Securing E-mail

TM

Securing E-mail

The BorderWare Mail Gateway

TM

Confusion over E-mail Security

“I don’t know why we got hit, ….we have a Firewall”

Quote from a well-known Far East Financial Institution in the wake of the I Love You Virus

TM

Hacker launched Anna bug 'as a warning'

A young Dutchman confessed yesterday to having engineered the Anna Kournikova computer virus that brought chaos to millions of machines around the world this week, saying he believed that the Russian tennis star deserved the extra attention.

TM

Problems with Standard Firewall Configuration

• Internal Mail Server is open to:– Break-ins and denial

of service attacks– Mail flooding– Mail relay abuse– Virus and Trojan

Horse Attacks– Spam E-mail

• Standard Firewalls do not provide:– Protection for

internal mail server(s)

– Mail routing capability

– Secure Remote access to e-mail

TM

S.A.F.E.R. Security Bulletin 10123.EXP.1.10

TITLE : Buffer overflow in Lotus Domino SMTP Server DATE : January 23, 2001 NATURE : Remote execution of code, Denial-of-Service AFFECTED : Lotus Notes/Domino 5 (up to and including 5.05)

TM

Simple Mail Transport Protocol, the root of the problem

• SMTP, defined in 1983 as the Internet Mail Transport Protocol

• RFC 821

• Based on an “open” and “co-operative” model

TM

Implementing SMTP

Inputs

Local Mailboxes,Other SMTPServers

AddressProcessing (aliases etc)

Local

Internet(SMTP)

Usenet(UUCP)

Delivery

Outputs

TM

Implementing SMTP

• SMTP’s Architecture and design philosophy has lead to implementations that lack:– Privacy and security for Mail Transport– Authentication of sender/recipient– Message authenticity checks– Relay controls

TM

Limitations of Most Firewalls

• Firewalls are defensive

• Work by keeping unauthorised and Hostile users out of protected network

• The “perfect Firewall” is incompatible with a working E-mail Service

Perimeter Firewall

External(Internet)

Internal(Corporate LAN)

Controlled Access Outbound

No Access Inbound

TM

The Standard E-mail Configuration

• Most Firewalls provide no real facilities for E-mail

• Forced to open a connection path through the Firewall

• Serious Security Risk!

Perimeter Firewall

External(Internet)

Internal(Corporate LAN)

E-MailServer

TM

The BorderWare Mail Gateway

• Protects E-mail servers • Provides added value facilities to

maximise return on investment in E-mail Services

• Provides Unified Mailbox with future plans for integration with Wireless Services

• Includes S-Core secure operating system for maximum security and fast deployment

TM

Deploying The Mail Gateway

• Recommended configuration for maximum security

• Alternate configuration

Perimeter Firewall

E-MailServer

Mail Gateway

Perimeter Firewall

E-MailServer

Mail Gateway

TM

Store and Forward Relay

• Mail Gateway’s security derives from a store and forward relay

• No direct connections through the Gateway

• Inbound and outbound delivery is a two stage process

TM

Store and Forward Relay

Perimeter Firewall

E-MailServer

Mail Gateway

• No inbound or outbound connections permitted through gateway

• Message stored in mail queue

• Securely delivered to protected mail server

• Inbound message received by Gateway

TM

Mail Gateway Processing and Protecting E-mail

• Mail routing for multiple servers

• Controlling E-mail relay

• Controlling unsolicited E-mail

• Controlling Mail Attachments

• Anti-virus controls• Secure Remote

access to e-mail

TM

Mail Routing

• Mail Gateway provides a central point for controlling distribution of mail

• Optional mapping to internal addresses

ExchangeServer

Mail Gateway

GroupwiseServer

NotesServer

[email protected]

[email protected]

[email protected]

[email protected]

Remote Location

TM

The Dangers of Mail Relay

• Most Mail Servers will accept mail for any domain and attempt to deliver it

• This facility abused by sender’s of unsolicited e-mail (Spam)

Perimeter Firewall

E-MailServer

From: spammerTo: 1,000 addressesSubject: Get Rich Quick

1,000 MessagesOut

One Message In

TM

Dangers of Mail Relay

• ORBS (Open Relay Behaviour Modification system) black list of “open relays”

• If your site is listed many servers will reject all mail

• Affects legitimate mail and Spam

TM

Defending against Mail Relay

• BorderWare Mail Gateway accepts only mail for local domains

• Passes all the ORBS tests (http://www.orbs.org)

TM

Problems with unsolicited E-mail

• Your organisation can become a target for Spam

• Unwanted e-mail:– Wastes employee time– Wastes network bandwidth– Can fill mailboxes, preventing delivery of

legitimate messages– Is irritating!

TM

Defending Against Spam

• BorderWare Mail Gateway stops Spam by– Using the Real-Time Black Lists (

http://maps.vix.com) to reject Spam– Customised Filters

From: [email protected]: [email protected]: [x] Play Free With Our Casino Sign-up Bonus

TM

Problems with Mail Attachments

• Viruses and Trojan Horses– the I Love You Virus was propagated as an

attachment

• Breach of confidentiality– Accidental or deliberate mailing of

confidential information

TM

Controlling Mail Attachments

• BorderWare Mail Gateway Filters on name

• “*.vbs” blocks all Visual Basic Scripts (would block Love Virus)

• Choice of actions on matched messages– Strip attachment, log, discard message,

send e-mail alert

TM

Anti-Virus Controls

• Mail Gateway supports Trend’s Interscan Virus Wall technology as an additional cost option

• Scans all mail and attachments for– Viruses, Macro Viruses, Trojan Horses– Messages cleaned, logged, or rejected

TM

Remote Access to E-mail

• Growing need as E-mail becomes primary method of communication

• Access required from:– Branch Offices– Home Workers– Travelling employees

TM

3rd Party Mail Server for Remote Access

• E-mail re-directed to external 3rd Party Server

• Users access that server

• Confidential information stored on 3rd party system

Perimeter Firewall

E-MailServer

Internet

HotmailRemote E-mailAccess

TM

Mail Gateway Solution

• BorderPost™ brings flexibility of hotmail to corporate mail servers

• Works with internal servers and Mail Gateway hosted mailboxes

• High level of security• No storage of messages on

3rd party systems• No need for Separate VPN

ExchangeServer

Mail Gateway

GroupwiseServer

NotesServer

Authenticated,Encrypted, Browser access

TM

TM

Positioning the Mail Gateway

• Designed to provide– Protection for E-mail Server(s)– Secured Mail Delivery service– Virus screening– Unsolicited E-mail Controls– Secure Remote Access– Some content filtering

• Focus on E-mail Security

TM

E-Mail Security Products -- Positioning

Audit and

Archive

E-mailVPN

ContentFilter

VirusChecks

SPAMControl

ServerSecurity

MailRouting

RemoteAccess

BorderWare Mail Gateway

Tumbleweed (WSS)

Sendmail

Consus

MailGuard

E-m

ail S

ecur

ity

E-m

ail C

ontr

ol

BorderWare Mail Gateway

TM

Mail Gateway Throughput

• High throughput essential for corporate mail server applications

• Mail Gateway benchmarked at over 1,000,000 messages per day– Server hardware: Intel ISP 1100, P III 750

Mhz, 128 Mbytes RAM– Benchmark described in “Mail Gateway

Performance Tests”

TM

Mail Gateway Throughput

0.00

200,000.00

400,000.00

600,000.00

800,000.00

1,000,000.00

1,200,000.00

Low Medium High

Server Spec

Mes

sag

es/D

ay

Servers:Low, Pentium Pro 200 Mhz, 32 Mbytes RAMMedium, P II 450 Mhz, 64 Mbytes RAMHigh, P III 750 Mhz, 128 Mbytes RAM

TM

BorderWare Mail Gateway Summary

• Complete Easy to manage e-mail security solution

• Runs on S-Core Secure Operating System

• Unified Mailbox for remote access with future extension to wireless access