The Administrator Shortcut Guide to Email Protection

by Paul Robichaux


The Administrator Shortcut Guide to Email Protection will give you critical, need-to-know information to help you properly protect your corporate messaging system from a wide variety of external and internal security threats. Although the book focuses on Microsoft Exchange-based enterprises, the concepts, principles, and methodologies presented within are universally applicable to virtually all messaging platforms. The Administrator Shortcut Guide to Email Protection is authored by messaging industry and Exchange guru Paul Robichaux. Paul provides readers with real-world insights to help them architect secure messaging systems and deal practically with real-world security problems. From virus protection to malware protection, this eBook is a must read for anyone involved in securing Exchange and other messaging platforms.


Chapter 1: Email Content Dangers

On March 26, 1999, email administrators were awakened to a new threat to their systems. A macro virus called Melissa was spreading rapidly through their email servers, clogging queues and eating up network bandwidth. By March 29, Melissa had reached more than 100,000 computers. Macro viruses were nothing new by this time, yet this one was different. Melissa was the first major virus to use the Exchange global address list (GAL) and the users' contacts as a mechanism to email itself to others. Though almost any virus can be spread through email if the dropper (a program that is infected or spreads the virus) is emailed to another person, this incident was the first time that a virus actually started emailing itself to others.

With an estimated 772 million mailboxes worldwide (Anti-Virus, Anti-Spam, and Content Filtering Market Trends 2003-2007 Report from The Radicati Group), email is an excellent delivery vehicle for computer viruses and malicious content. Knowing how to protect your email systems is critical, and doing so begins with a good understanding of what viruses are, how they’re written, how they spread, and how they can be blocked.

Chapter 2: Protection at the Client Level

In the first chapter, we explored many of the risks to which networked computers are exposed. Even if a computer is not networked, if the users of that computer share media (floppies, CD-ROMs, DVDs, or tapes) that have infected files, the computers can be infected by viruses, worms, or Trojan horses.

Your virus protection strategy is not complete until you have protected not only the email server, but also the client. In this chapter, I’ll cover how to protect Windows-based clients that are using Microsoft Outlook or Outlook Express and connecting to a Microsoft Exchange Server. Why? Protecting clients and leaving the server unprotected gives you a reasonable degree of security, but the reverse isn’t true. Client protection is the fundamental first step toward building a strong, layered defense against viruses. Many of the techniques discussed in this chapter are specific to Exchange environments, while others are generic and the principles can be applied to most any environment.

Chapter 3: Server-Side Antivirus Protection

Recent outbreaks of viruses, worms, and blended threats provide evidence that there is much more to virus protection than installing antivirus software on a client computer and hoping for the best. Some of the more notable blended threats such as Nimda, the Code Red worm, BugBear, SoBig, and Blaster have caught many network administrators by surprise. Blended threats are threats that combine characteristics of viruses, worms, and Trojan horses in one nasty package.

In most organizations, virus protection is not a single action that administrators perform but rather a combination of procedures and protection. Security experts call this layering defense in depth-the point is to harden your systems by putting up multiple barriers. The first two chapters of this guide discussed the basics of viruses and worms and the basics of protecting Microsoft clients against email-based threats. This chapter builds on the knowledge you have gained from the previous three chapters and focuses on protection of the Exchange server.

Protecting your Exchange servers from viruses, worms, Trojan horses, and blended threats is not simply a process of picking any virus protection software and assuming you are protected. Servers must be properly patched, Exchange must be properly configured, and the software that you pick for your Exchange servers must be able to accurately detect viruses and protect against malicious attachments.