RE: Securing Corporate Web Based Email

From: Shawn Jackson (sjackson_at_horizonusa.com)
Date: 01/29/04

  • Next message: Glen L. Bowes: "RE: Internal Instant Messaging"
    Date: Thu, 29 Jan 2004 11:13:31 -0800
    To: "Jeff McLaughlin" <JMclaughlin@springsgov.com>, <security-basics@securityfocus.com>
    
    

    >From: Jeff McLaughlin [mailto:JMclaughlin@springsgov.com]

    >Although, ensuring virus protection on all workstations is a start,
    >we also have needs to filter content and track abuse. For example,
    >our corporate mail is scanned for content, spam, large attachments
    >and viruses before reaching the desktop. Web mail would of course
    >bypass this.

    Untrue, we run Microsoft Exchange 2000 and web-based email is subject
    to all the restrictions that normal email does. Because the scanning
    blocking and monitoring take place on, or before, the server/mailbox
    direct or IMAP access to the user mailbox will garner the same
    information
    if they accessed it from POP client.

    >One question I have is, is there a document/paper that addresses web
    >mail content providers and examines how successful they are in scanning

    >outgoing mail for viruses.

    All of the providers/vendors do, but it's just useless sales cannon
    fodder.

    >A second, any known appliances or software that can assist with web
    >based mail content and tracking abuse.

    We demoed Surf Controls email filter. This product sat before the
    groupware
    server and screened, scanned and monitored all email traffic and logged
    everything to a SQL database. Because this was done before it ever
    reached
    the mail server there is no way for the user to bypass the security and
    filter restrictions. Surf control also had some nice web interfaces to
    run reports against the database and see what the email/users are doing.
    It
    was a nice product, but out of my price range.

    Shawn Jackson
    Systems Administrator
    Horizon USA
    1190 Trademark Dr #107
    Reno NV 89521

    www.horizonusa.com
    Email: sjackson@horizonusa.com
    Phone: (775) 858-2338
                 (800) 325-1199 x338

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------


  • Next message: Glen L. Bowes: "RE: Internal Instant Messaging"

    Relevant Pages

    • RE: iptables firewall
      ... disabled so is your server, ... defeat a NAT filter is to plant a Trojan inside the network, ... i need to know how a hacker can defeat this. ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
      (Security-Basics)
    • Re: March 29, 2006 total eclipse - IT admins WORST NIGHTMARE
      ... and NewsProxy is the answer for that. ... > Comcast news server. ... simply filters out what I dont want on the network. ... NewsProxy - Network level killfile and content filter for Usenet. ...
      (comp.security.firewalls)
    • Re: Getting rid of SMTP Q emails
      ... DWord for contentfilterstate to 1. ... That's too fun about restarting the SMTP service. ... I am going to whip this server in shape and get the SPAMMING under control. ... After you added connection filter provider you need to ...
      (microsoft.public.windows.server.sbs)
    • Re: Security Logs are hard to read
      ... But there are thousands of events in the security logs during this time. ... If I filter by the user name, ... Is the server box running on the SBS 2003 server? ... server status report for you to monitor the server to ensure the server ...
      (microsoft.public.windows.server.sbs)
    • Re: SMTP Connectors with massive queues .. How do i stop this?
      ... >report) to the sender. ... entitled: "Clean Up the Exchange ... >Drop connection if address matches filter ... >c) Default SMTP Server ...
      (microsoft.public.windows.server.sbs)