Information security in real business firewall security with

Information security in real business firewall security with special emphasis on smtp FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN T H E H O N O R A RY M E M B E R S O F T H E I N T E R C O N T I N E N TA L G R O U P

Topics to Cover Problem summary Current methods to combat spam: Pros and Cons Proposed methods Barracuda & Outsourced solutions Choice criteria & Comparison The solution Problems addressed, challenges and resolution Questions

Problem summary A lot of spam being handled inside the network Malware through zip files. Quarantined zip files resulted in reduced productivity for staff and internal IT staff Mail cannot be queued if email server is down

Current method used to combat spam: Pros and Cons Installing Symantec Mail Security for Microsoft Exchange on Exchange 2003 Server Symantec Mail Gateway on Web Server to protect back-end Linux Mail Server Pros: Reduced spam and malware Cons: Costly solution – 2 separate solutions for our Email environment Malware from zip files Quarantined zip files and manually sent to end users. This resulted in decreased productivity for staff and Network Team

Proposed methods Barracuda Spam Filter Outsourced solutions Postini Microsoft Exchange Hosted Services Spamstopshere

Barracuda A hardware spam filter normally placed behind your firewall to block spam Pros: A better solution than Symantec. It is hardware based so limited spam gets to the mail server because quarantined spam is stored on the Barracuda. Can be used for multiple Exchange servers. Symantec is a 1-1 solution Cons: Spam is still filtered inside the network 90% of email is spam! Requires a lot of administration from Network team.

Outsourced Solutions Minimal spam gets to your mail server Zip files can be scanned and rejected if infected Unified solution instead of 2 solutions for Exchange and Linux mail servers Inbound and Outbound filtering Reduced work from Internal IT staff Peace of mind Very costly compared to Barracuda

Choice criteria Evaluated 4 products: Barracuda, Postini, Spamstopshere and Microsoft Exchange Hosted Services. Leveraging existing solution in remote office Cost and ease of use Interoperability with different mail servers Integration with Active Directory Checking false positives Free trial and Technical Support availability

Comparison Cost Spamstopshere 19/month for 10 mailboxes; 105/month for 100 mailboxes; AD Ease of Interoperability Integration Use Yes, Microsoft Exchange 2003/7/10, SBS, Linux Yes, through export .csv file from AD. Not scalable due to manual updates Easy to setup 805/month for 1000 mailboxes (50% more with Enterprise) Microsoft Exchange Hosted Services 1.75/month per mailbox Integrates with No, Microsoft AD, Scalable, Exchange 2003/7/10 automated Easy to setup Yes, through Barracuda DC agent Easy to setup Integrates with AD, Scalable, automated Barracuda 2,680.00 per device Yes, Microsoft Exchange 2003/7/10, SBS, Linux Postini 1.00/month per mailbox for Message security 2.00/month per mailbox for message discovery 3.75/month per mailbox for message discovery (extended) Yes, Microsoft Exchange 2003/7/10, SBS, Linux Complicated to setup

Comparison Leveraging existing Solution Used in DC office Spamstopshere that has SBS Microsoft Exchange Hosted Services All emails can be stored on Enterprise version. Very low false positives (1 in 1000) 30 days Addressed by user Won’t work with SBS quarantine mailbox Cannot leverage existing solution Barracuda Postini False Positives Cannot leverage existing solution Free trial Tech support 24 X 7 30-60 days 24 x 7 Addressed by user quarantine mailbox 30 days 24 X 7 Addressed by user quarantine mailbox None Partner based

Comparison Features Compliance Mail queuing, Anti-Spam, Anti-virus Outbound filtering, User quarantine Spamstopshere (Enterprise only) HIPAA, SOX, PCI Microsoft Exchange Hosted Services Barracuda Postini Mail queuing, Anti-Spam, Anti-virus Outbound filtering, User quarantine (Enterprise only) HIPAA, SOX, PCI Anti-Spam, Anti-virus Outbound filtering, User quarantine Mail queuing, Anti-Spam, Anti-virus Outbound filtering, User quarantine (Enterprise only) HIPAA, SOX, PCI HIPAA, SOX, PCI

The Solution Selected Spamstopshere for the following reasons: Leveraging existing solution in remote office One solution for all our email platforms: SBS, Exchange 2003 and Linux Lower TCO

Spamstopshere How does it work? Clustered front-end mail servers that filter your email Blocked categories selected by countries known to be spam senders eg China, Nigeria Back-end servers that forward filtered email to your firewall en route to your mail server Since they specialize in spam filtering, most spammers are known by them. False positives are 1 in 1000 emails. Restrict allowed traffic to back-end servers and block everything else

Problems addressed Zip files were delivered directly to end users. IT can concentrate on revenue generating projects than managing spam Tremendous spam reduction. It stays outside our network. Unified solution for our 3 different email platforms.

Challenges Probability that the estimated 0.001% false positive email could be an important one. Outsourced websites and survey sites hosted by vendors that need to use our mail server to relay email Bounces from aol.com for outbound email Some spam sent from legitimate senders thereby passing through the smart host.

Resolution Upgraded to Enterprise Edition in order to have quarantine of all emails In 2 months of use, 0 calls have been received concerning false positives Explicitly grant access to the specific websites and survey sites that need to use our mail server. Possibly implement outbound filtering End user education

QUESTIONS/CLOSING Questions? Thanks for listening!!