Question is,...on an NT 3.51 running Netscapes Mail Server, a network manager
I work with is concerned that security will be compromised if we sign onto
another ISP account and retrieve our mail by configuring our e-mail clients
to query the POP server. He claims that hackers will steal our passwords from
packets logging onto the POP server. He seems to feel that a password
hijacker can sit and intercept theses packets, disassemble them, decrypt the
password, and this will allow them to access our system. I hold that our POP
and SMTP server is separate from all others, and even if this could happen,
the worst that could happen is very little for all of the effort, such as
someone reading someone elses mail.
Someone taught a class on security that this guy attended and it appears that
they have misled him into thinking paranoia. He basically does not want me,
the Webmaster, and the rest of the staff retrieving our mail unless we are
dialed into our own Network, I say there is no problem with accessing
remotely through my Internet provider.
BTW, Our DNS is on a Unix server, as he will not let me set it up on NT. He
knows neither NT nor Unix, but manages the Novell LAN. Our provider
originally set up the DNS on the Unix, and he is afraid to touch it. He is
also afraid the Unix box will be accessed by hackers if they decode the POP
server, although there is no integrated connection other than physical.
Any thoughts? E-mail me if possible.