Security Basics mailing list archives
Re: Securing Corporate Web Based Email
From: Brian Keefer <chort () amaunetsgothique com>
Date: 31 Jan 2004 22:33:14 -0800
On Wed, 2004-01-28 at 14:33, Jeff McLaughlin wrote:
A second, any known appliances or software that can assist with web based mail content and tracking abuse.
The IronWebMail product from CipherTrust proxies webmail connections and scans the stream for signature matches on know bad traffic. It will block attacks before they're passed to the internal server. For OWA specifically it has the ability to do session length enforcement, time-out enforcement, and real secure log-off (which OWA was totally lacking prior to 2K3). It works with any webmail product (or any HTTP traffic, for that matter), but the extended features around session management are for OWA-only. There are other commercial products available that also do AV and content scanning on webmail traffic, although I'm not aware of the performance implications of such a setup. -- Brian Keefer, CISSP Systems Engineer CipherTrust Inc, www.CipherTrust.com --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Re: Securing Corporate Web Based Email Brian Keefer (Feb 02)
- <Possible follow-ups>
- RE: Securing Corporate Web Based Email Jeff McLaughlin (Feb 02)