Anti-virus/Anti-spam:
At their most passive, inappropriate emails are a nuisance and at their worse, a significant business menace. A more recent trend is to harvest Out of Office responses. These are then exploited for 2 purposes:
- To send thousands of messages to that absent person with the "From" spoofed to be the end-target person. When your system legitimately replies to the "sender" with an Out Of Office, the spammer has delivered his message. Meanwhile, you have just been blacklisted for spamming....
- Now the spammer has a valid user/domain name as confirmed by the Out of Office, it's a simple progresion to send emails to "colleagues", exploiting the natural tendency to trust internal emails and hence catch you with your guard down. The most popular payload is a root kit so that the spammer now has complete control of your PC....
We're moving into a period where networks need to be protected at 2 levels:
1. Before reaching your network:
All your inbound email is passed through Google's Postini ® which pre-filters them before forwarding them on to your Exchange server.
As these filters are handling 12,000,000,000 emails per day, they are readily able to detect new patterns (e.g. a new identical message heading to multiple organisations can be marked as spam. A new virus threat can be blocked within minutes rather than waiting for the next weekly update to be applied to your network).
They're essentially working in real-time, making them far more effective than subscription based tools which are always playing catch-up through periodic updates.
Each evening around 21:00, each individual receives an email listing all the blocked emails. If a good email has been accidentally trapped (which is genuinely rare), you simply click on the "Deliver" button. You can also proactively check on all quarantined email at any time of the day.
Finally, in the event that you're having email issues (e.g. Internet line is down, your Exchange server is having problems), rather than refusing emails (which is when the sender gets the "Delayed Notification" message), they are filtered and then stored for you in proxy; automatically forwarded once the problem has been resolved.
In summary, IntraLAN's Email Protection (IEP) service offers 3 key benefits:
- Anti-virus filtering
- Anti-spam filtering
- Email proxy
IEP is an optional NetCare module (see NetCare Overview) offering you simplicity and convenience through a single point of contact. To appreciate the difference, ask the help-desk for a 1 month trial.
IEP starts at just 10 mailboxes; see Costs. For more information, review the Services Handbook or ask the NetCare help-desk.
2. Within your network:
Without IEP, all defences start at your local network; your line has already been loaded and Exchange is busy dealing with spam and viruses. Even with IEP in place, it still remains essential that you implement local defenses:
Anti-spam:
Microsoft Exchange uses Intelligent Message Filter (IMF), a competent anti-spam utility. It inevitably suffers from "after the horse has bolted" syndrome, but it should also deal with spam from internally initated processes (e.g. Trojans).
Anti-virus:
Remember an anti-virus package is needed to deal with viruses from a multitude of sources - web-sites, memory sticks, VPN access (i.e. not just emails). Therefore it isn't adequate to protect just your server(s) - you need sufficient licenses for all your PCs (including home workers). If you do get a virus outbreak you'll need your anti-virus software deployed throughout your organisation to instigate a clean up.
It isn't a good idea to load more than one anti-virus package on a PC or server (as they may conflict) - hence the "in series" with IEP is particularly effective.
Anti-spyware:
Usually contracted through web-sites (either by direct access or through a "loaded" email). There are a number of free tools - Microsoft provide Defender - contact the NetCare help-desk for more information. There's no harm in installing multiple anti-spyware products on PCs.
Update mechanisms:
Obvious, but it's essential that all the defence mechanisms are continually updated:
- Anti-spam (IMF) is automatically updated by Exchange;
- Anti-virus is automatically updated by the package itself (but note: this is just the signatures, not the engine which needs to be manually updated). We support Sophos and Trend but our long-term (although not cheapest) favourite remains Network Associates.
- Anti-spyware can be scripted to automatically download updates
- Microsoft security updates should be managed by WSUS for automatic distribution to all internal PCs and servers.
- Microsoft server Service Packs should be undertaken manually with the engineer physically in front of the server (so they can be backed out if there's a problem)
- Home workers/laptops on the move should be configured to get updates directly off the web (rather than through the VPN to the main office) - especially your home workers with children that share their PC...
And as with all things automated, one day they'll quietly stop - hence why our monthly NetCare health-checks keep an eye on this...