Firewall Wizards mailing list archives
Re: Securing email by inhibiting urls
From: Victor Williams <vbwilliams () gmail com>
Date: Thu, 11 Aug 2011 13:12:43 -0500
Cisco Ironport or McAfee's two offerings: Email & Web Security Appliance or Email Gateway. The McAfee products used to be Secure Computing's Ironmail appliances, but were bought with the Secure Computing acquisition. Additionally, you should implement a true URL and content filtering service. Even if an email gets through here or there, clicking on the link in it will do more or less nothing if you have a "good" content-filtering proxy. At my last job, we implemented McAfee's Email Gateway which filtered out a very high percentage of junk incoming--you have to turn it on and take a lot of time configuring/tweaking it. We also used Trend Micro's InterScan Web Security product for web content filtering. The Trend-Micro product is based on Squid and some other open and non-open source products. We didn't want to take the time rolling our own Squid-based solution, and instead paid for that one. Ran both for a year+ without any known infections. I do know that we had all of the popular safeguards turned on on the McAfee appliance(s). SPF checking, blacklist checking with 4 different blacklists, reverse DNS lookup on the sending IP address, etc. We also only allowed delivery to addresses that could be verified valid by looking them up in Active Directory. If some server was attempting to send to a bunch of addresses that didn't even exist in our environment, that server was automatically banned from sending emails to us for X amount of time. This cut down on a LOT of junk. Disabling all the tools that people need to do their jobs won't help the situation. You need to get a good all-around solution and customize it to your environment--put a LOT of time into configuring and testing it. It took me personally about 40 hours to get the McAfee appliances working exactly how I wanted them to. On Thu, Aug 11, 2011 at 8:40 AM, Raphael Rivera <rafinous () yahoo com> wrote:
Chris, Have you all tried barracuda spam firewall? Sent from my iPhone On Aug 1, 2011, at 2:46 PM, "Chris" <chughes () l8c com> wrote: A company I work for has been having great difficulty in securing against email attacks. So far we have disabled access to webmail, implemented rules and processes to block freemail services like hotmail etc until the sender registers the address and of course a spam filter (BrightMail). Attachment filtering is pretty strict as well.**** ** ** The threat that presents the biggest challenge is url links in emails. The common method of attack is an email from somedomain.com where they change one character or otherwise make the address look valid (ie: <joe () s0medomain com>joe () s0medomain com or <j0e () somedomain com> j0e () somedomain com etc).**** ** ** I was looking for a way to spot and block hyperlinks but it looks like the only option I have is to filter on these and send them to a spam bin. I’d rather yank the offending hyperlink and replace it with a message of some sort. Unfortunately BrightMail doesn’t offer that capability.**** ** ** Any products that do this or ideas on a solution?**** ** ** Thanks**** _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Securing email by inhibiting urls, (continued)
- Re: Securing email by inhibiting urls Mathew Want (Aug 11)
- Re: Securing email by inhibiting urls Chris (Aug 11)
- Re: Securing email by inhibiting urls Marcus Ranum (Aug 11)
- Re: Securing email by inhibiting urls Jean-Denis Gorin (Aug 12)
- Re: Securing email by inhibiting urls Marcus Ranum (Aug 12)
- Re: Securing email by inhibiting urls Chris (Aug 11)
- Re: Securing email by inhibiting urls Timothy Shea (Aug 11)
- Re: Securing email by inhibiting urls Mathew Want (Aug 11)
- Re: Securing email by inhibiting urls Chris (Aug 11)
- Re: Securing email by inhibiting urls Kurt Buff (Aug 11)
- Re: Securing email by inhibiting urls Victor Williams (Aug 11)
- Re: Securing email by inhibiting urls Chris (Aug 12)
- Re: Securing email by inhibiting urls Paul D. Robertson (Aug 12)