More Info on this Product:
MXtreme Overview
 ROI Calculator
 News
 Anti-Spam/Anti-Virus
 BrightMail for MXtreme
 Appliance Options
 Secure Webmail
 High-Availability
 White Paper
 Consultant White Paper
 Evaluation

Winning Strategies eNews

 


View/Request the latest 
ReSoft Product Catalog (pdf)

Home

 
 
 
MXTREME EMAIL FIREWALL APPLIANCE - SECURE WEBMAIL
 

MXtreme provides two distinct but equally secure mechanisms for accessing internal mailboxes using a remote browser. Both mechanisms are secured as follows:

Authentication

When the user connects to MXtreme, they are prompted for a userid/password combination. This authentication layer establishes only a session on MXtreme.

The user's profile determines which (if any) internal mail server may be accessed. A default server may be defined. MXtreme will authenticate the user with the default internal server using the cached userid/password combination - providing a convenient single sign on mechanism.

For more security, the authentication details can be different on the internal server than on MXtreme. In this case, two authentication steps must be completed.

Radius authentication

MXteme can be configured to accept any userid/password combination and try it against a specified internal Radius server. The significance of this feature is that a user account does not have to be created on MXtreme before a user can use the Secure Web Mail interface.

This radically simplifies the implementation of Secure Web Mail services without compromising MXtreme's security protection for the whole process.

Strong authentication

Where security is paramount, MXtreme can require strong authentication. Currently supported authentication cards include RSA SecurID and CryptoCard. Additional cards are being implemented. 

Encryption

All communications with MXtreme can be encrypted using TLS/SSL. This includes the web mail browser session and the communications between MXtreme and the internal servers. Complete confidentiality is thus assured.

BorderPost

BorderPost is used to access any standards based IMAP server, for example MS Exchange. All major mail servers support IMAP and this allows for the messages to be viewed, replied to, deleted etc. using a remote client. However, IMAP does not remove the messages from the server (as does POP access). Users who have read their email using BorderPost using a remote connection will find that their email is readily accessible when they return to their offices and use their workstation mail client.

BorderPost is a full-function mail client that includes folder handling, contact lists etc.

Secure Web Mail for OWA

This interface provides a highly secure mechanism for using OWA (Outlook Web Access). OWA provides almost the same interface as Outlook 2000, and is therefore very attractive to users who run Outlook 2000 on their workstations. With OWA, they can see all their mail, their contacts, calendar etc. as it is stored on the Exchange server.

However, OWA presents many challenges:

  1. Deployment
    OWA must run on Microsoft IIS, and this has numerous well-publicized vulnerabilities. Underlying IIS is likely to be Windows NT or 2000. As general-purpose operating systems, these are ill suited to be exposed to direct Internet attack and have also been repeatedly hacked. Finally, there is Exchange itself, and this has also been the subject of many security advisories.

    Many schemes have been devised to deal with these issues. Placing OWA on a server behind a firewall on a DMZ results in some complex configuration proxy definitions so that the system can access the internal Exchange server. And, since the OWA server is still directly accessible from the internet, it is still vulnerable to be snooped or compromised.

  2. Insecure Logoff
    OWA relies on HTTP authentication methods to control the session, and this means that the userid/password is cached on the remote system. Unless the user closes ALL HTTP sessions on the remote system (and this is not always possible at internet kiosks), then that information may be retrieved and reused.

Secure Web Mail for OWA resolves these issues.

  1. MXtreme can be deployed with a direct connection to the internet with confidence. A hardened OS, specific security measures, buffer-overflow protection etc. all combine to resist hackers. MXtreme acts as an application firewall for OWA, protecting the internal systems from attack.

    This results in minimum disturbance to the main corporate firewall, removing the risk of mis-configuration leading to a new exposure.

  2. The OWA connection is managed using a full application proxy. MXtreme completely recreates all the HTTP requests made by the external client to the internal OWA MS Exchange server.

Benefits include:

  1. There is no direct connection to the OWA/IIS system, thus resolving all vulnerabilities associated with those applications.
  2. Authentication: not only is an extra layer added, no authentication material is stored on the remote system. As soon as the user logs out (or the session times out), all session information disappears.

MXtreme is a trademark of Borderware Technologies Inc..

Need more information or pricing?  Contact Us.

Home | Products | Contact | Resources | News | Customers | About | Free E-News

Copyright © ReSoft International LLC 1997-2004 :  Privacy Statement
All rights reserved. All trademarks, servicemarks are respected.
ReSoft International LLC · PO Box 124, New Canaan CT 06840 : Tel: 203 972 8462