Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Content Security Gateway in DWD & BVBW

Published byEmma McCracken Modified over 10 years ago

Similar presentations

Presentation on theme: "The Content Security Gateway in DWD & BVBW"— Presentation transcript:

1 The Content Security Gateway in DWD & BVBW
Hans Janßen Beijing, May, 2004

2 Current e-Mail Status at DWD

3 1. E-Mail - Concept 2. The CS - Gateway 3. Other Security Measures

4 MX-Records for DWD domains point to entry1/2.
MX-Records for BVBW domains point to entry1/2. Internet Forward all outgoing s towards the Internet to entry1/2. Internet Router dns dns BVBW FW DWD Firewall mailgate Intranet Router entry1 entry2 Intranet Router Relay mails for BVBW to BVBW-MTA & those for DWD to DWD-MTA DWD Intranet BVBW WAN Internal link between DWD Intranet & BVBW WAN

5 Common Gateway Both Security Policies of BVBW and DMRZ demand a central virus protection at the Internet gateway A common gateway saves acquisition and service costs and expedites the ROI Central gateway, but local administration Caution: Legal aspects: labor agreement, works council, data protection officer, company lawyers

6 Services of the CS-Gateway
Central virus protection at the Internet gateway Filter out potentially malicious file attachments (.vbs, .exe, etc.) Tag, but not filter spam  user is requested to create client filter rule(s) Block mass (spam-) Moreover: Virus protection for http and traffic

7 1. Email - Concept 2. The CS - Gateway 3. Other Security Measures

8 The CS-Gateway in detail (I)
SuSE-Linux Enterprise Server 8 (SLES) Linux Virtual Server (LVS) Bases entirely on Open Source Software (currently: commercial virus scan engine) Good scalability through clustering Redundancy through Backup-Entry-Node and node clustering Load balancing through LVS-Architecture

9 The CS-Gateway in detail (II)
Node 1 Entry 1 Node 2 http / smtp Firewall Node 3 Entry 2 Node n dedicated service net private net

10 The CS-Gateway in detail (III)
Amavisd-new Postfix Spamasassin F-protd Mime + Attach. Squid privates Netz

11 The CS-Gateway in detail (IV)
Postfix: Secure, flexible standard MTA Amavisd-new: stops viruses & malware (f-prot), attachment- and MIME-type filter, per domain quarantine queues, individualized notification message texts f-prot: virus scanner (coming next: Symantec Antivirus) Squid (DansGuardian): http traffic

12 The CS-Gateway in detail (V)
Spamassassin: Heuristic spam detection Header analysis Body analysis Black(hole)lists/Whitelists Easy upgrade Self learning database Manual learning possible Widely used tool Spam score classification Tagging only Few False/Positives

13 The CS-Gateway in detail (VI)
Squid + DansGuardian: Http-traffic scan Uses same virus scanner (f-prot) to scan for viruses Supports MIME-type and attachment filters Supports (commercial) URL filter lists Supports content filtering (e.g. downloads)

14 The CS-Gateway in detail (VII)
Management: Web-based management interface based on Apache web server and cgi scripts Using https with high encryption for safety Squirrel mail for per domain quarantine queues MRTG & RRD Tool for statistics Cron jobs for updates and queue management

15 The Spam Header From JRBrunleycdvu@attbi.com Fri Aug 29 14:21:20 2003
Received: from localhost [ ] by lea with SpamAssassin ( exp); Fri, 29 Aug :21: From: To: "Postmaster" Subject: ***DWD-CSG: Spam*** Laser Toner. Date: Wed, 20 Aug :37: Message-Id: X-Spam-Flag: YES X-Spam-Status: Yes, hits=10.4 required=5.0 tests=ACCEPT_CREDIT_CARDS,FRONTPAGE,HTML_80_90,HTML_FONT_BIG, HTML_FONT_COLOR_BLUE,HTML_FONT_COLOR_GRAY, HTML_FONT_COLOR_GREEN,HTML_FONT_COLOR_RED, HTML_FONT_COLOR_UNSAFE,HTML_FONT_FACE_ODD,HTML_MESSAGE, HTML_TABLE_THICK_BORDER,MAILTO_TO_REMOVE, MAILTO_TO_SPAM_ADDR,MAILTO_WITH_SUBJ, MAILTO_WITH_SUBJ_REMOVE,NO_REAL_NAME,SATISFACTION, SUBJ_REMOVE,TONER version=2.55 X-Spam-Level: ********** X-Spam-Checker-Version: SpamAssassin 2.55 ( exp) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=" =_3F4F E40FE" TAG subject when Spam-Level exceeds configurable limit Number of stars represents spam probability

16 System runs stable since November 2003
Experiences System runs stable since November 2003 > mails/day (back scatter) without problems Spam detection pretty reliable, however users have problems with own spam filter rules Http-traffic causes heavy memory utilization because of large file downloads -> scan limits, memory expansion Additional features required (address clustering, spam back feed, http scan for other BVBW offices, ...)

17 Statistics (I)

18 Statistics (II)

19 Statistics (III)

20 1. Email - Concept 2. The CS - Gateway 3. Other Security Measures

21 Intrusion Detection System
IDS required according to DWD Security Policy Difficulty: switched network & multiple service nets Central IDS management and log server Simple probe basing upon Snort Management runs ACID (web-based interface) Live trial has started in week 17 scanning for trojans & worms within DWD

Download ppt "The Content Security Gateway in DWD & BVBW"

Similar presentations

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 22 Simple Mail Transfer Protocol (SMTP)

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 22 Simple Mail Transfer Protocol (SMTP)
What’s New in Fireware XTM

What’s New in Fireware XTM
1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
Info to Enterprise Migration Implementation Case Study: SBC Corporation Presented to the Crystal Decisions Regional Users Group for the Bay Area on October.

Info to Enterprise Migration Implementation Case Study: SBC Corporation Presented to the Crystal Decisions Regional Users Group for the Bay Area on October.
© 2002 D & D Enterprises 1 Linking Images For Navigation & Clickable Image Maps.

© 2002 D & D Enterprises 1 Linking Images For Navigation & Clickable Image Maps.
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Installation & management of SUSE.

© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Installation & management of SUSE.
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Installation & management of SUSE.

© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Installation & management of SUSE.
Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.

Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.
eSafe Implementation Topologies

eSafe Implementation Topologies
Filtragem Email Filtragem de Email com Red Hat Linux Implementações Práticas e Apresentação de Laboratórios Ruben Oliveira RHCE RHCX MCSE MCITP.

Filtragem Filtragem de com Red Hat Linux Implementações Práticas e Apresentação de Laboratórios Ruben Oliveira RHCE RHCX MCSE MCITP.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
NetSEC: metrology-based application for network security Jean-François SCARIOT Bernard MARTINET Centre Interuniversitaire de Calcul de Grenoble TNC 2002.

NetSEC: metrology-based application for network security Jean-François SCARIOT Bernard MARTINET Centre Interuniversitaire de Calcul de Grenoble TNC 2002.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
1 Linux IP Masquerading Brian Vargyas XNet Information Systems.

1 Linux IP Masquerading Brian Vargyas XNet Information Systems.
Addition Facts 1 - 20.

Addition Facts
The Internet Unit Information Systems, Higher. The Internet HTML Two sets of notes.

The Internet Unit Information Systems, Higher. The Internet HTML Two sets of notes.
Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3

Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.

Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.
Solutions for businesses. Keep It Secure Contents Protection objectives Network secured Supplementary products Unique.

Solutions for businesses. Keep It Secure Contents Protection objectives Network secured Supplementary products Unique.

Similar presentations

Ads by Google