POP3 Security Issues

Frederick M Avolio fred@avolio.com
Fri, 27 Nov 1998 13:10:42 -0500

At 08:55 AM 11/16/98 -0500, mreiter@gwillness.osd.mil wrote:
>My users want to use POP3 over the internet to access their e-mail through
>our firewall.  There is a POP3 proxy built in to the firewall (not
>currently on), but I am leery of ANY access through the firewall over the
>internet.  Does anyone know of security issues surrounding this?

1. Their email will be visible as it flows over the Internet. An encrypted
connection protects this.

2. Their reusable password will be visable over the Internet unless you use
APOP authentication (not bulletproof, but better than a reusable password).

3. They must be educated against using the usual PC email stations at
conferences. These are wonderful places to find all sorts of email left
behind by people who both sent and received email using them.

Avolio Consulting
16228 Frederick Road, PO Box 609, Lisbon, MD 21765
410-309-6910 (voice)		410-309-6911 (fax)