Security Basics mailing list archives
RE: Securing Corporate Web Based Email
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Thu, 29 Jan 2004 11:13:31 -0800
From: Jeff McLaughlin [mailto:JMclaughlin () springsgov com]
Although, ensuring virus protection on all workstations is a start, we also have needs to filter content and track abuse. For example, our corporate mail is scanned for content, spam, large attachments and viruses before reaching the desktop. Web mail would of course bypass this.
Untrue, we run Microsoft Exchange 2000 and web-based email is subject to all the restrictions that normal email does. Because the scanning blocking and monitoring take place on, or before, the server/mailbox direct or IMAP access to the user mailbox will garner the same information if they accessed it from POP client.
One question I have is, is there a document/paper that addresses web mail content providers and examines how successful they are in scanning
outgoing mail for viruses.
All of the providers/vendors do, but it's just useless sales cannon fodder.
A second, any known appliances or software that can assist with web based mail content and tracking abuse.
We demoed Surf Controls email filter. This product sat before the groupware server and screened, scanned and monitored all email traffic and logged everything to a SQL database. Because this was done before it ever reached the mail server there is no way for the user to bypass the security and filter restrictions. Surf control also had some nice web interfaces to run reports against the database and see what the email/users are doing. It was a nice product, but out of my price range. Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Securing Corporate Web Based Email Jeff McLaughlin (Jan 29)
- Re: Securing Corporate Web Based Email Meritt James (Jan 29)
- Re: Securing Corporate Web Based Email sil (Jan 30)
- checking logs (was: Re: Securing Corporate Web Based Email Meritt James (Jan 30)
- Re: Securing Corporate Web Based Email Steve (Jan 30)
- Re: Securing Corporate Web Based Email sil (Jan 30)
- <Possible follow-ups>
- RE: Securing Corporate Web Based Email Shawn Jackson (Jan 29)
- Re: Securing Corporate Web Based Email Ivan Coric (Jan 30)
- RE: Securing Corporate Web Based Email Adams, Tom (Jan 30)
- RE: Securing Corporate Web Based Email Dowling, Gabrielle (Jan 30)
- Re: Securing Corporate Web Based Email Meritt James (Jan 29)