Presentation is loading. Please wait.

Presentation is loading. Please wait.

3/1/2014Torsten Goss-Walter, DWD- 1 - The Content Security Gateway in DWD & BVBW Hans Janßen Beijing, 10 - 14 May, 2004.

Similar presentations

Presentation on theme: "3/1/2014Torsten Goss-Walter, DWD- 1 - The Content Security Gateway in DWD & BVBW Hans Janßen Beijing, 10 - 14 May, 2004."— Presentation transcript:

1 3/1/2014Torsten Goss-Walter, DWD- 1 - The Content Security Gateway in DWD & BVBW Hans Janßen Beijing, 10 - 14 May, 2004

2 3/1/2014Torsten Goss-Walter, DWD- 2 - Current e-Mail Status at DWD

3 3/1/2014Torsten Goss-Walter, DWD- 3 -

4 3/1/2014Torsten Goss-Walter, DWD- 4 - DWD IntranetBVBW WAN Internet Internet Router Intranet Router entry1 entry2 mailgate dns DWD Firewall BVBW FW Relay mails for BVBW to BVBW-MTA & those for DWD to DWD-MTA MX-Records for BVBW domains point to entry1/2. Forward all outgoing e-mails towards the Internet to entry1/2. Internal link between DWD Intranet & BVBW WAN MX-Records for DWD domains point to entry1/2.

5 3/1/2014Torsten Goss-Walter, DWD- 5 - Common E-Mail Gateway Both Security Policies of BVBW and DMRZ demand a central virus protection at the Internet gateway A common gateway saves acquisition and service costs and expedites the ROI Central gateway, but local administration Caution: Legal aspects: labor agreement, works council, data protection officer, company lawyers

6 3/1/2014Torsten Goss-Walter, DWD- 6 - Services of the CS-Gateway Central virus protection at the Internet gateway Filter out potentially malicious file attachments (.vbs,.exe, etc.) Tag, but not filter spam e-mail user is requested to create client filter rule(s) Block mass (spam-) e-mail Moreover: Virus protection for http and traffic

7 3/1/2014Torsten Goss-Walter, DWD- 7 -

8 3/1/2014Torsten Goss-Walter, DWD- 8 - The CS-Gateway in detail (I) SuSE-Linux Enterprise Server 8 (SLES) Linux Virtual Server (LVS) Bases entirely on Open Source Software (currently: commercial virus scan engine) Good scalability through clustering Redundancy through Backup-Entry-Node and node clustering Load balancing through LVS-Architecture

9 3/1/2014Torsten Goss-Walter, DWD- 9 - The CS-Gateway in detail (II) Entry 1 Entry 2 Node 1 Node 2 Node 3 private net dedicated e-mail service net Firewall http / smtp Node n

10 3/1/2014Torsten Goss-Walter, DWD- 10 - The CS-Gateway in detail (III) privates Netz Postfix Amavisd-new Spamasassin F-protd Squid Mime + Attach.

11 3/1/2014Torsten Goss-Walter, DWD- 11 - The CS-Gateway in detail (IV) Postfix: Secure, flexible standard MTA Amavisd-new: stops viruses & malware (f-prot), attachment- and MIME-type filter, per domain quarantine queues, individualized notification message texts f-prot: virus scanner (coming next: Symantec Antivirus) Squid (DansGuardian): http traffic

12 3/1/2014Torsten Goss-Walter, DWD- 12 - The CS-Gateway in detail (V) Spamassassin: Heuristic spam detection Header analysis Body analysis Black(hole)lists/Whitelists Easy upgrade Self learning database Manual learning possible Widely used tool Spam score classification Tagging only Few False/Positives

13 3/1/2014Torsten Goss-Walter, DWD- 13 - The CS-Gateway in detail (VI) Squid + DansGuardian: Http-traffic scan Uses same virus scanner (f-prot) to scan for viruses Supports MIME-type and attachment filters Supports (commercial) URL filter lists Supports content filtering (e.g. downloads)

14 3/1/2014Torsten Goss-Walter, DWD- 14 - The CS-Gateway in detail (VII) Management: Web-based management interface based on Apache web server and cgi scripts Using https with high encryption for safety Squirrel mail for per domain quarantine queues MRTG & RRD Tool for statistics Cron jobs for updates and queue management

15 3/1/2014Torsten Goss-Walter, DWD- 15 - The Spam Header From Fri Aug 29 14:21:20 2003 Received: from localhost [] by lea with SpamAssassin (2.55; Fri, 29 Aug 2003 14:21:24 +0200 From: To: "Postmaster" Subject: ***DWD-CSG: Spam*** Laser Toner. Date: Wed, 20 Aug 2003 08:37:23 -1100 Message-Id: X-Spam-Flag: YES X-Spam-Status: Yes, hits=10.4 required=5.0 tests=ACCEPT_CREDIT_CARDS,FRONTPAGE,HTML_80_90,HTML_FONT_BIG, HTML_FONT_COLOR_BLUE,HTML_FONT_COLOR_GRAY, HTML_FONT_COLOR_GREEN,HTML_FONT_COLOR_RED, HTML_FONT_COLOR_UNSAFE,HTML_FONT_FACE_ODD,HTML_MESSAGE, HTML_TABLE_THICK_BORDER,MAILTO_TO_REMOVE, MAILTO_TO_SPAM_ADDR,MAILTO_WITH_SUBJ, MAILTO_WITH_SUBJ_REMOVE,NO_REAL_NAME,SATISFACTION, SUBJ_REMOVE,TONER version=2.55 X-Spam-Level: ********** X-Spam-Checker-Version: SpamAssassin 2.55 ( MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_3F4F4544.896E40FE" TAG subject when Spam-Level exceeds configurable limit Number of stars represents spam probability

16 3/1/2014Torsten Goss-Walter, DWD- 16 - Experiences System runs stable since November 2003 > 160.000 mails/day (back scatter) without problems Spam detection pretty reliable, however users have problems with own spam filter rules Http-traffic causes heavy memory utilization because of large file downloads -> scan limits, memory expansion Additional features required (address clustering, spam back feed, http scan for other BVBW offices,...)

17 3/1/2014Torsten Goss-Walter, DWD- 17 - Statistics (I)

18 3/1/2014Torsten Goss-Walter, DWD- 18 - Statistics (II)

19 3/1/2014Torsten Goss-Walter, DWD- 19 - Statistics (III)

20 3/1/2014Torsten Goss-Walter, DWD- 20 -

21 3/1/2014Torsten Goss-Walter, DWD- 21 - Intrusion Detection System IDS required according to DWD Security Policy Difficulty: switched network & multiple service nets Central IDS management and log server Simple probe basing upon Snort Management runs ACID (web-based interface) Live trial has started in week 17 scanning for trojans & worms within DWD

Download ppt "3/1/2014Torsten Goss-Walter, DWD- 1 - The Content Security Gateway in DWD & BVBW Hans Janßen Beijing, 10 - 14 May, 2004."

Similar presentations

Ads by Google