Robert Moskowitz wrote:
>
> I have seen attacks and mitigations that often never make it out to the
> public, or make it out after we have worked with the vendors for weeks
> to get patches before the S* hits the fans. I am particularly paranoid
> about what may be exposed on a gateway/firewall while waiting for that
> all so important patch.
>
> I don't like SME's laid back attitude to getting a 1st install patched,
> for example. One 1st install, all services on the server MUST be blocked
> until current updates are installed and configured, and only then opened.
>
> So, no, your explaination does not make me feel more comfortable. But
> then as indicated, I am a hard one to make comfortable....
I could have missed something, but I don't recall any services being
open on the external nic until you configure them. Are any? If you
have a 1-nic setup they probably assume that something else is handling
the firewalling.
>> That's not particularly relevant - if you access from more than one
>> location you might want to set up imaps access so all the messages are
>> stored on the server and available through the hoard web interface if
>> you aren't at you usual client(s).
>
> I was at the IETF when IMAP was brought out of CMU and standardized, I
> know the beast all too well.
Yeah, on R4 and you still can't count on a good notification mechanism,
but it is usable.
--
Les Mikesell
lesmikesell at gmail.com