Security Basics mailing list archives
RE: Securing Corporate Web Based Email
From: Jeff McLaughlin <JMclaughlin () springsgov com>
Date: Mon, 2 Feb 2004 09:16:39 -0700
OWA works fine if your users use the corporate mail servers for their personal mail. But many do not and have a need to access their personal (free/not free) external web vendors. I recognize that personal e-mail is a major communication tool (much like a telephone) that people need to simply manage their lives. To totally disallow personal web e-mail frankly just pisses off your users so they head to the nearest coffee shop to check their mail or "they find a way". When "they find a way" it usually results in a less secure atmosphere then if you just allowed web mail. So, I'm trying to find a way to allow personal web based (free/not free) email... Is there any "data" on free webmail vendors that evaluate them for virus protection and spam control? Let's say you allow your users to select 4 free web email vendors that have good ratings for virus protection and spam control. You then ensure that your users are running updated virus protection (verified when they log into the network). How secure (virus-wise) would this arrangement be? Any strategies for scanning for inappropriate content in web-mail or blocking known inappropriate sites? Could I have the users log into a different user account that provided access to e-mail but did not allow opening / saving attachments via a group policy? I do understand the security concerns around web based email. Any ideas on the best security scenario for allowing free, personal, web based email into the corporate environment? Jeff McLaughlin --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Re: Securing Corporate Web Based Email Brian Keefer (Feb 02)
- <Possible follow-ups>
- RE: Securing Corporate Web Based Email Jeff McLaughlin (Feb 02)