Re: [fw-wiz] Securing email by inhibiting urls



Cisco Ironport or McAfee's two offerings: Email & Web Security Appliance or
Email Gateway.

The McAfee products used to be Secure Computing's Ironmail appliances, but
were bought with the Secure Computing acquisition.

Additionally, you should implement a true URL and content filtering service..
Even if an email gets through here or there, clicking on the link in it
will do more or less nothing if you have a "good" content-filtering proxy.

At my last job, we implemented McAfee's Email Gateway which filtered out a
very high percentage of junk incoming--you have to turn it on and take a lot
of time configuring/tweaking it. We also used Trend Micro's InterScan Web
Security product for web content filtering. The Trend-Micro product is
based on Squid and some other open and non-open source products. We didn't
want to take the time rolling our own Squid-based solution, and instead paid
for that one. Ran both for a year+ without any known infections.

I do know that we had all of the popular safeguards turned on on the McAfee
appliance(s). SPF checking, blacklist checking with 4 different blacklists,
reverse DNS lookup on the sending IP address, etc. We also only allowed
delivery to addresses that could be verified valid by looking them up in
Active Directory. If some server was attempting to send to a bunch of
addresses that didn't even exist in our environment, that server was
automatically banned from sending emails to us for X amount of time. This
cut down on a LOT of junk.

Disabling all the tools that people need to do their jobs won't help the
situation. You need to get a good all-around solution and customize it to
your environment--put a LOT of time into configuring and testing it. It
took me personally about 40 hours to get the McAfee appliances working
exactly how I wanted them to.


On Thu, Aug 11, 2011 at 8:40 AM, Raphael Rivera <rafinous@xxxxxxxxx> wrote:

Chris,

Have you all tried barracuda spam firewall?

Sent from my iPhone

On Aug 1, 2011, at 2:46 PM, "Chris" <chughes@xxxxxxx> wrote:

A company I work for has been having great difficulty in securing against
email attacks. So far we have disabled access to webmail, implemented
rules and processes to block freemail services like hotmail etc until the
sender registers the address and of course a spam filter (BrightMail).
Attachment filtering is pretty strict as well.****

** **

The threat that presents the biggest challenge is url links in emails. The
common method of attack is an email from somedomain.com where they change
one character or otherwise make the address look valid (ie:
<joe@xxxxxxxxxxxxxx>joe@xxxxxxxxxxxxxx or <j0e@xxxxxxxxxxxxxx>
j0e@xxxxxxxxxxxxxx etc).****

** **

I was looking for a way to spot and block hyperlinks but it looks like the
only option I have is to filter on these and send them to a spam bin. I’d
rather yank the offending hyperlink and replace it with a message of some
sort. Unfortunately BrightMail doesn’t offer that capability.****

** **

Any products that do this or ideas on a solution?****

** **

Thanks****

_______________________________________________

firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: Asking about anti-virus programs
    ... I believe I have enabled the one that came with McAfee, ... because "Microsoft Windows Update" flagged it. ... than my firewall is enabled. ... There are also security updates for Office at ...
    (microsoft.public.security)
  • Asking about anti-virus programs
    ... Any experts out there that can answer security protection ... I purchased the Windows XP, hp pavilion 780n with the 950 ... I figured McAfee was fine and that I ...
    (microsoft.public.security)
  • Re: microsoft update not working
    ... You should have downloaded/run the McAfee Consumer Products Removal Tool ... before you installed the Comcast's Norton Security Suite freebie. ... To save changes to your settings for this website, ...
    (microsoft.public.windowsupdate)
  • Re: Asking about anti-virus programs
    ... > McAfee one already on your machine? ... > 3) Keep windows updated via www.microsoft.com/windowsupdate. ... > the security settings in Internet Explorer you'll see how to make IE ... >> did install the Microsoft Security MS03-026 within less ...
    (microsoft.public.security)
  • Antivirus programs unreliable during critical coverage gap
    ... The reactive nature of IT security is a well-known weakness that puts ... and Stuart Staniford is their chief scientist. ... to detect new malware more-or-less at the same time as VirusTotal.  ... Examine Staniford's data compared to the McAfee article I ...
    (comp.sys.mac.advocacy)