CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall.

Slides:

Advertisements

Similar presentations

Eloqua Providing Industry-Leading Management Tools.

Advertisements

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…

Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? Intelligent Message Filter provides server-side message filtering,

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

Understanding Microsoft Forefront Online Protection for Exchange Robert Gillies Solution Architect Microsoft Corporation EXL201.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Guide to Operating System Security Chapter 10 Security.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Implementing Exchange Server Security Ward Solutions.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

Agenda Next Generation Antispam Protection Forefront Overview Forefront Security for Exchange Server Forefront Online Security for Exchange Hybrid Software.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

Managing and Avoiding Junkmail. Junk  Where does Junk Mail come from? People with whom you do business  Pepsi Friends of people with whom you.

OCR Functional Skills Keywords Use the right keywords To do this you need to know what it is you are searching for! – For example, you might want to search.

Exchange deployment at CERN and new ideas for SPAM fighting Michel Christaller, Emmanuel Ormancey, Alberto Pace.

MSG328 Anti-Spam in Exchange2003 Max Ciccotosto Program Manager - Exchange Microsoft Corporation.

Approaches to Fighting Spam in an Exchange Environment Greg Taylor Senior Consultant - MCS.

SIM334. Internet Comprehensive Protection Multi-Engine Antivirus and Multi layered continuously evolving Anti-spam In the Leader’s quadrant in the.

Forefront Security Exchange. Problem Meddelande system och sammarbetsprodukter är underbarar mål för elak kod och “distrubition” av äkta dynga… Viruses.

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureSurf Protect your users when surfing the Internet.

Srinivas L Technology Specialist – Security | Microsoft

Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.

GOT SPAM? Spam is the unsolicited or undesired bulk electronic messages. Spam usually contains pornography, viruses, phishing attacks, scams, trojans,

SIM309. Connection Analysis (IP-based edge blocks) Reputation Analysis Connection Filtering Protect businesses from receiving –borne viruses.

Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201.

May l Washington, DC l Omni Shoreham The ROI of Messaging Security JF Sullivan VP Marketing, Cloudmark, Inc.

CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Ideas for 2011 Prepare must be done work items –Warranty –Software maintenance –Commitments.

Module 6: Manage and Configure Messaging. Configuring Internet Mail Using Small Business Server (SBS) 2008 Console Configuring Protection Configuring.

IT:Network:Applications.  How messaging servers work  Initial tips for success Exchange management  Server roles  Exchange Server Management  Message.

Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.

CERN IT Department CH-1211 Genève 23 Switzerland t Unified communications: Lync becomes your desk phone Rodrigo Sierra – IT/CS Pawel Grzywaczewski.

Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Make the most of Office 2010, Expression.

Exchange Server: Today and Tomorrow Raj Natarajan Infrastructure Architect Enterprise Group Microsoft Australia MSG209.

Module 6 Planning and Deploying Messaging Security.

Norman Protection Powerful and flexible Protection Gateway.

UCLA Enterprise Messaging Enterprise Messaging (EM) Migration C OLLEGE OF L ETTERS & S CIENCE D IVISION OF UNDERGRADUATE E DUCATION 03/05/2010 EXCH 2007.

Lync - phone, voice mailbox, instant messaging … Pawel Grzywaczewski CERN IT/OIS.

Tired of Spam? The solution is MailWasher

Technology Considerations for Spam Control 3 rd AP Net Abuse Workshop Busan Dave Crocker Brandenburg InternetWorking

CERN IT Department CH-1211 Genève 23 Switzerland t Internet Services Overlook of Messaging.

1 Adding Secure and Collaboration to Your Business with SCOoffice Server 4.1.

Silicon & Software Systems (S3)‏ Copyright © Silicon & Software Systems Limited Antispam protection IT Department 20/03/2008 Ondrej Valousek.

Module 7 Planning and Deploying Messaging Compliance.

Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Update on Windows 7 at CERN & Remote Desktop.

“SaaS secure web and gateways frequently provide efficiency and cost advantages, and a growing number of offerings are delivering an improved.

Understanding Microsoft Forefront Online Protection for Exchange Nathan Winters Microsoft Corporation EXL201.

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Deployment of Exchange 2010 mail platform Pawel Grzywaczewski, CERN IT/OIS HEPIX.

Security fundamentals Topic 9 Securing internet messaging.

CERN IT Department CH-1211 Genève 23 Switzerland t Unified communications: Lync as your desk phone Fernando Moreno Pascual – IT/OIS.

RYAN HICKLING. WHAT IS AN An messages distributed by electronic means from one computer user to one or more recipients via a network.

Advanced Guide to ing. Introduction In this guide you and explain will learn how to use ing in an advanced way. I will go through on.

Spam By Dan Sterrett. Overview ► What is spam? ► Why it’s a problem ► The source of spam ► How spammers get your address ► Preventing Spam ► Possible.

554 Access Denied Fermilab’s Experiences with Spamcop.net Kevin Hill Ray Pasetes Jack Schmidt.

Fighting Spam in an Exchange Environment Tzahi Kolber IT Supervisor - Polycom Israel.

Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Discussing possibility of deleting archives.

Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda

TMG Client Protection 6NPS – Session 7.

What is it? Why do I keep getting from Barracuda? SPAM.

Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.

Management Suite v2.0 DoubleCheck Manager Management Suite v2.0.

Microsoft Üzleti Megoldások Konferencia 2005

Cybersecurity Simplified: Phishing

Presentation transcript:

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall 2010

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Current mail infrastructure Mail service in numbers: –~ mailboxes –~ mailing lists (e-groups) –~ 3000 electronic faxes received/send each month –~ messages send each day to Internet –~ legitimate messages received each day from Internet -Current systems -Microsoft Exchange 2003 – 95% of mailboxes -Microsoft Exchange 2010 – 5% of mailboxes + client access and edge servers

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Overview  Spam is a big problem, about 180 billion spam messages per day world wide  At CERN each day we receive more than 1 million messages  At CERN half of CERN mail addresses forward to external mail addresses  Large number of mailing lists  SPAM messages has to be rejected  Messages are never deleted – we refuse or accept  New anti spam system reduced blacklisting of our mail servers

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS A bit of history about anti spam systems at CERN 2002 – home made anti spam system 2008 – built-in system of Exchange 2007 April 2010 – Microsoft Forefront Protection 2010 for Exchange servers

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Motivation for a new anti spam system  Users were reporting spam messages delivered to Inbox, Junk Folder  Preparation for deployment of Exchange 2010 – new mail gateways  System which is well integrated with current systems (possibility to whitelist from mailbox, whitelisting applied on all levels of filtering)

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS ForeFront and main features  Anti spam system  On board an efficient content filtering engine provided by Cloudmark  Fingerprints mechanism  Fingerprints of messages compared with fingerprints of known spam messages  Fingerprints calculated based on RELEVANT parts of a message  Heuristic  Built in anti virus system  5 different antivirus engines scan messages in parallel

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Sample spam statistics  94% of messages is filtered  Very low number of messages delivered to Junk Folder  reported that amount of users complaining about spam decreased significantly  Few requests from users who would like to receive more spam ;)

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Anti spam system architecture  3 levels of spam filtering  Most of messages is rejected by the first level

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Cause of messages rejection  1 st layer – source analysis: , ~94% of rejection  2 nd layer – protocol analysis: 44198, ~4% of rejection  3 rd layer – content analysis: 22455, ~2% of rejection

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS 1 st layer of defense – source analysis Tell me what is your IP and I will tell you if you are SPAMMER DNS block list One of the most effective means to counter spam attacks Forefront retrieves from public databases lists of blocked IP addresses Different providers: SPAMHAUS, Hotmail etc. Sender id framework Prevent false positives

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS 2 nd layer - protocol analysis Accept only legitimate recipients and senders Sender filtering Rejecting blocked senders Accepting white listed Recipient filtering Rejecting recipients which doesn’t exist at CERN Low percentage of false positives and false negatives ~4% of rejected messages

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Content analysis – 3 rd layer Why there are no messages in my Junk folder Two methodologies are applied on messages Fingerprint of a spam message (updates are received each 45 seconds) Heuristic At present only few hundreds messages per day are delivered to spam folder, over all mailboxes 2% of rejected messages

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Content filtering engine and fingerprints ForeFront with Cloudmark Service providers Consumer Mobile operator Enterprise Updates each 45 sec Nomination DB Catalog Database Trust Evaluation System Cloudmark system

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Remaining challenges  Phishing  Looking for a solution  Troubleshooting of messages rejected by Content Filtering  Improved by migrating users to Exchange 2010 – white listing  Forwarding messages from mailboxes in other institutes  Improved by migrating users to Exchange 2010 – mailbox merge

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS What will come next  When mailboxes are migrated to Exchange 2010  Possibility to whitelist senders  Whitelisting will be applied on all layers of filtering  By default all contacts will be whitelisted.  Blacklisting  Control of compromised accounts  Limits on number of recipients per 24h

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Thank you!