[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Author Index][Search Archives]

[DISC] net data as security risk [was : I need your help ]




The 'problem' of having intranet internal addressing data available to
the internet is, from some viewpoints, real. The proposed solution, however,
is both incorrect and unworkable in the real world. For the removal of
this individuals data to be complete _every_ indexing system on the net must
be checked and verified.

There are several 'real' solutions. One is to disconnect the intranet from
the external world. The other is to set up the mail gateway to change all
outgoing addresses to some generic domain like 'USER_XYZ@spook.gov'. All
incoming mail not addressed to someone @spook.gov gets bounced. The internal
users that are 'allowed' outside email/net contact then have aliases (MX
records in net speak) that can be contacted from the outside world. The
mail comes in to Joe_Cool@spook.com and the mail gateway translates that
name to the internal userid and maildelivery node, 
hu12jc45@super.duper.decrypto.spook.gov.

It sounds like someone's boss needs a clue.

Alan Davis
=======================================================================
List Archives, FAQ, FTP:  http://sca.wayfarer.org/merryrose/
Submissions:              atlantia@atlantia.sca.org
Admin. requests:          majordomo@atlantia.sca.org