Securing POP Mail on Windows Clients
|Securing POP Mail on Windows Clients|
|June 12, 2001|
|CIO Council Security Practices Subcommittee (SPS)|
|NASA Scientific and
Engineering Workstation Procurement Security Center (SEWPSC),
Goddard Space Flight Center,
|1.7||Level of BSP|
|1.8||Security Processes or other Framework(s) Supported|
|BSP Security Process Framework (SPF) Section 188.8.131.52: Technical Security, Install/turn-on controls|
|1.10||Points of Contact|
|Government BSP Owner:
Do not post this contact information with the publicly accessible BSP.
|2.0||What This BSP Does|
|This BSP discusses how to use Secure Shell (SSH) Internet Protocol to secure the transmission of email passwords between email clients (e.g. Eudora or MS Outlook) and Postoffice Protocol (POP) email servers. SSH clients are widely available as freeware applications. In addition, there are relatively low-cost commercial versions available that provide additional functionality. This practice is very low cost and simple to implement; yet, relatively few Government users take advantage of it.|
|2.2||Requirements for this BSP|
|This BSP has been used successfully by NASA SEWP staff members accessing the SEWP POP servers remotely, either from home or while on travel.|
|3.0||What This BSP Is|
|3.1||Description of BSP|
POP mail, which is often the mail server for Eudora and Outlook clients, historically uses an insecure protocol. The mail password is transmitted between client and mail server in clear text. This password may also be (and typically is) a Unix account password, which could lead directly to an account compromise on the mail server.
Travelers and home workers are especially vulnerable since they send their passwords across the open Internet. The NASA SEWP Security Center has posted a short “How To” white paper.
For the technically inclined, this paper provides a brief technical overview of how SSH TCP port forwarding works at Internet nodes.
However, the bulk of the paper provides step-by-step directions, illustrated by screen-shots, for implementing SSH on Eudora and Outlook clients. The examples use the Tera Term freeware SSH application for illustration; however, the principles are easily applicable to other SSH applications.
The references section at the end of the document provides links for obtaining an SSH client.
|3.2||Relationship to Other BSPs|
|Relationships will be identified as the BSP population increases.|
|4.0||How To Use This BSP|
See the white paper referenced in Section 3.1, above.
|4.2||Implementation Resource Estimates|
Software costs range from $0 for a freeware SSH client to around $100 for a fully supported commercial version.
A computer-literate end user can work through the step-by-step instructions in the NASA SEWP white paper in less than half an hour. An IT support professional should be able to set up a machine in just a few minutes.
|4.3||Performance Goals and Indicators (Metrics)|
|The SEWPSC lab has tested the procedure to ensure that it effectively shields mail passwords.|
Note: A computer-literate end user can work through the step-by-step instructions for installing these applications in less than half an hour. An IT support professional should be able to set up a machine in just a few minutes.
|A||Executive Overview and Briefing|