Elimination of Unsecured Remote Access IMAP POP3 - University of by xiaohuicaicai


									                                    Information Technology
                                       Enterprise Security
                           Removal of Unsecured Protocols and Services
                                 (Remote Access/IMAP/POP3)
                                           June 2009


Unsecured remote access is being eliminated and replaced with VPN (Virtual Private Network) access.
All users that currently use unsecured remote access have been notified to request a VPN account to
use for future remote access after this date. The use of a VPN account provides a secure channel
between a user’s local computer and the computer at the remote location, therefore providing a
‘private’ network over an otherwise ‘public’ network. This change will be implemented during
preventive maintenance on June 19, 2009.

Further Securing the Enterprise

As part of our ongoing efforts to further secure our environment, we are continuing to eliminate the use
of many unsecured protocols by closing the associated ports on the enterprise firewall. The use of
Unsecured IMAP and POP3 will be eliminated as part of these efforts.

IMAP (Internet Message Access Protocol) is a standard protocol for accessing email from a mail server.
Currently port 143 IMAP is open on the Internet firewall. This version of IMAP is not secure and allows
not only the users userid and password to transmit in clear text but also the mail itself. Using secure
IMAP – IMAP4 port 993, encrypts the data between the mail server and mail application so that it
cannot be intercepted or sniffed during transmission. Similar to the IMAP issue we will also be
eliminating the use of unsecured POP3 (Post Office Protocol 3) port 110. Users that use POP need to
switch to the secure version, POP3s that utilizes port 995. These changes will occur as part of our
preventive maintenance period on September 18, 2009.

Announcements will be made prior to removal of any protocols and/or services that may affect our user

To top