We would like to allow employees to access their email while outside of the office. What are some of the options available? Which is most secure? What is the ?BEST? combination of security and convenience?
Possibilites :
Direct dial to Domino server via Notes client
Browser access to mail file replica on ‘external’ server
Require client certificates for browser authentication
Open port 1352 in firewall to allow Notes clients to access ‘internal’ mail server directly over internet
POP3 access to ‘internal’ server (using Outlook or a Notes client)
Any other ideas?
Thanks in advance,
Marc Robson
Subject: The most secure method of accessing mail while out of the office …
most secure is to use a VPN client to connect to the firewall. You can then set up notes as if you are in the office. That way you don’t need to give it an external ip address. From there you can either have a notes client, inotes or just webmail.
As soon as you give it an external IP address then you really need to look at making it 100% secure & I would also make sure it’s on a DMZ and not on your main network.
I wouldn’t use a direct dial just because its really inconvenient.
Subject: RE: The most secure method of accessing mail while out of the office …
What about having a public IP address that NATs at your firewall to your Domino server. From there only allow port 80 and 443 to your Domino server. You could also force the Domino server to force all port 80 traffic to 443 (ssl) and get a certificate from someone like Thawte. Then just tell people that if they’re away they should use iNotes or WebMail depending on the connection speed. This should be a pretty secure configuration. It would also allow for access from any computer - which could be good if these people have to access their mail from a kiosk at a conference or something like that.
Subject: RE: The most secure method of accessing mail while out of the office …
The most secure method will assuredly be using the Notes client rather than a web browsers. Certificate control is considerably more reliable with the native client.