Security Basics mailing list archives
RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails
From: "Duncan McAlynn" <duncan () mcalynn com>
Date: Tue, 17 Oct 2006 19:02:52 -0500
Another issue with these webmail products is the mass storage that they now provide. In highly secured environments they can pose as much of a security risk as USB drives and removable storage. All a user has to do is email himself attachments of company docs, schematics, financials, etc... It's not to say this can't be circumvented by other means, but by having a policy restricting access to such sites you're demonstrating due diligence and lessening the attack surface of your environment. You can use ACLs to permit users access that have pleaded a worthy argument. Duncan -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Murda Mcloud Sent: Monday, October 16, 2006 8:13 PM To: sfmailsbm () gmail com; security-basics () securityfocus com Subject: RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails At some point email leaves 'your control' and goes out across the wild blue yonder; this is where encryption comes in. One of the risks of using webmail is that it bypasses any gateway filters you may have so one layer of defense is taken away. If you do have some kind of corporate encryption scheme in place and are sending business email via gmail then it won't be part of that scheme. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of sfmailsbm () gmail com Sent: Monday, October 16, 2006 4:00 PM To: security-basics () securityfocus com Subject: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Dear List, It is a common practice among users to user their personal email accounts like hotmail, gmail, etc to send & receive business (and most probably confidential) information This is particularly the case when users are out of office These webmails are not under the company's control, and hence there is a risk of information loss. However upto now we have not heard of any such cases Wanted to get the opinion of the list on the security risks of the use of Webmails for business mails Thanks & regards --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Using Web mail (hotmail, gmail, yahoo, etc) for Business mails sfmailsbm (Oct 16)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Micheal Espinola Jr (Oct 16)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Henry Troup (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Michal Merta (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Steven Meyer (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Murda Mcloud (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kurt Aubuchon (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Robert D. Holtz - Lists (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kurt Aubuchon (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Robert D. Holtz - Lists (Oct 18)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kurt Aubuchon (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Micheal Espinola Jr (Oct 16)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Duncan McAlynn (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Frynge Customer Support (Oct 17)
- <Possible follow-ups>
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kenton Smith (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Laundrup, Jens (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Oftedahl, Douglas (Oct 17)
- Re: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Kenton Smith (Oct 17)
- RE: Using Web mail (hotmail, gmail, yahoo, etc) for Business mails Petter Bruland (Oct 17)