Educause Security Discussion mailing list archives
Re: Blocking POP3 and IMAP
From: "Pace, Guy" <gpace () CIS CTC EDU>
Date: Thu, 11 Oct 2007 11:47:56 -0700
If you have anything on your network that sniffs in/outbound traffic, you can show your POP3 and IMAP die-hards the plain text username and password packets passed back and forth via these protocols (and, you know how easy it is to sniff traffic). If they still gripe, show them your institution's Acceptable Use Policy (you do have one, right?) that addresses the consequences of exposing or sharing passwords (it does include that, right?). If the threat of termination for violation of institutional policy doesn't convince them, and you can't get administrative support for eliminating the protocols, then you may be forced to wait for one of them to get their account hacked by an angry student who packs their in-box with porn. Maybe an embarassing and messy end of a career splashed across the front page of the local daily newspaper is the only way to get the message across. Guy L. Pace, CISSP Security Administrator Center for Information Services (CIS) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () cis ctc edu ________________________________ From: Hammon, Gary [mailto:ghammon () STONEHILL EDU] Sent: Thursday, October 11, 2007 11:16 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Blocking POP3 and IMAP I recently joined the Security listserv, and searched the archives looking for any trend regarding blocking inbound POP3 and IMAP. We think we have finally moved beyond any 'business need' to allow these protocols for email. We have an Exchange environment that has web access etc., but there are a small number of folks who simply prefer not to change. I am hoping that I can say that it would be a best practice to eliminate the POP3 and IMAP protocols. I am hoping that other institutions have already started to eliminate the protocols, or know that it is a good idea/best practice to eliminate these protocols (ignoring the political firestorm of course!). Thank you for any feedback on this, Gary Gary Hammon CIO Stonehill College Easton, MA 02357
Current thread:
- Blocking POP3 and IMAP Hammon, Gary (Oct 11)
- <Possible follow-ups>
- Re: Blocking POP3 and IMAP Ken Connelly (Oct 11)
- Re: Blocking POP3 and IMAP Pace, Guy (Oct 11)
- Re: Blocking POP3 and IMAP Alex Everett (Oct 11)
- Re: Blocking POP3 and IMAP Michael Sinatra (Oct 11)
- Re: Blocking POP3 and IMAP Michael Sinatra (Oct 11)
- Re: Blocking POP3 and IMAP Valdis Kletnieks (Oct 11)
- Re: Blocking POP3 and IMAP Geoff Nathan (Oct 11)
- Re: Blocking POP3 and IMAP Harry E Flowers (flowers) (Oct 11)
- Re: Blocking POP3 and IMAP Shumon Huque (Oct 11)
- Re: Blocking POP3 and IMAP Paul Russell (Oct 11)
- Re: Blocking POP3 and IMAP Mike Iglesias (Oct 11)
- Re: Blocking POP3 and IMAP Geoff Nathan (Oct 11)
(Thread continues...)