Information Security Today Home

New Books

Understanding and Applying Cryptography and Data Security
Cyber Fraud: Tactics, Techniques and Procedures
Information Assurance Architecture
How to Complete a Risk Assessment in 5 Days or Less
Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement

Protecting Your Email Infrastructure

by David Schairer

Defending business email infrastructure in the constant crossfire that is the modern Internet is a constant battle, and just as the 16th century engineers learned that the old stone walls needed to be surrounded by modern earthworks to keep the cannons at bay, so too is it necessary to augment mail security features of your mail clients with robust defenses on the network. It is important to maintain virus protection on end-user machines because they deal with threats that come in by vectors other than email (web pages, rogue thumb drives, etc), but most threats--spam, phishing, viruses, bounces from spoofed mail, denial of service attacks--are best stopped before they reach your infrastructure.

There are many products that can be used for network-based mail filtering, in a number of different architectures. When choosing a filtering technology, consider whether it is a service model or appliance. Neither is the right answer for everyone, but consider carefully the total ownership cost of a purchased hardware solution, where an increase in mail volume, unpredictable spikes in spam, or an attack may overload the dedicated resources. In the same vein, in considering a hosted filtering service, make sure the provider has sufficient resources and redundancy--network, computation, storage--to absorb attacks.

Another aspect to consider is what other features come with the solution. For example, hosted filtering solutions can often be used as additional disaster recovery protection as email can easily be swung to another primary server in an emergency. It is important to know if the solution will integrate with the primary mail server in order to do user validation locally. Solutions that filter based on message contents or attributes but do not validate the user database not only pass through extra load to the primary, but much more importantly fail to reject bounces at the first hop, leading to an unpleasant effect called backscatter, where bounces generate new emails from the receiving servers which cause further filtering and reputation harm.

Not all filtering technologies are customizable, so figuring out if the filtering techniques can be customized for individual businesses. No filtering regime is optimal for all users, and it is common to want to disable or tune individual filtering components, or to impose additional rules on email processing. Likewise, filters should be able to learn and automatically tune filters for businesses automatically as mail comes in. Some technologies have a filtering layer that can also handle outbound mail. By offloading outbound to an external service, the burden of constant queue management is removed from the business mail servers, and the best filtering engines will use outbound mail to further tune inbound filters.

A piece to consider is whether or not the solution gives you access to and control of messages quarantined or filtered. In some businesses, it may be desired to give this access to end users as most consumer email platforms do; e.g., the spam folder. In others this may be centralized under IT control for review and training. There may also be separation between spam quarantines (generally harmless for users to scan through) and virus quarantines (locked from access).

A necessary aspect of the solution is whether it provides access to full logs of mail transactions. This allows the solution to diagnose issues with the primary mail server as well as the otherwise inscrutable 'I didn't get your email' reports. Some solutions are based on open standards so they will work with any mail server; however, some are locked to a specific solution; e.g., Exchange. If the latter, how will it interact with future primary upgrades?

Lastly it is important to consider how the pricing model impacts your budget and whether or not you are protected from unexpected future costs. For example, a per-user fee provides a predictable cost per month, whereas a hardware-based solution, even if it has a per-user license, has an effective per-message fee in that above a certain load, more boxes are required at added cost.

Network-based filtering, when done properly, will reduce the email IT costs for most businesses. Effective filtering at the network edge will reduce inbound mail load on the primary servers by up to 80% for most businesses, based on the general average of Internet mail traffic that is unwanted. In practice we have seen businesses, those under extreme spam flooding, who have shed 99.5% of their mail load by getting rid of spam at the network edge - going from over one million messages processed a day to around 5000. Others have removed crippling load conditions by deploying network filtering solutions which allowed their online businesses to operate freely again.

In doing so, deploying a hosted service replaces potentially significant capital and resource investments into expanding internal email servers, which could involve adding load balancers and additional network storage to expand IT mail services into a much larger topology. Likewise, significant reductions in inbound mail from a network filtering solution will protect businesses' network infrastructure and can mitigate the need for expensive bandwidth increases. When the added productivity of improved email reliability and reduced spam and other attacks is considered, improving and modernizing your business' email infrastructure with external filtering will be a net positive to your success.

About the Author
David Schairer is Chief Technology Officer at Concentric. David started with Concentric in 1994 as part of the early engineering team working on BBS and ISP services. He was integral to the team that built out Concentric's award-winning access and data products, including the launch of the patented hosting platform in 1997 which continues as XO's applications delivery platform today and key partnerships with Netscape, Microsoft, SBC, and others. Since 2006 David has held the position of CTO within the Concentric group and is responsible for all engineering and operations of Concentric's products, which include many of the layer 5 services for XO, such as DNS, email, etc.

Subscribe to
Information Security Today

Powered by VerticalResponse

© Copyright 2009 Auerbach Publications