1-888-77-Kerio
Home » Categories » Kerio Connect » Server configuration » Security
Icon Printer Icon Email      Icon Twitter Icon Digg Icon Stumbleupon Icon de.icio.us Icon FaceBook

Securing Kerio Connect

Issues to address

Configuring your firewall

If you install Kerio Connect in a local network behind a firewall, map these ports as follows:

Service (default port) Incoming connection
SMTP (25) allow
SMTPS (465) allow
SMTP Submission (587) allow
POP3 (110) deny
POP3S (995) allow
IMAP (143) deny
IMAPS (993) allow
NNTP (119) deny
NNTPS (563) allow
LDAP (389) deny
LDAPS (636) allow
HTTP (80, 4040, 8800) deny
HTTPS (443, 4040, 8443) allow

Services to be allowed on the firewall

Password policy

Read Password policy in Kerio Connect for detailed information on user passwords.

Configuring a secure connection to Kerio Connect

Kerio Connect can do either of the following:

Go to Configuration → Security → Security Policy to select your preferred security policy.

You can define a group of IP addresses that can authenticate insecurely (for example, from local networks).

Image

Securing user authentication

If you select the Require secure authentication option, users must authenticate securely when they access Kerio Connect.

You can select any of the following authentication methods:

  • CRAM-MD5 — password authentication using MD5 digests

  • DIGEST-MD5 — password authentication using MD5 digests

  • NTLM — use only with Active Directory

  • SSL tunnel if no authentication method is used

Image

If you select more than one method, Kerio Connect performs the first available method.

If users' passwords are saved in the SHA format:

  • Select PLAIN and/or LOGIN.

  • Do not map users from a directory service.

Encrypting user communication

If you select the Require encrypted connection option, clients connect to any service via an encrypted connection (the communication cannot be tapped).

You must allow the secured version of all service you use on your firewall.

Many SMTP servers do not support SMTPS and STARTTLS. To provide advanced security, the SMTP server requires secure user authentication.


comments powered by Disqus