PSU COE Email Services Addressing Security, Virus Protection

1
PSU COE Email ServicesAddressing Security, Virus
Protection SPAM

• Joe Lanager
• William Burkhard
• Center for Electronic Design,
• Communications Computing
• The College of Engineering
• The Pennsylvania State University

11 November 2002
2
Topics

• System Configuration Clients
• Key System Functional Features
• Mail Server Security
• Approach to Global Mail Server Security
• Virus Protection
• Results of Effective Virus Protection
• Preventing SPAM
• Conclusion

Taking a Bite out of Hackers!
3
PSU COE Email Systems
Front End Mail Server POP, IMAP Outlook Web
Access
Dell PowerEdge 1550 Dual 1GHz 1 Gig RAM 18 Gig
SCSI
Back End Mail Servers
Dell PowerEdge 1550 Dual 1GHz 1 Gig RAM 72 Gig
SCSI RAID 5
Backbone
POP, IMAP, SMTP Outlook Web Access Clients
Exchange Clients
4
Key System Functional Features

• Support for legacy POP3 Clients
• Support for IMAP
• Support for SMTP
• Support for Exchange
• Support for Secure Web Access
• Nightly Backup of Servers for Disaster recovery
• 24 Hour Tomb Stoning of Mailboxes for Immediate
  Recovery of Lost Mail Items
• Transparent Movement of Mailboxes Between Back
  End Servers

5
Mail Server Security

• Approach to Global Mail Server Security
• SSL Encryption for POP, IMAP, SMTP Web Mail
• Require Authenticated SMTP for all External IP
  Addresses
• Maintain Seven Day Email Tracking Logs
• IP SEC Filtering of ICMP, NetBios LDAP for all
  External IP Addresses
• Microsoft 128 Bit Encryption for all Exchange
  Clients
• Ability to Block for any Sender or Incoming IP
  Address or Range of IP Addresses
• Virus Protection with Anti SPAM Filters (Based on
  Sender, Range of Sender, Content Rules)

6
Mail Server Security

• Virus Protection
• Symantec Antivirus Filtering for Email Gateways
• All Inbound Outbound Emails are Scanned
• Daily Virus Definition Updates
• All Existing Mail is Rescanned with Latest AV
  Virus Definitions
• Repairable Attachments are Repaired (If able) and
  Sent to Client Attachments that Cant be
  Repaired are Quarantined
• Notify University Security Office to Request
  Pursuit of ISP Actions
• 10,000 Infected Emails Detected and not
  Distributed to Clients in Last Six Months!

7
Results of Effective Virus Protection
Klez H
5/0211/02
8
Results of Effective Virus Protection
Without Klez H
2600
5/0211/02
9
Mail Server Security

• Preventing SPAM
• Block Relaying
• Symantec Antivirus Filtering for Email Gateways
• Filter Based on Sender, From Domain, Senders IP
  Address a Group of IP Addresses
• Filter Based on Content Rules (e.g.,
  Objectionable content, catch phrases in both
  Subject Message Body)
• Quarantine, Delete and Notify Sender and/or
  Recipient
• Notify University Security Office to Request
  Pursuit of ISP Actions

10
Conclusion

• There are effective tools available to system
  administrators to secure Exchange Email servers.
• Proactive virus protection is effective and
  protects clients.
• Preventing relaying and employing filtering
  techniques reduce the impact of SPAM on Email
  servers and clients.
• Daily vigilance is part of an effective Email
  Security program.
• Email Security is a 24x7 process.