User comments on ISPs
  >> PlusNet plc


Register (or login) on our website and you will not see this ad.


These posts have been archived and can no longer be replied to or modified.
Pages in this thread: 1 | 2 | 3 | 4 | 5 | [6] | 7 | (show all)   Print Thread
Standard User blewit
(committed) Tue 22-May-07 15:59:34
Print Post

Re: Strong Passwords!


[re: deleted] [link to this post]
 
In reply to:

wasn't webmail i was referring to.




Well what then?

In reply to:

doesnt seem like much "security" to me. only takes a compromise of the webserver platform software.




Well yes - but that's the same for virtually every business online then - what were you expecting??

[I've left out its about non-http/https ports being blocked/firewalls etc. which they probably also have - I was just commenting on the "external access to Workplace" bit of your original post]
Standard User deleted
(deleted) Tue 22-May-07 16:31:25
Print Post

Re: Strong Passwords!


[re: blewit] [link to this post]
 
other security related issues.

In reply to:



Well yes - but that's the same for virtually every business online then - what were you expecting??




i was expecting an ISP as big as plusnet to use VPN or something similar and keep it on an internal network only.
Standard User blewit
(committed) Tue 22-May-07 16:40:52
Print Post

Re: Strong Passwords!


[re: deleted] [link to this post]
 
using a VPN isn't keeping it on an internal network only .... it's just a different form of encryption ....


Register (or login) on our website and you will not see this ad.

Standard User deleted
(deleted) Tue 22-May-07 17:26:04
Print Post

Re: Strong Passwords!


[re: blewit] [link to this post]
 
perhaps not, but its better than leaving widely exposed apache server. VPN + totally firewalled off except to allowed client nodes is the way to go.
Standard User blewit
(committed) Tue 22-May-07 17:32:51
Print Post

Re: Strong Passwords!


[re: deleted] [link to this post]
 
In reply to:

widely exposed apache server.




I did say it was IP-restricted ... hardly "widely exposed" now is it [Presuming they keep the access lists up-to-date etc. etc.
ISP Representative IanWild
(isp) Tue 22-May-07 17:37:56
Print Post

Re: Strong Passwords!


[re: blewit] [link to this post]
 
FYI, The IP access list was removed ages ago (I can't remember when, but I got issued a VPN one time password keyfob thang shortly after I started back at PlusNet). For access to workplace, you have to be on our network, connected via VPN. As it happens, one of my tasks over the last few months has been working on the feasibility of reselling the cryptocard managed solution we use for workplace to our customers, although it hasn't really gone anywhere as of yet due to other priorities.

IMO the problem here isn't that we don't take security seriously across the board, but we certainly didn't take the security of the existing webmail platform seriously enough, perhaps because we were too busy planning to replace it - lets wait to see what tomorrows report brings before we discuss this element further though.

Out of interest hotblack, which ISPs do offer SSL based email / FTP as standard? I agree it's a good idea, especially for us now, but I don't think it's standard for an ISP to provide these is it?

Ian

Ian Wild
PlusNet Product Development Team

About the Comms Team
Our Portal Forums
The UserGroup Forums
The above post has been made by an ISP REPRESENTATIVE (although not necessarily the ISP being discussed in the post).
Standard User blewit
(committed) Tue 22-May-07 17:50:51
Print Post

Re: Strong Passwords!


[re: IanWild] [link to this post]
 
In reply to:

FYI, The IP access list was removed ages ago (I can't remember when, but I got issued a VPN one time password keyfob thang shortly after I started back at PlusNet). For access to workplace, you have to be on our network, connected via VPN.




Well - there you go then ...
Standard User h0tblack
(knowledge is power) Tue 22-May-07 19:50:27
Print Post

Re: Strong Passwords!


[re: IanWild] [link to this post]
 
If we're talking ISP's then Nildram certainly do. Beyond that I use GMail and they have SSL on web, POP3 and SMTP. SSL is pretty standard these days for serious email providers. As people often use the same details for their account as their email with PlusNet it's even more reason to not have it passed in the clear. It could easily give anyone access to someone's account.

This has been asked for dozens of times over the years and I know I've had lengthy discussion on various PlusNet forums about it. But every time it gets knocked back.

As an aside, some of the instructions for setting up email clients shown on the portal even show turning on SSL as one of the steps.
Standard User deleted
(deleted) Wed 23-May-07 01:32:20
Print Post

Re: Strong Passwords!


[re: blewit] [link to this post]
 
it should be firewalled off totally so that a connection attempt cannot even get through. if an index site such as netcraft can get to it, im assuming a normal connection attempt can.

Edited by deleted (Wed 23-May-07 01:42:27)

Standard User deleted
(deleted) Wed 23-May-07 01:33:13
Print Post

Re: Strong Passwords!


[re: IanWild] [link to this post]
 
In reply to:

Out of interest hotblack, which ISPs do offer SSL based email / FTP as standard? I agree it's a good idea, especially for us now, but I don't think it's standard for an ISP to provide these is it?




ukfsn perhaps? i dunno about isps, but its certainly been common practice within the half-decent webhosts to do just that for a long time.
Pages in this thread: 1 | 2 | 3 | 4 | 5 | [6] | 7 | (show all)   Print Thread

Jump to