Educause Security Discussion mailing list archives
Re: Cisco Iron Port
From: Azim Kassam Boblai <azimboblai () UAEU AC AE>
Date: Thu, 25 Jun 2009 08:49:44 +0400
WE faced the spamming issue for a while until we configure and deploy Antispam solution from Fortinet (Fortimail), worked very well only need to tweak sometimes to avoid any major spammer, has a good access policy and filters Try out works well Please revert back for any query Thanks and Regards Azim K Boblai IT Security Officer University Information Technology & Services (UITS) Tel : +971 3 7131497 Mobile : +97150- 1564568 Fax : +971 3 7542742 mailto:azimboblai () uaeu ac ae website : www.uaeu.ac.ae please don't print this e-mail unless you really need to. Thank you! -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jesse Thompson Sent: Wednesday, June 24, 2009 7:44 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cisco IronPort Phishing is a difficult problem for anti-spam vendors to solve since phishing campaigns are frequently targeted specifically at your domain. It's not realistic to rely on a vendor (or outsourced provider) to have a one-stop solution to the phishing problem. We've seen cases of the phishers gaining access to a local account and sending test emails to the account until they find a message that gets through. It's like expecting your desktop A/V to protect you from a hacker that already has an account on your computer; eventually they will root it. This is an area that you will need quality staff to devise solutions that incorporate local policy and manual intervention. Yes, this also applies if you outsource your email since Google and Microsoft do not deal with this problem, and if you look at the APER list you will see that they are a big source of the problem. You will want to find a product that is powerful and flexible. We use PureMessage, and I recommend it. It's extremely cusomizable (sieve configuration) and extensible (perl plugins). I've never used Ironport, but it sure gets hyped a lot; which probably means they give a nice powerpoint presentation. Jesse Foerst, Daniel P. wrote:
Hi Mig, That is all very interesting to know. We have begun to preliminarily look at IronPort as we are a large Cisco shop. However we have had many concerns regarding the phishing exploits. Can anyone else speak of alternatives to IronPort that are good and possibly EDU friendly? The latter isn't a prerequisite, but it would be nice to know. -dan Daniel Foerst Manager, Networks & Security The Catholic University of America Washington, DC 20064 ------------------------------------------------------------------------ *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Mig Hofmann *Sent:* Tuesday, June 23, 2009 1:14 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Cisco IronPort We have had an Ironport for several years but have been increasingly unhappy with the product's heuristics and phishing detection capability. It just let a large number of phishing emails through this weeek that we feel it should have caught. We have repeatedly asked CISCO to include outside blacklist sources such as Google Code and .edu related forums to better monitor phishing variants but we repeatedly see new variants that get through even though mentioned on these forums and blacklists. We have to assume after discussing this for over a year, that perhaps the .edu domain is not a priority to them else we would expect to see these included in their updates/sigs. We have had Platinum support for a year but it has not helped in this regard much as we can determine. My understanding from talking with the prosecutors on the recent DoJ case was that although CISCO was very helpful in data gathering, almost no university that had an Ironport detected the type of spam the Shah brothers were sending. I'm not sure what that says about the product, but unfortunately it makes it increasingly useless to us for the types of activity and messages we would like to prevent getting through. Mig K. Mig Hofmann Information Security Officer San Francisco State University 1600 Holloway Avenue San Francisco, CA 94132 415-338-3018 mig () sfsu edu <mailto:mig () sfsu edu> www.sfsu.edu <http://www.sfsu.edu> -----The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> wrote: ----- To: SECURITY () LISTSERV EDUCAUSE EDU From: "Axworthy, Heather" <haxworthy () UMASSP EDU> Sent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: 06/23/2009 09:46AM Subject: [SECURITY] Cisco IronPort Hello all, I’d like to know if any institution out there has deployed a Cisco IronPort device in their network? Just curious as to what you think about it? Ease of use? Reporting? Worth the money? Any information would be greatly appreciated. Feel free to reply off list. Thanks, Heather :: *Heather Axworthy *, Lead Security Specialist :: University Information Technology Services (UITS) :: University of Massachusetts President's Office :: 774.455.7762 Phone :: 774.455.7733 Fax :: haxworthy () umassp edu <mailto:haxworthy () umassp edu> University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA 01545 : www.massachusetts.edu <http://www.massachusetts.edu/>
-- Jesse Thompson Division of Information Technology, University of Wisconsin-Madison Email/IM: jesse.thompson () doit wisc edu
Current thread:
- Re: Cisco Iron Port Azim Kassam Boblai (Jun 24)