POP vs IMAP policy

[David Lundy <dlundy () PACIFIC EDU>]

We are proposing eliminating POP in favor of IMAP using encrypted connections only for faculty and staff who access 
email in this fashion.  Our reasoning is that POP is based on the model of downloading the email to the client whereas 
IMAP is primarily server based.  Server resident email better prepares us for handling document retention and 
E-Discovery. 

Has anyone addressed this issue?  What arguments did you make?  What policies do you have?  Were E-Discovery or 
document retention issues addressed?

Thanks.

Dave Lundy



----
David Lundy
Associate IT Security Officer
University of the Pacific
Stockton, CA 95211
Email: dlundy () pacific edu
Voice: 209-946-3951
Fax: 209-946-2898

> > > Yandro Chavez Rubio <yandro.chavez () ITESM MX> 4/20/2007 2:45 PM >>>
Timothy,

What solution you are going to get for a SSL (web-based) VPN? Do you already
make the decision or are you in the process? What options do you have?

I would like to know about it, because we have the same problem as you and I
guess we can give a better service with the web-based solution.

Yandro

---
Yandro Chavez Rubio
Information Security Services Manager
Information Technology
Tecnologico de Monterrey
http://www.itesm.mx 
--------------------------
The content of this data transmission must not be considered an offer,
proposal, understanding or agreement unless it is confirmed in a document
signed by a legal representative of ITESM. The content of this data
transmission is confidential and is intended to be delivered only to the
addressees. Therefore, it shall not be distributed and/or disclosed through
any means without the authorization of the original sender. If you are not
the addressee, you are forbidden from using it, either totally or partially,
for any purpose.


-----Original Message-----
From: Timothy J. fairlie [mailto:fairlie () RIDER EDU] 
Sent: Friday, April 20, 2007 1:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU 
Subject: Re: [SECURITY] VPN policies.

At the moment, we provide a VPN client to those that need access from 
home. It isn't fun...
Nobody wants to touch an employees home machine anyway, and in some 
cases they may want/need client software in addition to the VPN client 
to access a resource they need.
We  "encourage" these employees to get laptops, as the VPN is the only 
software we'll provide for a home machine.

So even though we've had few problems, when they do come up it's a major 
hassle.

This summer we will be moving to an SSL (web-based) VPN, hopefully that 
will eliminate the need to provide client software at all.

T..

Timothy J. Fairlie
Director, Network and Communication Services
Rider University            fairlie () rider edu 

Matthew Gracie wrote:

> Like most institutions, I'm sure, we're getting more and more requests
> from people who want access to on-campus resources from off-campus. Our
> VPN concentrator is more than up to the task, but right now, we're
> discussing the best set of policies to allow people access to work from
> home without compromising data.
>
> How are people handling this? Are users accessing VPNs with their
> personally owned machines at your institution? Are you mandating laptops
> for users who work from home? An entirely different computer that stays
> at the employee's house? Who pays for the Internet connection? What
> about other hardware (routers, APs, etc.) that they need? Is IT
> supplying computers for off-campus use, or is it the job of the department?
>
> Any and all input is appreciated.
>
> --Matt
>
>