www.novell.com GroupWise ® from Viruses and Security Threats Using GWAVA Charles Taite CTO Beginfinite, Inc. charlest@beginfinite.com Howard Tayler GroupWise Product Manager Novell, Inc. [email protected]
Dec 18, 2015
www.novell.com
Protecting GroupWise® from Viruses and Security Threats Using GWAVA
Protecting GroupWise® from Viruses and Security Threats Using GWAVA
Charles TaiteCTOBeginfinite, [email protected]
Howard TaylerGroupWise Product ManagerNovell, [email protected]
Who Is Beginfinite Inc.?
• Focused exclusively on GroupWise® security
• Developers of GWAVA (formerly MTASieve)
• Offices in Canada and USA
• Products available worldwide through resellers and distributors
The Cost of E-Mail Security Breaches
“In 2001, e-mail viruses, worms and trojans caused worldwide damages worth $13.2 billion”
Computer Economics, January 2002
What Are Businesses Doing About It?
“According to Forrester Research, an average of .0024% of revenue is being spent on IT security. That’s a little bit less than what most companies spend on coffee.”
-Richard A. ClarkeChair of the President’s criticalInfrastructure Protection Board
and Special Advisor to thePresident for CyberSpace Security
Put GWAVA on the Case
GWAVA scrutinizes every message that passes through your GroupWise MTAs…
• Providing eSecurity Policy Management for Virus protection Spam prevention Content control Bandwidth control
How GroupWise Works
Traditional file scanning is useless because GroupWise stores all messages in an encrypted database
A virus can move freely around your GroupWise system because it cannot be scanned
Other products that claim to protect GroupWise are really designed generically for SMTP—It’s like posting a guard outside your front door, but who’s watching the interior and your back door and your windows?
This image depicts a virus (green line) successfully traveling from “LA 2” to “NY 2”;It is never scanned because it never passes through GWIA—This system is not fully protected because scanning only occurs at the edge of your network
How Generic Gateways WorkVirusVirusblockedblocked
VirusVirusblockedblocked
VirusVirusdelivereddelivered
Urban Myth…
“Wait a second, we don’t use Outlook. Aren’t we immune to viruses?”
—What many of you are thinking
Security Backdoors—MAPI
Outlook and Office can access the GW address book via MAPI
Example:Badtrans was one of the most successful viruses in 2001—It spread using MAPI
Security Backdoors—MAPI Top 50
Here’s a short list of MAPI-capable viruses:
[email protected]@[email protected]@mmVBS.Trappy@mm [email protected]@[email protected]@mmW32.Abotus.Worm@m
[email protected]@mmWorm.ExploreZip.CWorm.ExploreZip(pack)[email protected]@mmW32.Nimda.A@mmWorm.ExploreZip.BW97M.PieceW97M.Melissa.AUW97M.Melissa.AMW97M.Afeto.A@mW32.WinExt.Worm W32.SouthPark.WormW32.Navidad.16896W32.HLLP.Scrambler.F
[email protected]@mmVBS.LoveLetter.CHVBS.LoveLetter.BJVBS.Futonik.A@[email protected]@[email protected] VBS.Loveletter.ASVBS.Kelly.A@mm
Security Backdoors— Web Mail
VirusVirusdelivereddelivered
VirusVirusdelivereddelivered
VirusVirusdelivereddelivered
How many people check their personal web mail from work?
Security Backdoors— Blended Viruses
VirusVirusdelivereddelivered
VirusVirusdelivereddelivered
VirusVirusdelivereddelivered
NIMDA was a blended virus that also attacked web servers and penetrated networks through browsers
VirusVirusdelivereddelivered
VirusVirusdelivereddelivered
VirusVirusdelivereddelivered
MS Outlook is embedded in recent versions of Windows and may be in use on your network… whether you allow it or not
Security Backdoors— (un)Authorized Outlook Usage
Since GWAVA was designed from the ground up for GroupWise, it can run as a NetWare Loadable Module™ on all of your Message Transfer Agent servers. Both Internet AND inter-office traffic must pass through your MTAs. It’s like having a guard in every hallway of your building. GWAVA can prevent a virus from spreading beyond a single post office.
In this image viruses cannot travel to other post offices because they are scanned by GWAVA when they pass through the MTA
How GWAVA Works
VirusVirusblockeblockedd
VirusVirusblockedblocked
VirusVirusblockedblocked
VirusVirusdelivereddelivered
VirusVirusblockeblockedd
As messages pass through the MTA, GWAVA temporarily moves the message (and attachments) to a quarantine zone, where they can be scanned for policy violations
Since GWAVA essentially exposes attachments in the quarantine zone, GWAVA makes it possible for you to use your existing AV NLM to scan the attachment
Quarantine and Filtering
Anti-Virus Strategy Using GWAVA
“562 million e-mails and 2 million viruses are carried by the Internet each day”
-IDC/Barrings
Anti-Virus Strategy Using GWAVA (cont.)
Virus scanning
Address blocking
Size limits
Attachment blocking
Content filtering
Tight integration with traditional AV NLM™ allows GWAVA to protect GroupWise from known viruses
Blocking file types known to carry viruses (i.e. VBS, SCR, COM, PIF, EXE…) can protect GroupWise from outbreaks of unknown viruses
Anti-Spam Strategy Using GWAVA
Viruses and spam have a lot in common…
• They target your inbox with unwanted messages• They can tie up e-mail servers with excessive traffic• They tempt you to click an attachment or link
Spam is a very subtle and gradual virus infection that is slowly degrading your
GroupWise system
Anti-Spam Strategy Using GWAVA (cont.)
Virus scanning
Address blocking
Size limits
Attachment blocking
Content filtering
A traditional approach to combating spam that rejects e-mail arriving from specified address or domains (i.e. block all mail from “abroller.com”)
Spammers may change their addresses/domains on a regular basis. Content filtering can block spam from both known and unknown sources (i.e. block mail containing the phrase “loose weight”)
E-Mail Usage Policy Using GWAVA
“The biggest threats to security may already be inside your network”
-Anne Chen, eWeekk km
E-Mail Usage Policy Using GWAVA (cont.)
Virus scanning
Address blocking
Size limits
Attachment blocking
Content filtering
Prevent confidential information from being shared with your competitors Control bandwidth usage by limiting attachment sizePrevent the exchange of non-business related materials (i.e. *.MP3, *.AVI, *.JPG…)Block confidential terms or inappropriate language
GWAVA Versions
Standard Edition• Virus scanning• Attachment blocking • Size limits• Content filtering• Anti-spam• Stand-alone management
Enterprise Edition • Virus scanning• Attachment blocking • Size limits• Content filtering• Anti-spam• Multi-server management
• ConsoleOne® snap-in
How To Contact Us
• Phone: +1 514 639 4850 Option 4 1-866-GO-GWAVA
• E-mail: [email protected]• Web: www.beginfinite.com