surfcontrol e-mail filter (e-mail & product overview)
DESCRIPTION
SurfControl E-mail Filter (E-mail & Product Overview). E-mail Basics. How Does E-mail Work?. Help?. MTA/Relay Hosts E-mail Protocols SMTP POP3 MAPI/RPC IMAP DNS MX Records MIME Type LDAP. Mail Transfer Agents (MTAs). Exchange Server. SurfControl E-mail Filter. Relay Host. - PowerPoint PPT PresentationTRANSCRIPT
SurfControl E-mail Filter
(E-mail & Product Overview)
E-mail Basics
How Does E-mail Work?
Help?
MTA/Relay Hosts E-mail Protocols• SMTP• POP3• MAPI/RPC• IMAP
DNS MX Records MIME Type LDAP
Mail Transfer Agents (MTAs)
Sender’s Network Recipient’s Network
ExchangeServer
SurfControl E-mail Filter
RelayHost
Lotus/Domino Server
SurfControl E-mail Filter
E-mail delivery relies upon MTAs. There are two types of MTAs:
• E-mail servers • Relay Hosts
MTAs Continuted
The main difference between an e-mail server and a relay host is that e-mail servers have mailboxes and most relay hosts do not. However, an e-mail server can act as a relay host. There are two types of relay hosts, open and closed.
open: allows any and all mail into a network. An open relay host can compromise network security.
closed: only allows e-mail destined for, or originating from, the protected domain through the relay. A closed relay protects a network. SurfControl E-mail Filter is a closed relay.
Using a relay hosts allows you to have more control over routing within a domain.
Protocols
Exchange server
Exchange server
SendMail server
RPC
IMAP
RPC
POP3
SMTP
SMTP SMTP
POP3 or IMAP4
RPC
POP3IMAP4
MAPIWhat ARE you talking
about?!
Protocols
Protocols are just like language or accents even, that two people are loaded with so that they can communicate
For example, if somebody wants to speak in French to you, you have to be able to understand and speak French also
It’s the same with Computers. If machines want to exchange e-mail (or anything else for that matter) they need to do it in a language that they both understand
Just like people, one machine can speak more than one language, and so can communicate with many different machines
Imagine ordering a takeaway
Exchange server
Exchange server
SendMail server
RPC
IMAP
RPC
POP3
SMTP
SMTP SMTP
POP3 or IMAP4
English Chinese
Chinese
English
EnglishYou
Woof
Woof
Sit!
Beg
Two people in a house speaking in their own language, that they both understand
Protocols
Exchange server
Exchange server
SendMail server
RPC
IMAP
RPC
POP3
SMTP
SMTP SMTP
POP3 or IMAP4
English Chinese
Chinese
English
EnglishYou
Woof
Woof
“Sit!”Dog begs
Two people in a house speaking in their own language, that they both understand
Two dogs in another room talking their own language
Note that there is also a more basic language (protocol) being used between the people and the dogs
Protocols
Exchange server
Exchange server
SendMail server
RPC
IMAP
RPC
POP3
SMTP
SMTP SMTP
POP3 or IMAP4
SMTP is the standard (equivalent to the “common language”) for e-mail delivery over the web
SurfControl E-mail Filter is interested only in the SMTP protocol
Ports
SMTP HTTP
98.6 88.6 25 80
Each protocol has it’s own assigned port number, just like a radio station has an assigned frequency
Also, just like a Radio station, a protocol isn’t tied to one port/frequency – it can swap
And just like a radio frequency, a port needs to have a machine at the other end of the transmission that is able to listen to it
Ports
SurfControl PLCRiversideMountbatten WayCongletonCheshireCW12 1DY
Which employee it for?Who needs it?
Wasted time in getting it through
SurfControl PLCRiversideMountbatten WayCongletonCheshireCW12 1DY
Rob Smith
Andy Jones
Chris Bailey
Not Feasible
SurfControl PLCRiversideMountbatten WayCongletonCheshireCW12 1DY
Rob SmithSurfControl PLCRiversideMountbatten WayCongletonCheshireCW12 1DY
Add a reference
Add a name
Add a port number
The port number tells the receiving server which service/program the communication is for, without having to know what is in it
Individual connections/postmen?
Reply
.com?
DNS Records (Domain Name Server)
You type http://maps.yahoo.com into IE The local DNS Server manages queries to Root DNS, COM
DNS and Yahoo DNS and returns an IP address to your PC http://maps.yahoo.com appears in your browser
DNS DNS DNS DNS
RootLocal .com Yahoo
maps.yahoo.com
yahoo?
Reply
maps?
ReplyReply
MX (Mail eXchange) Records
You send an e-mail to [email protected]
Your MTA queries the DNS Server for MX Records
The DNS Server returns the IP address of the e-mail server
The MTA delivers the e-mail
DNS
Q MX:surfcontrol.comR: MX
212.150.43.14
E-Mail Structure - MIME
Envelope: contains two SMTP commands (MAIL and RCPT). MAIL identifies the sender; RCPT identifies the recipient.
Header: contains additional information about the e-mail included by the email client (such as Date or Message-ID).
Body: contains the text of the e-mail and any attachments (MIME - Multi-Purpose Internet Mail Extensions) MIME allows files to be attached to e-mails, and tell the receiving server how to open them.
Just the same as a real mail/letters in construction!
Minimum Spec for E-mail Filter
Processor Intel Pentium III; 600 MHz or higher• How fast it can push things through
Memory 512 Mbytes RAM; 1024 Mbytes strongly recommended• For making the product more efficient – e.g. Rules storage
OS Windows 2000 Server (SP3) or Windows Advanced Server (SP3) or Windows Server 2003
• Why not XP? Lorry Vs Lamborghini – designed to manage larger loads
DNS Internal or external DNS configured• So it can send mail out
Disk space 5 Gbytes free• Storage on the machine for isolated mail and the product itself
So, How Does E-mail Work?SMTP
25
POP3 110
DNS
SMTP 25
SMTP 25
MXMTA
(Relay Host)
MTA(Relay Host)
SurfControl E-mail Filter
Recognizes and blocks inbound & outbound traffic Provides blended threat protection as a
continuously updated service Recognizes confidential and
restricted e-mail content Provides virus defense Set and enforce policy rules Flexible deployment options• Software or Appliance
SurfControl E-mail Filter
Why is Comprehensive E-mail Filtering the Right Solution?
An incomplete solution is a gap waiting to be exploited
Anti-spam focused point solutions don’t cover blended threats, outbound security threats, or confidential data protection
With today’s evolving risks a solution must be comprehensive to adapt to tomorrow’s threats
Dynamic filtering is the only real-world answer
How SurfControl SMTP E-mail Filter Works:
Inbound and Outbound protection/filtering
Services
In Work Out
Isolate Delay Discard MX or Relay Host
The Goal of E-mail Filtering
Security protection from:• spam• phishing attacks• malicious URL links in e-mails• spyware protectionBetter management of e-mail and network resources.Better enforcement of policiesBetter legal protection – compliance, harassment lawsuitsStronger business profitability
Blended Threat
Protection
- Adaptive Threat Intelligence- Network Connection Security
Adaptive Threat Intelligence
Dynamic Threat Databases• Anti-Virus Agent• Anti-Spam Agent
• Digital Fingerprints
• Heuristics• Lexi-Rules
Real-time Threat Technologies• Virtual Learning
Agent• Virtual Image AgentGlobal Threat Experts
ATI Delivers Security Layers to All Products
Powerful Spam & Phishing Protection
• Spam Digital Fingerprints– Categorized by content for precise threat protection
• Heuristics Engine- Thousands of e-mail rules to accurately detect phishing & spam attacks. Filters them according to the sensitivity you choose.
• LexiRules– Lexical scanning for blended threat attacks
Digital Fingerprints
Comprehensive pattern match analysis Regular expression lexical rules Extensive, thousands of rule parameters using Heuristics
engine
Heuristic Analysis
Web Threat & Spyware Protection
- Integrated Internet Threat Database- Unique protection from spyware, phishing, and malicious URL links- Unprecedented protection from harmful websites passed through e-mail
Only SurfControl brings customers the unique power of our industry leading Internet Threat database in e-mail filtering!!!
Means: Better protection coverage than any competitor
More Blended Threat Layers!
• Directory Harvest Attack ProtectionStops bandwidth consuming mail bomb attacks• Spoof DetectionDetects spammers masking their identity• HTML ParserRemoves hidden HTML code used by spammers to bypass detection• HTML StripperStrips out active HTML components - like scripts- and more
Anti-Virus Agent
Anti-virus scanning at the e-mail gateway
Total protection from the many e-mail risks.
Offers complete virus cleansing, scanning, blocking and all typical AV benefits.
Powered by McAfee
Why Our Threat Analysis is Unique
Most Internet Filtering Experience (c.1995)Worldwide Perspective (14 offices)International Cultural UnderstandingGlobal Threat Detection & Analysis (24/7)AI Technologies and Human Review Early Warning on Emerging Threats (“1sts”)Integration of all Internet protection processes in one experienced and united teamContinuous Integrated Adaptive
Customized
Content Filtering- Confidential Data Protection- Compliance Layer- Offensive/Harassing E-mail Mgmt- Customer Specific E-mail Filtering Needs
Pre Built Dictionaries & Language Packs
Provide the reference points for filtering.
160+ pre-populated category dictionaries of content: 10 languages & 16 categories.
Turnkey protection from key threat categories: Hate Speech, Offensive, Gambling, Finance, Healthcare, etc
Language Packs enable multi national organizations to deploy quick protection:
English, Dutch, French, German, Spanish, German, Italian, Japanese, Chinese Traditional, Chinese Simplified, Portuguese
LexiMatch Settings(Pluto) NEAR ($35 Million) OR (ABC, Inc) NEAR (Buyout Price) NOT (Jupiter) OR (Saturn) OR (Galaxy)
Precise Lexical Scanning with advanced Boolean
E-mail Filter’s LexiMatch
Category-specific words, with numerical weighting for each
Customizable weightings
Set Threshold sensitivity
Message statistics calculate categorization probability
Pluto 50
$35 million 25
ABC, Inc
Buyout Price
50
10
135Message Total
Threshold 100
+
+
+
Statistical Probabilities
Dictionary Thresholds
Virtual Learning Agent
Detects spam with pre-trained categories
Can learn your proprietary e-mails and protect confidential information from accidental or malicious leakage.
Protects against losses and lawsuits.
Virtual Image Agent
Filters explicit adult images from e-mail.
Uses intelligent scanning technology.
Classifies images based on customer standards.
Protects against harassment lawsuits.
How does Virtual Image Agent work?
Uses more than 22,000 different algorithms.
Differentiates between adult material and harmless photos.
Isolates suspect content for evaluation.
Enforces policy without affecting performance.
Customizable Policy
Administration, Monitoring,
Reporting
Easy-to-use Rules Administrator.
Customer can create and implement own rules.
Customer can set and reset rule criteria.
Rules can be applied to groups or individuals.
Policy Administration
Triggered Policy Options
SurfControl offers the choice – • No review with Automatic Queue Management• Admin review (at server or remotely)• Employee review (with End User Spam
Management)
For employee review, suggest only for SEF’s probability based features• ASA accuracy shouldn’t require employee
review• ASA is biggest net to catch the most attacks
Recommendations & Positioning
No review with Automatic Queue Management• Enables time for request to be made of missing e-mail;
otherwise, message is deleted after lapsed timeframe• No Admin or employee resource burden
Admin Review (at server or remotely)• Designated Manager or Admin can review isolate
folders with assigned privileges• Eliminates employee productivity loss, bandwidth
consumption, and potential legal liabilities posed by Adult spam
Employee review (at the desktop)• Allows employee to manage review of their own false
positives
Message Administrator
Review of isolated messages; automatically delete or release isolated e-mails for hands off administration
Remote Message Administrator and password protected isolate folders allows e-mail content review by designated managers
Analyze and take action on isolated e-mails from the desk or while on the road
Real-Time Monitor
Monitor activity and behavior, any time, from anywhere.
View e-mail usage trends and summaries.
Identify and correct network and server bottlenecks.
Color-coded for instant feedback.
Data in a format you can use.
Schedule reports to automatically run and be delivered to your In Box when you want them
Trail of evidence for persistent offenders.
Comprehensive Reporting
Remote Management & Delegated Administration
Administer multiple sites from one server
Secure access and administration
Password protected
Corporate Disclaimers
Protect your corporate liability by inserting disclaimers in email messages Include sales promotional details or press announcements to your corporate mail
Flexible Notification OptionsNotification options allow you to copy the Admin, sender, recipient, or an appropriate manager
Insert notification shortcuts related to the triggered email – example $S inserts the sender info
File Attachment Management
Strip or isolate attachments
Disallow non-businessapproved files
Eliminate the securitythreat from unauthorized file transmissions
Message Archiving
Archive Message operation enables you to copy a message to a specified folder.
Archiving messages can be useful particularly when you are monitoring possible problem behavior.
Keep a record of all messages sent or received or archive specific triggered policies.
Fail Over & Load Balancing
Ensures your systems are up and running and that mail is being processed
Multiple servers share message processing.
Better network management and reduced administration.
Encryption methods:TLS, SMTPS
E-mail Encryption
Encryption Methods
TLS• The more common administrator’s choice• A protocol that guarantees server-to-server
privacy• Uses port 25
SMTPS• The less common administrator’s choice• A protocol that guarantees server-to-server
privacy• Uses port 443
Internet
How Encryption Works
1. Site1 tells Site2 it wants to send an e-mail via TLS or SMTPS.
2. Site2 gives Site1 its public key.
3. Site1 uses Site2’s public key to encrypt the e-mail, and sends it to Site2.
4. Site2 uses its private key to decrypt the e-mail.
Site1
Site2
How Encryption Works
Keys & Certificates
To use TLS encryption, you must get a certificate. The certificate includes your keys.
Certificate types:• Certificate from third party such as Verisign
– Most “respected.”• Self-signed certificate
– Good for small environments that don’t already have a certificate
How Encryption Works
E-mail Filter’s Certificate Manager
Import an existing certificate (such as from Verisign) Export a certificate Create a self-signed certificate.
How Encryption Works
Anti-Spoof Technique: Sender Policy Framework
SPF: Stops spammers from forging the “from” fields in an e-mail.• In order to use SPF, the sending e-mail must
publish an SPF record in DNS records.• If sending e-mail doesn’t have a matching
registered SPF record in DNS, DNS does not forward the e-mail.
Questions
Is there a product that competes with this one?
What can be the main benefit for a company that uses this product?
What elements have to be considered to implement the solution?