Re: Screening Mail Policy&Product

[Rick Smith <rick_smith () securecomputing com>]

I've been otherwise occupied so I didn't jump into this thread eariler.

SCC has been doing mail filtering systems for a while now and let me
provide some insight into the practical aspects of it.

First of all, nobody expects it to block a determined attempt to remove
information from the confines of a site. If an insider wants to steal
stuff, he can simply follow Aldrige Ames' lead and use shopping bags. I
always find it useful to keep this in mind when discussing information
security.

The practical purpose of content filtering is to prevent accidents, either
by insiders being careless or by inside software doing auto-forwarding that
it shouldn't be doing. It's hard enough for savvy people to keep internal
vs external mailing lists straight, and expanding cc: lists can take anyone
by surprise. 

Also, the fact that e-mail is being scanned and (in some sites) randomly
archived provides additional deterrent from willful violators who lack the
technical savvy to bypass the system. Not every evildoer is an agent highly
trained in the blacker arts of INFOSEC, even including trivial things like
forged headers.

The most extensive filtering we do is on the Standard Mail Guard, a
military grade device that's available through NSA's MISSI office.

We also offers some e-mail filtering on Sidewinder. It took some efficiency
shortcust so it doesn't support full regular expressions, but it seems to
do the job for interested customers. YMMV.

Rick.
smith () securecomputing com