Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Content Security Gateway in DWD & BVBW

Similar presentations

Presentation on theme: "The Content Security Gateway in DWD & BVBW"— Presentation transcript:

1 The Content Security Gateway in DWD & BVBW
Hans Janßen Beijing, May, 2004

2 Current e-Mail Status at DWD

3 1. E-Mail - Concept 2. The CS - Gateway 3. Other Security Measures

4 MX-Records for DWD domains point to entry1/2.
MX-Records for BVBW domains point to entry1/2. Internet Forward all outgoing s towards the Internet to entry1/2. Internet Router dns dns BVBW FW DWD Firewall mailgate Intranet Router entry1 entry2 Intranet Router Relay mails for BVBW to BVBW-MTA & those for DWD to DWD-MTA DWD Intranet BVBW WAN Internal link between DWD Intranet & BVBW WAN

5 Common Gateway Both Security Policies of BVBW and DMRZ demand a central virus protection at the Internet gateway A common gateway saves acquisition and service costs and expedites the ROI Central gateway, but local administration Caution: Legal aspects: labor agreement, works council, data protection officer, company lawyers

6 Services of the CS-Gateway
Central virus protection at the Internet gateway Filter out potentially malicious file attachments (.vbs, .exe, etc.) Tag, but not filter spam  user is requested to create client filter rule(s) Block mass (spam-) Moreover: Virus protection for http and traffic

7 1. Email - Concept 2. The CS - Gateway 3. Other Security Measures

8 The CS-Gateway in detail (I)
SuSE-Linux Enterprise Server 8 (SLES) Linux Virtual Server (LVS) Bases entirely on Open Source Software (currently: commercial virus scan engine) Good scalability through clustering Redundancy through Backup-Entry-Node and node clustering Load balancing through LVS-Architecture

9 The CS-Gateway in detail (II)
Node 1 Entry 1 Node 2 http / smtp Firewall Node 3 Entry 2 Node n dedicated service net private net

10 The CS-Gateway in detail (III)
Amavisd-new Postfix Spamasassin F-protd Mime + Attach. Squid privates Netz

11 The CS-Gateway in detail (IV)
Postfix: Secure, flexible standard MTA Amavisd-new: stops viruses & malware (f-prot), attachment- and MIME-type filter, per domain quarantine queues, individualized notification message texts f-prot: virus scanner (coming next: Symantec Antivirus) Squid (DansGuardian): http traffic

12 The CS-Gateway in detail (V)
Spamassassin: Heuristic spam detection Header analysis Body analysis Black(hole)lists/Whitelists Easy upgrade Self learning database Manual learning possible Widely used tool Spam score classification Tagging only Few False/Positives

13 The CS-Gateway in detail (VI)
Squid + DansGuardian: Http-traffic scan Uses same virus scanner (f-prot) to scan for viruses Supports MIME-type and attachment filters Supports (commercial) URL filter lists Supports content filtering (e.g. downloads)

14 The CS-Gateway in detail (VII)
Management: Web-based management interface based on Apache web server and cgi scripts Using https with high encryption for safety Squirrel mail for per domain quarantine queues MRTG & RRD Tool for statistics Cron jobs for updates and queue management

15 The Spam Header From Fri Aug 29 14:21:20 2003
Received: from localhost [ ] by lea with SpamAssassin ( exp); Fri, 29 Aug :21: From: To: "Postmaster" Subject: ***DWD-CSG: Spam*** Laser Toner. Date: Wed, 20 Aug :37: Message-Id: X-Spam-Flag: YES X-Spam-Status: Yes, hits=10.4 required=5.0 tests=ACCEPT_CREDIT_CARDS,FRONTPAGE,HTML_80_90,HTML_FONT_BIG, HTML_FONT_COLOR_BLUE,HTML_FONT_COLOR_GRAY, HTML_FONT_COLOR_GREEN,HTML_FONT_COLOR_RED, HTML_FONT_COLOR_UNSAFE,HTML_FONT_FACE_ODD,HTML_MESSAGE, HTML_TABLE_THICK_BORDER,MAILTO_TO_REMOVE, MAILTO_TO_SPAM_ADDR,MAILTO_WITH_SUBJ, MAILTO_WITH_SUBJ_REMOVE,NO_REAL_NAME,SATISFACTION, SUBJ_REMOVE,TONER version=2.55 X-Spam-Level: ********** X-Spam-Checker-Version: SpamAssassin 2.55 ( exp) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=" =_3F4F E40FE" TAG subject when Spam-Level exceeds configurable limit Number of stars represents spam probability

16 System runs stable since November 2003
Experiences System runs stable since November 2003 > mails/day (back scatter) without problems Spam detection pretty reliable, however users have problems with own spam filter rules Http-traffic causes heavy memory utilization because of large file downloads -> scan limits, memory expansion Additional features required (address clustering, spam back feed, http scan for other BVBW offices, ...)

17 Statistics (I)

18 Statistics (II)

19 Statistics (III)

20 1. Email - Concept 2. The CS - Gateway 3. Other Security Measures

21 Intrusion Detection System
IDS required according to DWD Security Policy Difficulty: switched network & multiple service nets Central IDS management and log server Simple probe basing upon Snort Management runs ACID (web-based interface) Live trial has started in week 17 scanning for trojans & worms within DWD

Download ppt "The Content Security Gateway in DWD & BVBW"

Similar presentations

Ads by Google