Antispam Configuration Issues Decisional Brief Followup - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Antispam Configuration Issues Decisional Brief Followup

Description:

Zero-time protection from spam and phishing. World's largest and most up-to-date database of spam, phishing and other abusive emails ... – PowerPoint PPT presentation

Number of Views:108
Avg rating:3.0/5.0
Slides: 18
Provided by: kam1
Category:

less

Transcript and Presenter's Notes

Title: Antispam Configuration Issues Decisional Brief Followup


1
Antispam Configuration IssuesDecisional
BriefFollowup
  • Don Holtzer
  • NOAA Office of the CIO
  • Messaging Operations Center
  • October 17, 2006

2
Outline
  • Purpose
  • Alternatives
  • Alternative 1 - Status Quo
  • Alternative 2 - Offsite Quarantine
  • Alternative 3 - Junk Folder
  • Alternative 4 - Centralized Quarantine Service
  • Alternative 5 - Hybrid Option
  • Recommendation

3
Purpose
  • This is a followup decisional briefing
  • Need to deal with growing amount of spam From
    whitelisted (_at_noaa.gov!) addresses
  • The MOC is tasked with dealing with false
    positives in coordination with NOAA email
    administrators and helpdesks in the field.

4
Purpose (continued)
  • The MOC is currently reviewing and interpreting
    messages quarantined as spam to look for false
    positives, or incorrectly marked legitimate
    messages
  • With the growing volume of spam, there is a
    growing volume of messages to search through and
    a growing volume of false positives
  • Important messages can get overlooked or
    misinterpreted as spam and never make it to the
    recipient
  • Alternatives 2 through 5 address this issue

5
Alternatives
  • Status Quo - One central admin to review
    quarantine in MOC
  • Offsite Quarantine Vendor hosted user
    quarantine folders
  • Junk Folder Quarantine in user mailbox
  • Centralized Quarantine Service Multiple central
    quarantine reviewers
  • Hybrid Option Combination of Junk Folders or
    user quarantines and centralized quarantines

6
Alternative 1 Status Quo
  • Current solution
  • All spam is quarantined in MOC
  • Quarantine is reviewed by MOC engineer
  • Costs currently high level engineer (166K) is
    being redirected from other technical projects,
    would need to hire less costly person (75K),
    plus support for quarantine server (5K per
    year)
  • Gartner
  • Considered wasteful
  • For the same money, one could buy a better
    antispam solution
  • It should not be up to IT to decide what is spam
    and what is ham

7
Alternative 1 Status Quo
  • Pros
  • No change for users
  • No change to messaging infrastructure
  • 70,000-100,000 spam messages filtered out per
    day
  • Cons
  • Need full time person to review 10-20K msg/day
  • Additional helpdesk time for false positive
    resolution
  • Potential delay/non-delivery of messages
  • DOC PTO also uses this method, and is
    considering moving.

8
Alternative 2 Offsite Quarantine
  • Low-scoring spam and false positives stored in
    quarantines at antispam vendor site
  • Individual quarantines for users
  • Accessed and managed by users
  • Costs offered at no extra cost by antispam
    vendor
  • Hidden costs? Vendor resources redirected from
    other work
  • Gartner
  • Considered Industry best practice
  • Saves Quarantine away from Infrastructure
  • Allows users to manage personal
    whitelists/blacklists

9
Alternative 2 Offsite Quarantine
  • Pros
  • No central resources to review quarantine
  • Most widely used in private industry and
    government (most popular in DOC OSEC, NIST,
    ITA)
  • No additional cost with our current antispam
    vendor
  • Saves helpdesk/MOC time dealing with false
    positives, whitelisting and blacklisting
  • Allows elimination of _at_noaa.gov whitelisting
  • Users will not be sent egregious spam

10
Alternative 2 Offsite Quarantine
  • Cons
  • Capability tied to provider
  • User training required
  • Could be considerable - very visible change to
    users
  • Interface involved
  • IT Security risk of exposed URLs in notification
    message
  • User control of whitelist/blacklist may lead to
    inadvertent problems
  • Provider distracted from primary antispam
    mission
  • User-reviewed quarantine (Average of 1-5 messages
    per week)

11
Alternative 3 Junk Folder
  • Low-scoring spam and false positives stored by
    server in junk folders in user mailboxes
  • Users can look in junk folder for missing
    messages
  • Costs - one week of 1.5 persons total (will
    actually be multiple persons across multiple
    servers) - 4.8K
  • Write plan
  • Write documentation for helpdesks
  • Write filters for servers
  • Write installation instructions
  • Install
  • Gartner
  • Considered a good practice
  • Requires sufficient infrastructure to handle load
    of additional inbound messages

12
Alternative 3 Junk Folder
  • Pros
  • No Delay of messages to users
  • User ability to identify false positives
  • No Centralized resources for reviewing
    quarantine
  • Saves helpdesk/MOC time dealing with false
    positives, whitelisting and blacklisting
  • Allows elimination of _at_noaa.gov whitelisting
  • Users familiar with solution in use by ISPs
  • Users will not be sent high-scoring spam (moved
    aside to specialized server)
  • Cons
  • - User-reviewed quarantine (Avg1-5 msgs per
    week)
  • User training required
  • Minimal not a major visible change for users
  • Infrastructure modification required (8 hours by
    MOC)

13
Alternative 4 - Centralized Quarantine Service
  • All spam goes to MOC
  • Multiple persons scan the quarantine
  • Option one with more resources devoted to effort
  • Costs 75K per reviewer does not require high
    level engineer. Absolutely need at least two for
    increased level of service (150K). Still need
    engineering support to manage quarantine server
    (additional 5K per year fraction of engineer)
  • Costs paid for by direct bill
  • Gartner
  • Not recommended
  • Same reasons as Option 1
  • Expensive (Too expensive?)

14
Alternative 4 - Centralized Quarantine Service
  • Pros
  • Same as Alternative 1 with more resources
  • May improve false positive forwarding
  • Not using system engineer time to review
    quarantine
  • Use two less skilled employees
  • Cons
  • Higher costs
  • Decisions made by quarantine miners
  • Still need system engineering to run/manage
    quarantine server

15
Alternative 5 - Hybrid Option
  • Combination of Junk Folders or user quarantines
    and centralized quarantines
  • Subset of users could opt-out
  • Costs dependent on scope
  • Very small (5-8K per year) if option two or
    three is chosen and there is a short arbitrary
    list of users who would still relay on
    centralized quarantine, still requiring server
    support and some quarantine scanning in MOC.
  • Costs rise as opt-out list grows or if interface
    is created to allow users to opt-in/opt-out
    themselves. (Note, self-opt-in/out is not
    available with option 2)
  • Gartner
  • Adds complexity
  • May be worth doing if managed properly

16
Alternative 5 - Hybrid Option
  • Pros
  • Obvious flexibility for management of users who
    absolutely insist on not having junk folders or
    their own quarantines
  • Combined pros of other options
  • Cons
  • Resources still needed for central reviewing
  • Requires process and system design/implementation
    for opt-in/opt-out
  • Requires some infrastructure change
  • May require directory schema change
  • Installation or modification of interface
    servers
  • Costs and resources needed depend on the scope

17
Recommendation
  • The EMC recommends alternative 3.
  • OAR Jeremy Warren Option 3
  • NOS Tom Murphy Option 3
  • NESDIS Charly MacFarland Option 3
  • OCIO/Staff Offices Tonya Banks, Trena Simon
    Option 3
  • NMAO Greg Bass Option 3
  • Fisheries Bill Bradley Option 3
  • NWS Mike Jackson Option 3
Write a Comment
User Comments (0)
About PowerShow.com