The Content Security Gateway in DWD & BVBW

Slides:



Advertisements
Similar presentations
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 22 Simple Mail Transfer Protocol (SMTP)
Advertisements

What’s New in Fireware XTM
1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
Info to Enterprise Migration Implementation Case Study: SBC Corporation Presented to the Crystal Decisions Regional Users Group for the Bay Area on October.
© 2002 D & D Enterprises 1 Linking Images For Navigation & Clickable Image Maps.
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Installation & management of SUSE.
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Installation & management of SUSE.
Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.
eSafe Implementation Topologies
Filtragem Filtragem de com Red Hat Linux Implementações Práticas e Apresentação de Laboratórios Ruben Oliveira RHCE RHCX MCSE MCITP.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
NetSEC: metrology-based application for network security Jean-François SCARIOT Bernard MARTINET Centre Interuniversitaire de Calcul de Grenoble TNC 2002.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
1 Linux IP Masquerading Brian Vargyas XNet Information Systems.
Addition Facts
The Internet Unit Information Systems, Higher. The Internet HTML Two sets of notes.
Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3
Enabling Secure Internet Access with ISA Server
Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.
Solutions for businesses. Keep It Secure Contents Protection objectives Network secured Supplementary products Unique.
ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
Chapter 1: Introduction to Scaling Networks
TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
Request Tracker IT Partners Conference Oliver Thomas 19 April 2005.
© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
What’s New in Fireware XTM v11.8.3
HORIZONT TWS/WebAdmin TWS/WebAdmin for Distributed
What’s New in Fireware XTM v11.9.1
· SoftScan Solna Strandväg Solna Sweden The less you hear from us the better Shhh… The less.
Page 1 / 18 Internet Traffic Monitor IM Page 2 / 18 Outline Product Overview Product Features Product Application Web UI.
Addition 1’s to 20.
25 seconds left…...
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
What’s New in WatchGuard Dimension v1.2
Week 1.
Connecting LANs, Backbone Networks, and Virtual LANs
TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
AVG Internet Security 7.5 Product presentation.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
ProtectionProfiles. 2 Fortinet Technologies Protection Profiles Protection profiles control t the type of traffic protected t HTTP t FTP t IMAP t POP3.
Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.
Norman Protection Powerful and flexible Protection Gateway.
Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.
Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-
GATEWAY WITH PER-USER SPAM BLOCKING AND VIRUS SCANNING Greg Woods National Center for Atmospheric Research Scientific Computing Division Boulder,
Module 7: Advanced Application and Web Filtering.
“SaaS secure web and gateways frequently provide efficiency and cost advantages, and a growing number of offerings are delivering an improved.
Security fundamentals Topic 10 Securing the network perimeter.
Security fundamentals Topic 9 Securing internet messaging.
Enterprise Messaging & Collaboration. e-Interact Modules.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
FNAL Central Systems Jack Schmidt, Al Lilianstrom, Ray Pasetes, and Kevin Hill (Fermi National Accelerator Laboratory) Introduction The FNAL .
TMG Client Protection 6NPS – Session 7.
Top 5 Open Source Firewall Software for Linux User
Management Suite v2.0 DoubleCheck Manager Management Suite v2.0.
Presentation transcript:

The Content Security Gateway in DWD & BVBW Hans Janßen Beijing, 10 - 14 May, 2004

Current e-Mail Status at DWD

1. E-Mail - Concept 2. The CS - Gateway 3. Other Security Measures

MX-Records for DWD domains point to entry1/2. MX-Records for BVBW domains point to entry1/2. Internet Forward all outgoing e-mails towards the Internet to entry1/2. Internet Router dns dns BVBW FW DWD Firewall mailgate Intranet Router entry1 entry2 Intranet Router Relay mails for BVBW to BVBW-MTA & those for DWD to DWD-MTA DWD Intranet BVBW WAN Internal link between DWD Intranet & BVBW WAN

Common E-Mail Gateway Both Security Policies of BVBW and DMRZ demand a central virus protection at the Internet gateway A common gateway saves acquisition and service costs and expedites the ROI Central gateway, but local administration Caution: Legal aspects: labor agreement, works council, data protection officer, company lawyers

Services of the CS-Gateway Central virus protection at the Internet gateway Filter out potentially malicious file attachments (.vbs, .exe, etc.) Tag, but not filter spam e-mail  user is requested to create client filter rule(s) Block mass (spam-) e-mail Moreover: Virus protection for http and traffic

1. Email - Concept 2. The CS - Gateway 3. Other Security Measures

The CS-Gateway in detail (I) SuSE-Linux Enterprise Server 8 (SLES) Linux Virtual Server (LVS) Bases entirely on Open Source Software (currently: commercial virus scan engine) Good scalability through clustering Redundancy through Backup-Entry-Node and node clustering Load balancing through LVS-Architecture

The CS-Gateway in detail (II) Node 1 Entry 1 Node 2 http / smtp Firewall Node 3 Entry 2 Node n dedicated e-mail service net private net

The CS-Gateway in detail (III) Amavisd-new Postfix Spamasassin F-protd Mime + Attach. Squid privates Netz

The CS-Gateway in detail (IV) Postfix: Secure, flexible standard MTA Amavisd-new: stops viruses & malware (f-prot), attachment- and MIME-type filter, per domain quarantine queues, individualized notification message texts f-prot: virus scanner (coming next: Symantec Antivirus) Squid (DansGuardian): http traffic

The CS-Gateway in detail (V) Spamassassin: Heuristic spam detection Header analysis Body analysis Black(hole)lists/Whitelists Easy upgrade Self learning database Manual learning possible Widely used tool Spam score classification Tagging only Few False/Positives

The CS-Gateway in detail (VI) Squid + DansGuardian: Http-traffic scan Uses same virus scanner (f-prot) to scan for viruses Supports MIME-type and attachment filters Supports (commercial) URL filter lists Supports content filtering (e.g. downloads)

The CS-Gateway in detail (VII) Management: Web-based management interface based on Apache web server and cgi scripts Using https with high encryption for safety Squirrel mail for per domain quarantine queues MRTG & RRD Tool for statistics Cron jobs for updates and queue management

The Spam Header From JRBrunleycdvu@attbi.com Fri Aug 29 14:21:20 2003 Received: from localhost [127.0.0.1] by lea with SpamAssassin (2.55 1.174.2.19-2003-05-19-exp); Fri, 29 Aug 2003 14:21:24 +0200 From: JRBrunleycdvu@attbi.com To: "Postmaster" <ok@xynyx.de> Subject: ***DWD-CSG: Spam*** Laser Toner. Date: Wed, 20 Aug 2003 08:37:23 -1100 Message-Id: <0bb301c36752$7aadb710$5ab5ba31@JRBrunleycdvu> X-Spam-Flag: YES X-Spam-Status: Yes, hits=10.4 required=5.0 tests=ACCEPT_CREDIT_CARDS,FRONTPAGE,HTML_80_90,HTML_FONT_BIG, HTML_FONT_COLOR_BLUE,HTML_FONT_COLOR_GRAY, HTML_FONT_COLOR_GREEN,HTML_FONT_COLOR_RED, HTML_FONT_COLOR_UNSAFE,HTML_FONT_FACE_ODD,HTML_MESSAGE, HTML_TABLE_THICK_BORDER,MAILTO_TO_REMOVE, MAILTO_TO_SPAM_ADDR,MAILTO_WITH_SUBJ, MAILTO_WITH_SUBJ_REMOVE,NO_REAL_NAME,SATISFACTION, SUBJ_REMOVE,TONER version=2.55 X-Spam-Level: ********** X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_3F4F4544.896E40FE" TAG subject when Spam-Level exceeds configurable limit Number of stars represents spam probability

System runs stable since November 2003 Experiences System runs stable since November 2003 > 160.000 mails/day (back scatter) without problems Spam detection pretty reliable, however users have problems with own spam filter rules Http-traffic causes heavy memory utilization because of large file downloads -> scan limits, memory expansion Additional features required (address clustering, spam back feed, http scan for other BVBW offices, ...)

Statistics (I)

Statistics (II)

Statistics (III)

1. Email - Concept 2. The CS - Gateway 3. Other Security Measures

Intrusion Detection System IDS required according to DWD Security Policy Difficulty: switched network & multiple service nets Central IDS management and log server Simple probe basing upon Snort Management runs ACID (web-based interface) Live trial has started in week 17 scanning for trojans & worms within DWD

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.