Educause Security Discussion mailing list archives
POP vs IMAP policy
From: David Lundy <dlundy () PACIFIC EDU>
Date: Fri, 20 Apr 2007 14:55:31 -0700
We are proposing eliminating POP in favor of IMAP using encrypted connections only for faculty and staff who access email in this fashion. Our reasoning is that POP is based on the model of downloading the email to the client whereas IMAP is primarily server based. Server resident email better prepares us for handling document retention and E-Discovery. Has anyone addressed this issue? What arguments did you make? What policies do you have? Were E-Discovery or document retention issues addressed? Thanks. Dave Lundy ---- David Lundy Associate IT Security Officer University of the Pacific Stockton, CA 95211 Email: dlundy () pacific edu Voice: 209-946-3951 Fax: 209-946-2898
Yandro Chavez Rubio <yandro.chavez () ITESM MX> 4/20/2007 2:45 PM >>>
Timothy, What solution you are going to get for a SSL (web-based) VPN? Do you already make the decision or are you in the process? What options do you have? I would like to know about it, because we have the same problem as you and I guess we can give a better service with the web-based solution. Yandro --- Yandro Chavez Rubio Information Security Services Manager Information Technology Tecnologico de Monterrey http://www.itesm.mx -------------------------- The content of this data transmission must not be considered an offer, proposal, understanding or agreement unless it is confirmed in a document signed by a legal representative of ITESM. The content of this data transmission is confidential and is intended to be delivered only to the addressees. Therefore, it shall not be distributed and/or disclosed through any means without the authorization of the original sender. If you are not the addressee, you are forbidden from using it, either totally or partially, for any purpose. -----Original Message----- From: Timothy J. fairlie [mailto:fairlie () RIDER EDU] Sent: Friday, April 20, 2007 1:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] VPN policies. At the moment, we provide a VPN client to those that need access from home. It isn't fun... Nobody wants to touch an employees home machine anyway, and in some cases they may want/need client software in addition to the VPN client to access a resource they need. We "encourage" these employees to get laptops, as the VPN is the only software we'll provide for a home machine. So even though we've had few problems, when they do come up it's a major hassle. This summer we will be moving to an SSL (web-based) VPN, hopefully that will eliminate the need to provide client software at all. T.. Timothy J. Fairlie Director, Network and Communication Services Rider University fairlie () rider edu Matthew Gracie wrote:
Like most institutions, I'm sure, we're getting more and more requests from people who want access to on-campus resources from off-campus. Our VPN concentrator is more than up to the task, but right now, we're discussing the best set of policies to allow people access to work from home without compromising data. How are people handling this? Are users accessing VPNs with their personally owned machines at your institution? Are you mandating laptops for users who work from home? An entirely different computer that stays at the employee's house? Who pays for the Internet connection? What about other hardware (routers, APs, etc.) that they need? Is IT supplying computers for off-campus use, or is it the job of the department? Any and all input is appreciated. --Matt
Current thread:
- POP vs IMAP policy David Lundy (Apr 20)
- <Possible follow-ups>
- Re: POP vs IMAP policy Paul Russell (Apr 20)
- Re: POP vs IMAP policy Kevin Shalla (Apr 23)