[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: POP Access Thru router
From:       Paul Ferguson <pferguso () cisco ! com>
Date:       1995-11-09 18:52:09
[Download RAW message or body]

At 12:22 PM 11/9/95 -0800, Rob Sansom wrote:

>There are some at my organization (upper management) who believe that there
>is little danger in allowing access to POP accounts on my Unix host thru
>our router.  My attitude is that the fewer types of connections that I
>allow through the router to our internal hosts the better, and a good
>solution to allowing access to POP accounts from the outside would be to
>set up terminal server/modem
>access with SLIP/PPP functionality so that people can dial in and download
>their mail via Eudora or whatever, over a SLIP connection.  In light of the
>recent syslog(3)/Telnet problems, it scares the hell out of me to allow
>this type of connection.  Besides sending passwords in the clear over
>unsecured nets, I don't want to find out the hard way that there is some
>bug in my POP server, or function call that it uses.  Am I being overly
>cautious (loaded question)?
>

No, not really. These are certainly valid concerns.

It would, however, be (almost) harmless if the remote users were dialing
into your internal network directly via a terminal server behind your 
firewall. Of course, you would be well advised to use a reliable 
authentication mechanism to allow the PPP/SLIP logins.

If this (loaded question) were POP traffic traversing your firewall from
external networks, then it would be extremely foolish.  ;-)

- paul


--
Paul Ferguson                                           ||        ||
Consulting Engineering                                  ||        ||
Reston, Virginia   USA                                 ||||      ||||
tel: +1.703.716.9538                               ..:||||||:..:||||||:..
e-mail: pferguso@cisco.com                         c i s c o S y s t e m s

[prev in list] [next in list] [prev in thread] [next in thread]