Jackie's overview

1
Meganet Corporation VME Gateway
2
Meganet Corporation
Meganet Corporation is a leading worldwide
provider of data security to Governments,
Military, Armies, financial institutions,
enterprise and large corporations around the
world.
3
Presents
4
email Security Solutions
5
Sending an eMail is like sending a postcard.
6
? Are you sure no one else reads your emails but
you?!!
7
Your email message can be intercepted easily and
your information is being exposed!!
Your Business Contracts
Your new products diagram
Private Personal Information
Communication with your Bank
Military and classified information
Private Medical Information
8
The Security Challenge

• Emails carrying offensive messages or
  confidential corporate information can create
  immense inconvenience and expense for a company
  that has not equipped its mail server with the
  appropriate tools.
• The same goes for spammers who use the email
  system at work to send thousands of unsolicited
  email messages.
• And what about the vast damage and time-loss
  caused by email viruses, which seems to making
  ever more frequent appearances these days.

9
The Security Challenge

• Various studies have shown how employees use
  email to send out confidential corporate
  information. Be it because they are disgruntled
  and revengeful, or because they fail to realize
  the potentially harmful impact of such a
  practice, employees use email to share sensitive
  data that was officially intended to remain
  in-house.

10
Types of Attack or Misuse Detected in the Last 12
Months
CSI/FBI 2002 Computer Crime and Security Survey
11
Types of Attack or Dollar Amount of Loss by Type
(in millions)
CSI/FBI 2002 Computer Crime and Security Survey
12
The solution
VME Gateway
An automatic Policy Based email Security Server
13
Solution requirements

• A robust e-mail delivery service provides
  rule-based automatic enforcement of enterprise
  policies in four dimensions
• Integrity thru Authentication and non-repudiation
• Confidentiality thru Encryption and Decryption
• Protection thru Anti-Virus Scanning and Content
  Filtering
• Longevity thru Logging, Archiving and Retrieval
• The e-mail system must provide ubiquity,
  interoperability, universal support and
  transparency.

14

Today Corporate Without VME Gateway
Users
SMTP/MAPI
Anti - Virus
15
VME Gateway

• VME Gateway Policy Enforcement (the engine)
• The VME Gateway Policy Enforcer manages policy
  enforcement decisions in real-time on each e-mail
  message routed to VME Gateway .
• Policy enforcement decisions are made using rules
  stored in the VME Gateway Rule Base.
• These rules specify the actions to be taken on
  each message according to its contents.
• Rules are applicable to an e-mail according to
  its sender and recipient, its contents and
  attachments.
• Once the rules that apply to a given e-mail are
  determined, the actions they state are performed.

16
VME Gateway

• VME Gateway Policy Enforcement (the engine)
• Primary actions include encryption, failing the
  message or taking no action.
• When encryption is specified, the rule also
  indicates which encryption method should be
  applied and which encryption key to use.
• Additional actions include generating log
  information, message archiving, return receipt,
  adding notes and rerouting the message.
• Once VME Gateway security processing has been
  completed, the message is directed to the e-mail
  server.

17

Adding VME Gateway
Users
SMTP/MAPI
VME Gateway
Anti - Virus
18
VME Gateway e-mail processing (Outgoing
Incoming)
VME Gateway
19
Recipient Alternatives

• 1. No Client Software (self.exe encryption)

• 2. Client Resident Software (.cry encryption)

• 3. PKI (S/MIME encryption)

20
VME Gateway
21
Performance
Mail Security Policy You can set
general/selective rules for incoming/outgoing
emails. For example Catch and Encrypt all
emails sent from the CEO in New York to the CEO
in London, so only the 2 of them are able to read
the message.
Transparent to the end user The encryption is
done automatically. Both sender and recipient
need to understand nothing about encryption.
VMEgateway can encrypt in 2 ways Symmetric Both
sender and recipient share the same password for
encryption and decryption. A-Symmetric The
recipient holds a Private key with which he will
be able to open encrypted mails that were
encrypted by VMEgateway using his Public key.
22
Performance
Content Filtering VMEgateway can Catch any
email with an attachment according to its type or
size and decide what should happen to such an
email. For Example VMEgateway can be set to
block any outgoing emails that has an attachment
which its type is .Mpeg and which its size is
bigger than 3MB. More than that, you can ask
VMEgateway to block any email that its
attachment name is for example Virus.exe from
getting into your email system. In VMEgateway
also offer you more advanced content filtering
technology, such as word filtering ext.
23
Performance

• Anti-Virus Check
• VMEgateway will automatically Anti-Virus check
  your organizations incoming and outgoing emails
  and get updated with the latest updates
  automatically every day.
• You can choose to work with
• Aladdin esafe
• Symantec Norton AV
• CA Inoculate
• McAfee
• F-Secure F-Prot

24
Performance
Digital Signature VMEgateway can sign every
outgoing email, so the recipient can confirm that
the email sent to him was not tampered and
confirm the identity of the sender.
25
Performance
Encryption Key Management VMEgateway has an
internal database that holds the Symmetric and
A-Symmetric keys. Managing the keys is done very
easily. There is an option to extend the database
and work with an external database, such as MSQL
2000.
26
Performance
Public Key Auto Extraction When an external user
sends an s/mime encrypted email to one of your
people, VMEgateway will automatically extract the
public key from the message and keep it in the
key database. Next time when an email is sent
from your organization to that person, VMEgateway
will automatically use this public key for
encryption.
27
Performance

• Supported Standards and Protocols
• X.509 V3 Certificates
• Public Key - RSA
• DES, TDES AES
• LDAP
• SHA1 and MD5 Hashing Algorithms
• Checkpoint OPSEC Compliant (CVP ELA)
• Compatible with any SMTP Mail Server

28
A Quick Demo
Symmetric Auto Encryption Suppose we set
VMEgateway to automatically encrypt all emails
you send to your potential client in
Singapore. Lets say you sent him your new
proposal and you would like to make sure the
email is seen only by you and him.
1. Write and send your email.
2. Your potential client receives the encrypted
email as a small attachment.
3. He is asked to open the attachment and enter
the shared secret key (password).
4. Writing the right key (password) enables the
message to be automatically decrypted.
Confidential Sales Contract The Meganet
Corporation will
Thats it. That simple!
29
Additional Features

• Strip Word and Excel document macros
• VME Gateway can remove macros from Microsoft Word
  and Excel documents to prevent potentially
  hostile content from entering or leaving the
  organization.

30
Additional Features

• Interface with Active Directory
• VME Gateway can interface with an LDAP server for
  online user and group information retrieval. The
  groups are managed on the LDAP server and VME
  Gateway downloads the groups contents
  periodically.

31
Additional Features

• On-line retrieval of certificates
• VME Gateway can retrieve user certificates online
  from LDAP servers. When a certain user
  certificate is required, VME Gateway can generate
  an LDAP query to one or more LDAP servers for
  retrieving the users certificate.

32
Additional Features

• Detection of scripts, embedded files and links in
  PDF documents
• VME Gateway can detects whether PDF files has
  java scripts, embedded files or links which might
  pose a security risk, and treats such a PDF file
  as if it contains a macro.

33
Additional Features

• Text filtering
• VME Gateway can apply rules to messages according
  to their contents. The message subject, text and
  attachments can be searched for predefined
  expressions and if found, can trigger specific
  actions. Expressions can be either in the form of
  a Boolean expression (cat and dog) or as a
  category. This feature is especially useful for
  catching sensitive information as it is being
  sent out or for blocking messages of specific
  type (junk mail, explicit content etc.)

34
Additional Features

• Time objects
• VME Gateway includes Time Objects which specify a
  time period (time of day, day of week, day of
  month) for which certain rules are valid. This
  allows for rules to be applied only during
  specific time such as weekends when security can
  be tighter.

35
Additional Features

• Detection and stripping of HTML potentially
  hostile content
• VME Gateway can detect HTML scripts, cookies and
  code references inside HTML content and can strip
  them to prevent potentially hostile content from
  entering or leaving the organization.

36
Setting up the remove suspicious HTML content
from HTML messages
37
Setting up the remove suspicious HTML content
from HTML messages
38
Setting up the remove suspicious HTML content
from HTML messages
39
Setting up the remove suspicious HTML content
from HTML messages
40
Setting up the remove suspicious HTML content
from HTML messages
41
Additional Features

• E-Mail Simulation
• VME Gateway includes a simulation tool used for
  policy verification. Using this tool, e-mail
  messages can be simulated and processed by the
  system without actually being sent out. The
  outcome of the simulated message is displayed,
  allowing the administrator to confirm that the
  system behaves as expected

42
Additional Features

• Companion Decryption Software
• VME Gateway include three client software
  packages that can be used for decrypting
  symmetrically encrypted messages created by VME
  Gateway .
• These packages Decryptor, FileDecryptor and
  FileDecryptor2 are located in the Client
  Tools folders and can be freely distributed to
  anyone.
• They are small and do not require any
  installation procedure so they can even be run at
  an arbitrary location from a floppy disk.

43
Additional Features

• VME Gateway Security Client
• The VME Gateway Security Client (GSC) is used for
  encrypting all outgoing messages from the users
  computer up to VME Gateway automatically and
  transparently.
• The Client intercepts all outgoing SMTP traffic
  and S/MIME encrypts it using a single X.509
  certificate.
• The destination VME Gateway identified the
  message and automatically decrypts it its private
  key and then processes it normally according to
  the rules and global options.
• The GSC should be used when the communication
  between the client computer and the VME Gateway
  Wall machine is insecure (such as a traveling
  user which connects to the internet for sending
  messages and is not using VPN).

44
The e-mail Services Status
45
VME Gateway solution

• Meganet Business model 3 main markets
• Corporations Secure e-Mail servers.
• Financial institutes e-Bill presentation.
• ISPS/distributed - Secure delivery services.

46

VME Gateway Deployment (Corporate)
SMTP
SMTP
SMTP
TCP/IP
Users
47

VME Gateway Deployment (e-Bill)
48

VME Gateway Distributed Deployment (ISP/ASP)
VMEgateway
VMEgateway
VMEgateway
VMEgateway
49
VME Gateway Distributed Deployment (ISP/ASP)
50
VME Gateway Distributed Deployment (ISP/ASP)
51
System Requirements

• Windows
• NT/2000/XP

52
Meganet Corporation Contact us

• Meganet CorporationWorld Trade Center
• 350 S. Figueroa St. 450
• Los Angeles, CA 90071-1201 Sales
  1-800-MEGANET
• Phone 213-620-1666
• Fax 213-620-1655
• E-mail sales_at_meganet.com

53

• Appendix
• Creating a new rule

54
Creating A New Rule

• To activate the rule, check the Active check box.
• Open the Priority drop down list to select the
  rule priority.
• Select to which messages the rule applies in the
  Apply To drop down list.
• To specify additional criteria parameters, right
  click with the mouse inside the Criteria list

55
Creating A New Rule
56
From criteria

• To add a From criteria, select the From item
  from the menu.
• The following dialog will be displayed

57
You can click the icon to open the E-mail
Addresses/Groups selections to help you select
the proper e-mail addresses and groups
58

• Note The Search for field, the Search button
  and the Results list are only available if you
  are using a directory for storing users and
  groups information.
• To search the directory, enter a search string
  (such as bob) and click the Search button. The
  results will be displayed in the Results list.
  Double clicking an item in this list will pop up
  a dialog with all available information retrieved
  from the directory server.
• To add an e-mail address/group, select the e-mail
  addresses and click the Add button. Multiple
  addresses can be selected and added.
  Alternatively, type in an e-mail address in the
  E-mail field and click the Add button.
• To remove an e-mail address or group select it in
  the selected Users or Selected groups list and
  click the Remove button.

59
To criteria

• To add a To criteria, select the To item from
  the menu.
• The following dialog will be displayed

60
To/Cc limit criteria

• To add a To/Cc criteria, select the To/Cc
  item from the menu.
• The following dialog will be displayed

61

• The rule will apply if the total no. of visible
  recipients (i.e., recipients in the To and the
  Cc fields, not the Bcc field) exceeds the
  specified no. This is especially useful for
  catching a situation where the sender has
  mistakenly specified the recipients in the To
  or Cc fields instead of the Bcc field,
  thereby exposing the entire recipients list to
  all the recipients.

62
Attachments criteria

• To add an attachment criteria, select the
  Attachment item from the menu.
• The following dialog will be displayed

63

• Message contains attachments that are
• If this option is set then messages without
  attachments will never match this rule.
• Bigger/Smaller than XXX KB
• Specify the size criteria. The size is checked
  against each attachment separately and not by the
  accumulated sizes of all the message attachments.
  If the message contains multiple attachments the
  rule is applicable when at least one attachment
  matches the given size.
• And are of type/ And are not of type
• Specify the attachment type. Attachment types are
  defined using the Attachment types window in the
  object tree.
• Note If both size and type are specified then a
  single attachment must match BOTH criteria.

64
Text condition criteria

• To add the text condition criteria, select the
  Text condition item from the menu.
• The following dialog will be displayed

65
Time object criteria

• To add the time object criteria, select the Time
  object item from the menu.
• The following dialog will be displayed

66
S/MIME parameters criteria

• To add the S/MIME parameters criteria, select the
  S/MIME parameters item from the menu.
• The following dialog will be displayed

67
After completing the definition of the Criteria
part, the rule may look something like this
68

• Note that only those criteria which are set to
  non empty conditions are displayed to avoid
  unnecessary clutter. To edit an existing
  criteria, double click it or right click on it
  and select Edit. To delete an existing
  criteria, right click on it and select Delete.

69
Action section

• To specify an additional action, right click with
  the mouse inside the Action list

70
Main action

• To add the main action, select the Main action
  item from the menu.
• The following dialog will be displayed

71
Here is a description of the available main
actions

• Delete message
• If this rule applies to a message, and the Main
  Action is not set yet, then the message will be
  deleted and no copy will be sent to any recipient
  or to the message sender.This action is
  typically used for messages that are classified
  as Spam.
• Hands Off
• If this rule applies to a message, and the Main
  Action is not set yet, then the message will not
  be failed or encrypted.
• Notes can be added to this action. For example
  If the sender of an e-mail message is the
  President of the Corporation, do not touch it.

72
Here is a description of the available main
actions

• Fail to All
• If this rule applies to a message, and the Main
  Action is not set yet, then the message will be
  failed to all recipients, even those that did not
  match this rule. The sender will receive a
  notification message on the message failure.
• Failed to Caught Recipient
• If this rule applies to a message, and the Main
  Action is not set yet, then the message will be
  failed to all recipients who matched this rule.
  The sender will receive a notification message on
  the message failure.

73
Here is a description of the available main
actions

• Encrypt
• If this rule applies to a message, and the Main
  Action is not set yet, then the message will be
  encrypted according to the parameters defined in
  the Encrypt tab.
• Not set
• This action means that this rule does not set any
  Main Action, and the Main Action will be
  determined by the next rule which applies to the
  message (according to the rule priority
  traversal).

74
Additional Actions

• For each additional action, the rule can specify
  which additional action to take if and only if
  that action has not already been set to Yes or
  No by a previous rule which applied to the
  message..

75
Additional Actions

• Log Message action
• To specify the log message action, select the
  Log item from the menu.
• The following dialog will be displayed

76
Additional Actions

• Select Yes to add an event to the VME Gateway
  Log. The event will contain the policy and rule
  ID that generated the event as well as the
  message parameters.The rules comment is added
  to the log event to help clarify the rules
  purpose.

77
Additional Actions

• Archive action
• To specify the archive action, select the
  Archive item from the menu.
• The following dialog will be displayed

78

• Select Yes to send a copy of the message to
  the e-mail archive. The Encrypt archive option
  determines whether to encrypt the message sent to
  the archive.

79
Return Receipt action

• To specify the Return receipt action, select the
  Return receipt item from the menu.
• The following dialog will be displayed

80
Strip HTML action

• To specify the Strip HTML action, select the
  Strip HTML item from the menu.
• The following dialog will be displayed

81
Notes action

• To specify the Notes action, select the Notes
  item from the menu.
• The following dialog will be displayed

82
Add/Remove recipients action
To specify the Add/Remove recipients action,
select the Add/Remove recipients item from the
menu. The following dialog will be displayed
83
S/MIME signature - Sign action

• To specify the S/MIME signature - Sign action,
  select the S/MIME signature/Sign item from the
  menu.
• The following dialog will be displayed

84
S/MIME signature Remove signature action

• To specify the S/MIME signature Remove
  signature action, select the S/MIME
  signature/Remove signature item from the menu.
• The following dialog will be displayed

85
S/MIME signature Remove signature if needed
action

• To specify the S/MIME signature Remove
  signature if needed action, select the S/MIME
  signature/Remove signature if needed item from
  the menu.
• The following dialog will be displayed

VME Gateway must remove the digital signature on
a message that needs to be altered. (For example,
when notes are added or for encryption).
86
Encryption parameters action

• To specify the Encryption parameters, select the
  Encryption item from the menu.
• The following dialog will be displayed

The Encryption parameters are used for rules
which have the Main Action set to Encrypt or
for the Base and Template rules.
87

• When defining encryption rules the administrator
  must consider the following parameters
• Message security.
• How convenient is this rule to the recipient.
• The encryption laws in the recipients
  country/state.
• Does the recipient have client software or one of
  the available decryption clients in order to
  decrypt symmetrically encrypted messages.
• Does the recipient have an X.509 certificate for
  S/MIME operations.
• How will the recipient receive the encryption
  keys in an insecure channel.

88

• The Encryption parameters are divided into two
  sections S/MIME and Symmetric. These options are
  valid only when the rules main action is
  encrypt.
• For each option, the rule can specify which
  action to take if and only if that action has not
  already been set to On or Off by a previous
  rule.

89
S/MIME

• Encrypt Using Recipients CertificatesCheck this
  option to send the message S/MIME encrypted using
  the recipients X.509 certificates.

90
Symmetric

• Pack the entire message into a single encrypted
  file
• This option wraps the entire e-mail messages
  (including HTML and attachments) into a single
  packed encrypted file.
• Encrypt Message TextCheck this option to encrypt
  the message text
• Encrypt AttachmentsCheck this option to encrypt
  the message attachments
• Encrypt Attachments as Self-ExecutablesCheck
  this option to convert the encrypted file/s to an
  EXE program that can be executed on the
  recipients Windows machine.

91
Advanced
Do Not Encrypt - This assumes that the client has
selectively encrypted the confidential parts of
the message and has decided to leave the rest
clear. When VME Gateway recognizes that parts of
the message are encrypted the rest of the message
remains clear text. Encrypt All Clear Parts -
Messages transferred from the sender to the
recipient are encrypted, even when sent
completely clear. Partially encrypted messages
sent by the sender will be encrypted as
well. Encrypt Everything - All messages going
from the sender to the recipient will be. This is
used when the clients encryption may be
unreliable, and the administrator wishes to
safeguard e-mail using your official engine and
key.
92

• After completing the definition of the Action
  part, the rule action list may look something
  like this

93
End !!!