Kenny Billiau schreef:
Hi,
but even with SSL you have hammering attacks to be able to login eh ;)
Anyway, IT opened it up briefly, (Luc was not there and Dany is easy to be convinced when held by knifepoint) closed it again (Luc came back but we only have one knife).
The possible solution would be to use Netwerk Connect to establish a vpn-ipsec tunnel, only for certain ports. I haven't seen in it action yet, but it would be started or thorugh the webportal or on a commandline (kickass). So this is no vpn, and it seems fairly simple to enable. I guess IT will demonstrate it soon?
Isn't this still making all your IMAP traffic go trough that tunnel then? Disabling other mailboxes your client might try to check? From a brief wikipedia article on DMZs Because of the confidential nature of [e-mail], it is not an excellent idea to store it in the DMZ. Instead, e-mail should be stored on an internal e-mail server. The mail server in the DMZ should pass incoming mail to the internal mail servers and the internal mail server should pass outgoing mail to the external mail servers. Ideally, all communications should be initiated by the internal mail servers. So, what's keeping them from implementing this? Aren't mailservers supposed to be reachable from outside? And if the hammering attacks really are so bad, they can provide us with certificates like you suggested earlier. T.
On Wed, 4 Mar 2009, Eric Bonnet wrote:
certainly not, and on top of that this mail service is set up on a secure channel (with SSL encryption), so there is no whatever "security" reason to invoke....
Yves Van de Peer wrote:
Eric Bonnet wrote:
I can't believe that they closed this mail service, without any notice > on top of that.
That's really bad management and practise. The settings must be set as > it was before. There is no justification for that change.
when I complained yesterday or the day before, they told me I was the only one still working without VPN and that I was the only one who would encounter problems ... guess not!?!?
-- ================================================================== Thomas Van Parys Tel:+32 (0)9 331 36 95 fax:+32 (0)9 3313809 VIB Department of Plant Systems Biology, Ghent University Technologiepark 927, 9052 Gent, BELGIUM thomas.vanparys@psb.vib-ugent.be http://bioinformatics.psb.ugent.be ==================================================================
Thomas Van Parys wrote:
Kenny Billiau schreef:
Hi,
but even with SSL you have hammering attacks to be able to login eh ;)
Anyway, IT opened it up briefly, (Luc was not there and Dany is easy to be convinced when held by knifepoint) closed it again (Luc came back but we only have one knife).
The possible solution would be to use Netwerk Connect to establish a vpn-ipsec tunnel, only for certain ports. I haven't seen in it action yet, but it would be started or thorugh the webportal or on a commandline (kickass). So this is no vpn, and it seems fairly simple to enable. I guess IT will demonstrate it soon?
Isn't this still making all your IMAP traffic go trough that tunnel then? Disabling other mailboxes your client might try to check?
From a brief wikipedia article on DMZs
Because of the confidential nature of [e-mail], it is not an excellent idea to store it in the DMZ. Instead, e-mail should be stored on an internal e-mail server. The mail server in the DMZ should pass incoming mail to the internal mail servers and the internal mail server should pass outgoing mail to the external mail servers. Ideally, all communications should be initiated by the internal mail servers.
So, what's keeping them from implementing this? Aren't mailservers supposed to be reachable from outside?
And if the hammering attacks really are so bad, they can provide us with certificates like you suggested earlier.
T.
*citation needed* :p
On Wed, 4 Mar 2009, Eric Bonnet wrote:
certainly not, and on top of that this mail service is set up on a secure channel (with SSL encryption), so there is no whatever "security" reason to invoke....
Yves Van de Peer wrote:
Eric Bonnet wrote:
I can't believe that they closed this mail service, without any
notice > on top of that.
That's really bad management and practise. The settings must be
set as > it was before. There is no justification for that change.
when I complained yesterday or the day before, they told me I was the only one still working without VPN and that I was the only one who would encounter problems ... guess not!?!?
-- ================================================================== Michiel Van Bel PhD student Tel:+32 (0)9 331 36 95 fax:+32 (0)9 3313809 VIB Department of Plant Systems Biology, Ghent University Technologiepark 927, 9052 Gent, BELGIUM mibel@psb.vib-ugent.be http://www.psb.vib-ugent.be ==================================================================
participants (2)
-
Michiel Van Bel -
Thomas Van Parys