could find if one looked for them.
[snip]
> >you have to assume email to be insecure - in every case.
> >OTOH, you're surely right. this is the main reason why i wish to have
> >my email server under my control.
>
> That mail _transmission_ is insecure is a bit of a myth.
> Its _easy_ to read mail sitting in a box on the server, its diffucult to
> read packets in transit.
Your joking right? It's no harder to read a piece of email in transit
than it is read a plaintext password. Sites are compromised every day by
sniffing network traffic. What makes you think those interested in your
daily affairs will stop with passwords?
[snip]
> >my main point was that you can avoid email-server-bugs which can
> >compromise your *whole* security by placing it outside.
>
> No. You're placing undue emphasis on "bugs" in the E-Mail server. There
> are servers which are - at this level - bug free. But you would still have
> a firewall.
I am not sure I am willing to make that assumption. History shows us that
email services are the most insecure of all. To place this service on
any machine intended to filter, restrict, or otherwise alter network
connections from foriegn networks is a mistake.
Jason
References:
|
|
