There may be many criterias to get involved:
1. Are the clients using applications or workflows? Imap, Pop3 is not very
suitable purpose.
2. Types of your clients: You say that your manager or anyone abroad will use
the Imap or Pop3. In that case your manager should use the mailbox from the
Notes client and e-mail client. In both case unread marks mailboxes should be
converted in two ways.(Size increases, views change)
3. Unread marks are lost in Imap and/or Notes client. Doclinks and database
links are not seen in Imap or Pop3.
4. In mixed environments, you should use mime. It means problem in coexistence
environments 4.x and 5.x servers. (Mime -> Rtf or vice versa)
5. You should use SSL for security in Internet and extranet environments which
is somehow complicated in large environments. Issuing client certificates in
Domino is a bit tricky.
6. Again in mixed environments you should have a Notes ID for the security of
clients, which the Notes still insists on IDs. The client X509 certificates are
merged or appended with the Notes IDs(??).
7. For the overall security, Notes recommends to use another Domino server from
the Internet -> Intranet access. You can setup Pass through Server for Notes
Clients(IBM Redbooks).
8. Https access for Notes 5.x is slow because of the applets. And these applets
don't work with all browsers.(It says work, but without a few customization your
browser may shutdown)
9. Address Book features needs Ldaps for messenger or outlook client....
I apologize.
>I was thinking more of your overseas people useing the internet to use the
>notes web client from your main location, but if your ISP is unreliable I
>don't know if anything will really work.
>
>David Lang
>
>On Fri, 17 Sep 1999, Chris Knox
>wrote:
> Date: Fri, 17 Sep 1999 08:57:07 -0700 (MST)
> From: Chris Knox <[EMAIL PROTECTED]>
> To: Pete Goodridge <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
> Subject: Re: Re[4]: Marginally on-topic -- Secure remote email access
>
> Yes, Notes has an SSL mail client, but the root of the problem is the
> size of the Notes database. We don't have a reliable international ISP
> with presence in places like Mexico, Brazil and China. And when they
> do, the connection is slow. That and the amount of data that the Notes
> mail virus^H^H^H^H^H agent exchanges during a database synchronization
> leads to pissed off execs which leads to Notes being pulled out and...
> and.... Nice thought, but they'd replace it with MS Exchange.
>
> I'm just trying to get some secure alternatives in place in case the CEO
> gets a real attitude about it and refuses to use it.
>
> I'm also going to investigate further with our Notes administrator and
> maybe bring the Lotus sales tech in.
>
> Meanwhile, thanks to all for the alternative ideas.
>
> cwk
>
>
> According to Pete Goodridge:
> >
> > Either solution would work, but if there are using Notes, and you have
> > to retrain them to use the web mail you'll have other cost issues.
> > (Something about clock radios was mentioned ;) ) Also, not having
> > used Web mail, how do you answer e-mail when you are offline?
> >
> > Now that I think of it, doesn't Notes have it own encryption routines
> > you can use just by turning on one of it's options?
> >
> > THX,
> > Pete Goodridge
> > Abt Associates Inc.
> >
> >
> > ______________________________ Reply Separator
_________________________________
> > Subject: Re: Re[2]: Marginally on-topic -- Secure remote email access
> > Author: David Lang <[EMAIL PROTECTED]> at internet
> > Date: 9/16/1999 12:17 PM
> >
> >
> > I personally would prefer to use https rather then one of the tunnel
> > clients for the firewall. i don't trust the remote users to secure their
> > machines enough.
> >
> > While hotmail had (has??) significant security problems, I don't think
> > those problems are becouse of the web access, I believe they were caused
> > by poor decisions of the system designers.
> >
> > David Lang
> >
> > On Thu, 16 Sep 1999, Pete Goodridge wrote:
> >
> > > Is there an remote encrypted client for your current firewall? That
> > > way they could dial a local ISP, and not have to pay for the long
> > > distance call. You also would not have passwords sitting on
someone's
> > > "secure" web site, like Hotmail.
> > >
> > > Pete Goodridge
> > > Abt Associates Inc.
> > >
> > >
> > >
> > > ______________________________ Reply Separator
> > _________________________________
> > > Subject: Re: Marginally on-topic -- Secure remote email access
> > > Author: David Lang <[EMAIL PROTECTED]> at internet
> > > Date: 9/15/1999 7:41 PM
> > >
> > >
> > > My answer is to provide web based mail for them. There are several
> > > packages out there that will talk POP3 or IMAP to your mail server and
> > > provide a web gateway.
> > >
> > > note, you are still only talking 40 bit encryption, unless you can qualify
> > > for a global certificate (limited to financial/banking interests IIRC) but
> > > this is still better then having the passwords in the clear.
> > >
> > > David Lang
> > >
> > > On Wed, 15 Sep 1999, Chris Knox wrote:
> > >
> > > > Date: Wed, 15 Sep 1999 16:15:27 -0700 (MST)
> > > > From: Chris Knox <[EMAIL PROTECTED]>
> > > > To: firewalls <[EMAIL PROTECTED]>
> > > > Subject: Marginally on-topic -- Secure remote email access
> > > >
> > > > My company is scattered across North and South America, Europe, Asia,
> > > > Australia and the Pacific Rim. We currently use Notes for internal
> > > > email but the size of the data transfers while databases synch up has
> > > > caused some very expensive phone calls. We're getting a lot of pressure
> > > > to open up POP3 and let users connect accross the Internet. It give me
> > > > heartburn to think of all those passwords being shuttled around in the
> > > > clear from random ISPs in Sao Paulo, Moscow, London and who knows where
> > > > else. To make matters worse the users who travel the most are
executives
> > > > and sales types who are -uhm- technologically -uhm- challenged. I.e.
> > > > they are doing well if they can set their clock radio.
> > > >
> > > > Ideas or pointers to a more appropriate forum?
> > > >
> > > > --
> > > > Chris Knox
[EMAIL PROTECTED]
> > > > Hypercom, Inc. (602)
504-5888
> > > > Unix Systems Support Speaking only for
myself.
> > > > -
> > > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > "unsubscribe firewalls" in the body of the message.]
> > > >
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
>
> --
> Chris Knox [EMAIL PROTECTED]
> Hypercom, Inc. (602) 504-5888
> Unix Systems Support Speaking only for myself.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
