A digression into Security and Email

Since I came back to Trinidad I didn’t bother to put back a phone line
at home because of various past abuses and subsequent unpaid bills by
family members (*sigh* living with family again sigh). So until the GreenDot wireless DSL service
came along recently, I had no Internet access other than student access through
UWI’s wireless Internet on campus.
UWI’s security policy is obscene though, when I look on it as a fellow IT Professional. It makes little
sense to me since their systems still have big holes, and as
any good IT Security analyst knows, insufficient security is only
slightly better than none at all and is still nowhere close to
good
security. UWI’s internet access blocks basic POP3 access to receiving email and SMTP access to sending email, yet through social engineering on the part of any person who speaks English (and even some who don’t)
who steps on campus, one can determine within a day how to file share
with certain P2P clients or bypass the security login for Internet surfing by utilising
instead open gateway servers….
Their policy is perhaps more obscene to me as a normal yet saavy Internet user. Let me first state my credentials for making such a bold statement that goes against that of the supposedly intelligent UWI policymakers. I’ve been using the net for 10 years now, I got online just after Windows 95 was released but I still knew about the need for Winsock clients in Windows 3.1. My first WWW experience was surfing with Lynx, because Netscape was now pushing
2.0 and it took too long to download over a slow 14.4k connection to the Internet. I know about the times of Gopher, Usenet and MUD. I’ve seen Pointcast and push-technologies promoted as the future of information syndication, VRML promoted and sites built because it was thought to be the future of Internet surfing, and something called
Palace with its cool avatars and movable rooms promoted as the future of online chat. I was there when there was no Google and searches by Yahoo were paled in comparison to the power of Altavista searches. I was there before there was MSN Messenger, or even ICQ, and when IRC was king. I’ve also scene many of those technologies disappear completely for one reason or another or simply replaced with something better.
There are standard protocols which have stood the test of time, HTTP, FTP, POP3, SMTP to name a few, they have evolved but never been replaced. When analysed I can tell you that the three protocols that every student needs to have access to for it to be called Internet access, these are HTTP for browsing the net, and POP3 and SMTP for receiving and sending emails.
There are still holes where viruses can penetrate the network otherwise, what’s the point of blocking one way in if there are 2 others still open for attack? If one has the perspective that the volume of users for POP3 is greater hence making security more risky, one fails to understand that this is a weighted risk equation, not an equal weight equation. The weighted riskiness of the lesser number of users using the higher risk technologies like P2P would make insignificant the weight of users being given POP3 access who requested it.
It just doesn’t make sense to block the basic building block protocols of the Internet as we know it if the more recent ones still go through.
Block all or block none, you either implement a policy to have proper security or implement no policy, since that’s basically what you are doing now with the improper security existing. The POP3 user like myself suffers, while the amateur file sharing, non-UWI student still gets his music videos with time to spare.
There ARE disadvantages to webmail, despite what Hotmail happy users have gotten used to. Think about it, wouldn’t it be nice to access your email offline when one is at home and far away from the Internet. POP3 mail users CAN.
The level of complexity introduced for a webmail user without POP3 access to download ALL of his
or her email, especially when it comes to categorising it and making it searchable in some manner similar to how a typical POP mail client does it makes those who are used to POP mail groan at the thought of webmail.
So I’ve been on webmail (and groaning) for the last year or so thanks to this “security” policy at UWI.
Typical POP mail client in UWI would probably be Outlook Express, or Outlook 2003 for those who afford it, so in a sense the block of POP mail is more justified than if the users were Linux users or even Windows users running Thunderbird or Evolution…
All the more reason the advocacy of open-source alternatives must continue…
There’s not any cool stuff to mention in Outlook 2003 or Outlook Express for those who already were used to Evolution :-P But they ARE cool features when compared to the limitations Webmail imposes. The
first thing I said when I first saw Outlook 2003 (especially the whole
“Junk Mail” folder everyone loves) was that it bore a strong resemblance
to Evolution and the features I had available in that software for about
a year previous to Outlook 2003 release (especially the junk mail
filter, except Evolution was more powerful since it could integrate
SpamAssassin to filter junk mail progressively and adaptively, rather
than having the need to continuously download outdated Junk Mail list updates). Webmail has the spam and junk mail filtering, but you have to make sure you’re with an ISP or mail hosting service that supports those features, and trust THEM to keep it secure for you.
Sadly, like the Matrix, noone can be told how much more useful POP mail is, they can only see it for themselves once they use it. Hopefully one day, UWI students will wake up and the war with the policy makers will be over and we can finally benefit from TRUE Internet access on campus.

Leave a reply