The Tips and Tricks Guide to Secure Messagingby Jim McBee
Threats against email systems have evolved to the point that protecting users, mail servers and bandwidth is no longer as simple as installing antivirus software. By some estimates, spam, phishing schemes, viruses, and other unwanted content now make up 70% of all email traffic into an organization's mail servers. The Tips and Tricks Guide to Secure Messaging by messaging expert Jim McBee introduces IT managers and messaging system administrators to the evolving threat landscape, emerging technologies for data protection, and best practices for protecting users, messaging system resources, and organizational data.
Volume 1: Strategies for Defending Email Infrastructure
Q: Why is email security important?
A: Email use has replaced the telephone as the predominant business tool for communicating with employees, customers, suppliers, and management. In 2004, IDC estimated that each day there are more than 30 billion email messages crossing the Internet; this estimate does not include email communication within an organization, where the messages never cross the Internet in the first place. The Radicati Group estimated that in 2004 there were nearly 900 million active mailboxes on the Internet with approximately half of these being used for business purposes.
Clearly, email systems and email communication has become extremely pervasive in business environments as a result of the ease with which information can quickly and efficiently be disseminated to one or many people anywhere in the world. The Meta Group estimates that approximately 75 percent of all corporate knowledge is now communicated via email.
Volume 2: Policies and Procedures
Q: What are best practices for email server administrator policies?
A: Good operational practices and good security practices go hand in hand. This might seem like a simplified way of looking at things, but I have found that organizations that are most successful at providing excellent service availability for their messaging systems also have few problems with security.
Volume 3: Architecture and Deployment Considerations
Q: What are best practices to follow when deploying servers?
A: Good email security should start the day you take your hardware and software out of the box and start installing. Security should not be an afterthought once a server is in production. Good security and good operational practices go hand-in-hand, and the steps that you take during deployment will contribute to not only better security but also a more stable email server environment.
First and foremost, start with a server build checklist that includes steps that will help make the server more stable and more secure. Once the server operating system (OS) and the email server software is installed, have a checklist of procedures and best practices that you follow to ensure the software is installed properly and securely.
I have a four-layer model that I use for representing the path to stable, secure, and available server platforms. Each of the higher layers depends on the lower layers being built properly. If the lower layers are not built properly, you cannot expect the upper layers to provide reliable or secure services. The four layers are:
- Operational policies and procedures
- Operating system
- Server platform
Volume 4: Antivirus and Anti-Spam Strategies and Best Practices
Q: How do I get started with a system for protecting against spam and viruses?
A: Most organizations already have some type of email security system in place. You may be relying on client-based antivirus software, server-based antivirus software, a Simple Mail Transfer Protocol (SMTP) gateway that handles virus inspection, or some combination of these.
Before moving on, understand that any single solution is probably not sufficient for protecting your servers and users from the crafty devils that are now writing viruses, attacking systems, blasting out spam, or developing phishing schemes. I recently worked with an organization in that needed help with a virus cleanup because the only antivirus solution was on the Exchange server. Although the company had a client-side antivirus solution, it was not distributed to all clients. A few of the clients on the network were infected with a variant of the Sober worm. The company was broadcasting viruses to the Internet almost continually.
At a minimum, a complete solution should address protection for the mail stores on your mail server and protect the client from viruses that they may be exposed to via email messages or a document or a Web page.