Windows NT provides built-in security that controls:
Windows NT security provides a high level of security both for stand-alone computers and for Windows NT–based networks. However, the MailSrv tool uses only the clear-text password authentication of POP3. Passwords are sent over the network in readable (clear) format and are not encrypted. Administrators must plan for security on networks that use the MailSrv tool. They must consider the potential for unauthorized users acquiring passwords and subsequent malicious tampering with Internet communications.
You can use the classification of Internet communications in Table 7.2 to identify your enterprise security requirements when using SMTP/POP3. For additional information on security, see Chapter 3, "Server Security on the Internet."
Table 7.2 Enterprise Security Guidelines
Type of communication | Description |
General communications | Include private mail or limited access to public-domain data published on a Web server. Communication authentication and integrity are based on password systems. |
Business communications | Include intra-organization business mail, correspondence, data, and public correspondence (such as product advertising) and information (such as customer support service). Authentication and message integrity, as well as privacy, can be critically important and require more sophisticated control than for general communications. |
Financial transactions | Are not suitable for mail communication because of the need for high security control. Additionally, financial data is often partitioned. Each party to the communication needs some of the data, but not all of the parties need (or should have) all the data. |