Security Basics mailing list archives

RE: Securing Corporate Web Based Email

From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Thu, 29 Jan 2004 11:13:31 -0800

From: Jeff McLaughlin [mailto:JMclaughlin () springsgov com]

Although, ensuring virus protection on all workstations is a start, 
we also have needs to filter content and track abuse.  For example, 
our corporate mail is scanned for content, spam, large attachments 
and viruses before reaching the desktop.  Web mail would of course 
bypass this.


Untrue, we run Microsoft Exchange 2000 and web-based email is subject
to all the restrictions that normal email does. Because the scanning
blocking and monitoring take place on, or before, the server/mailbox
direct or IMAP access to the user mailbox will garner the same
information
if they accessed it from POP client.

One question I have is, is there a document/paper that addresses web 
mail content providers and examines how successful they are in scanning

outgoing mail for viruses.


All of the providers/vendors do, but it's just useless sales cannon
fodder.

A second, any known appliances or software that can assist with web 
based mail content and tracking abuse.


We demoed Surf Controls email filter. This product sat before the
groupware
server and screened, scanned and monitored all email traffic and logged
everything to a SQL database. Because this was done before it ever
reached
the mail server there is no way for the user to bypass the security and
filter restrictions. Surf control also had some nice web interfaces to 
run reports against the database and see what the email/users are doing.
It
was a nice product, but out of my price range.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
             (800) 325-1199 x338


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------

Current thread:

Securing Corporate Web Based Email Jeff McLaughlin (Jan 29)
- Re: Securing Corporate Web Based Email Meritt James (Jan 29)
  - Re: Securing Corporate Web Based Email sil (Jan 30)
    - checking logs (was: Re: Securing Corporate Web Based Email Meritt James (Jan 30)
  - Re: Securing Corporate Web Based Email Steve (Jan 30)
- <Possible follow-ups>
- RE: Securing Corporate Web Based Email Shawn Jackson (Jan 29)
- Re: Securing Corporate Web Based Email Ivan Coric (Jan 30)
- RE: Securing Corporate Web Based Email Adams, Tom (Jan 30)
- RE: Securing Corporate Web Based Email Dowling, Gabrielle (Jan 30)