Email Security with Cisco IronPort - Chris Porter

Email Security with Cisco IronPort

(Autor)

Buch | Softcover
576 Seiten
2012
Cisco Press (Verlag)
978-1-58714-292-5 (ISBN)
59,80 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
Email Security with Cisco IronPort thoroughly illuminates the security and performance challenges associated with today’s messaging environments and shows you how to systematically anticipate and respond to them using Cisco’s IronPort Email Security Appliance (ESA). Going far beyond any IronPort user guide, leading Cisco expert Chris Porter shows you how to use IronPort to construct a robust, secure, high-performance email architecture that can resist future attacks.

 

Email Security with Cisco IronPortpresents specific, proven architecture recommendations for deploying IronPort ESAs in diverse environments to optimize reliability and automatically handle failure. The author offers specific recipes for solving a wide range of messaging security problems, and he demonstrates how to use both basic and advanced features-–including several hidden and undocumented commands.

 

The author addresses issues ranging from directory integration to performance monitoring and optimization, and he offers powerful insights into often-ignored email security issues, such as preventing “bounce blowback.” Throughout, he illustrates his solutions with detailed examples demonstrating how to control ESA configuration through each available interface.

Chris Porter,Technical Solutions Architect at Cisco, focuses on the technical aspects of Cisco IronPort customer engagements. He has more than 12 years of experience in applications, computing, and security in finance, government, Fortune® 1000, entertainment, and higher education markets.

 

·Understand how the Cisco IronPort ESA addresses the key challenges of email security

·Select the best network deployment model for your environment, and walk through successful installation and configuration

·Configure and optimize Cisco IronPort ESA’s powerful security, message, and content filtering

·Understand the email pipeline so you can take full advantage of it–and troubleshoot problems if they occur

·Efficiently control Cisco IronPort ESA through its Web User Interface (WUI) and command-line interface (CLI)

·Implement reporting, monitoring, logging, and file management

·Integrate Cisco IronPort ESA and your mail policies with LDAP directories such as Microsoft Active Directory

·Automate and simplify email security administration

·Deploy multiple Cisco IronPort ESAs and advanced network configurations

·Prepare for emerging shifts in enterprise email usage and new security challenges

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

 

Chris Porter was one of the first field systems engineers hired by IronPort Systems in 2003, around the time of the launch of the ESA C-series product. He has served as systems engineer, SE manager, and now technical solutions architect at Cisco, who acquired IronPort in June 2007.   Chris has been involved in planning, deploying, and configuring Email Security Appliances (ESA) at hundreds of organizations, with a chief role in both pre-sales engagements and post-sales support. His experience has made him a trusted voice in ESA product design decisions.   Chris holds a bachelor’s and master’s degree in Computer Science from Stevens Institute of Technology in Hoboken, NJ, and a CCNA certification. Chris is currently a technical solutions architect at Cisco, specializing in content security and the IronPort email and web-security products and services.  

    Introduction xxiii

Chapter 1 Introduction to Email Security 1

    Overview of Cisco IronPort Email Security Appliance (ESA) 1

        AsyncOS 3

        Security Management Appliances (SMA) 3

    History of AsyncOS Versions 4

        Software Features 5

    Email Security Landscape 6

        Email Spam 6

        Viruses and Malware 7

        Protecting Intellectual Property and Preventing Data Loss 8

        Other Email Security Threats 9

    Simple Mail Transfer Protocol (SMTP) 9

        SMTP Commands 14

        ESMTP Service Extensions 15

        SMTP Message Headers and Body 16

        Envelope Sender and Recipients 17

        Transmitting Binary Data 18

        MIME Types 20

        Character Sets 21

        Domain Name Service (DNS) and DNS MX Records in IPv4 and IPv6 22

        Message Transfer Agents (MTA) 23

        Abuse of SMTP 24

        Relaying Mail and Open Relays 24

        Bounces, Bounce Storms, and Misdirected Bounces 25

        Directory Harvest Attacks 26

    Summary 27

Chapter 2 ESA Product Basics 29

    Hardware Overview 29

        2U Enterprise Models 30

        1U Enterprise Models 31

        Selecting a Model 31

    Basic Setup via the WUI System Setup Wizard 31

        Connecting to the ESA for the First Time 31

        Running the System Setup Wizard 32

        Reconnecting to the WUI 38

        LDAP Wizard and Next Steps 39

        Examining the Basic Configuration 41

        Next Steps 41

        Setup Summary 42

    Networking Deployment Models 43

        Interfaces, Routing, and Virtual Gateways 43

        Single Versus Multinetwork Deployment 47

        Routing on Multinetwork Deployments 48

        DNS Concerns 49

        Firewall Rules 50

        Securing Network Interfaces 51

    Security Filtering Features 52

        SenderBase and Reputation Filters 53

        IronPort Anti-Spam 54

        Antivirus Features 55

    Summary 58

Chapter 3 ESA Email Pipeline 59

    ESA Pipeline 59

        Listeners 61

        Host Access Table (HAT) and Reputation Filters 63

        Rate Limiting with Mail Flow Policies 65

        DNS and Envelope Checks 67

        Sender Authentication 67

        Recipient Access Table and LDAP Accept 67

    Recipient and Sender Manipulation 70

        Default Domain, Domain Map, and Aliases 70

        Masquerading 71

    LDAP Operations 72

        LDAP Accept 72

        LDAP Routing and Masquerading 73

        Groups 73

    Work Queue and Filtering Engines 73

        Work Queue Overview 74

        Incoming and Outgoing Mail Policies 74

        Message Filters 75

        Anti-Spam Engine 75

        Antivirus Engines 76

        Content Filtering 77

        Virus Outbreak Filters 78

        DLP and Encryption 78

    Delivery of Messages 79

        Selecting the Delivery Interface (Virtual Gateways) 80

        Destination Controls 81

        Global Unsubscribe 81

        SMTP Routes 82

        Selecting Bounce Profiles 83

        Handling Delivery Errors with Bounce Profiles 84

        Final Disposition 85

    Summary 85

Chapter 4 ESA Web User Interface 87

    Overview 87

    Connecting to the WUI 87

    WUI Tour 88

        Monitor Menu 88

        Overview 89

        Incoming Mail 89

        Outgoing Destinations 90

        Outgoing Senders 90

        Delivery Status 90

        Internal Users 90

        DLP Incidents 91

        Content Filters 91

        Outbreak Filters 91

        Virus Types 92

        TLS Connections 92

        System Capacity 92

        System Status 92

        Scheduled Reports 93

        Archived Reports 93

        Quarantines 93

        Message Tracking 94

        Mail Policies Menu 94

        Incoming Mail Policies 95

        Incoming Content Filters 95

        Outgoing Mail Policies 96

        Outgoing Content Filters 96

        Host Access Table (HAT) Overview 96

        Mail Flow Policies 97

        Exception Table 97

        Recipient Access Table (RAT) 97

        Destination Controls 97

        Bounce Verification 98

        DLP Policy Manager 98

        Domain Profiles 99

        Signing Keys 99

        Text Resources 99

        Dictionaries 99

        Security Services Menu 100

        Anti-Spam 100

        Antivirus 101

        RSA Email DLP 101

        IronPort Email Encryption 101

        IronPort Image Analysis 101

        Outbreak Filters 102

        SenderBase 102

        Reporting 103

        Message Tracking 103

        External Spam Quarantine 103

        Service Updates 103

        Network Menu 104

        IP Interfaces 105

        Listeners 105

        SMTP Routes 105

        DNS 106

        Routing 106

        SMTP Call-Ahead 106

        Bounce Profiles 106

        SMTP Authentication 107

        Incoming Relays 107

        Certificates 107

        System Administration Menu 108

        Trace Tool 108

        Alerts 109

        LDAP 109

        Log Subscriptions 109

        Return Addresses 110

        Users 110

        User Roles 111

        Network Access 111

        Time Zone and Time Settings 111

        Configuration File 112

        Feature Keys and Feature Key Settings 112

        Shutdown/Suspend 112

        System Upgrade 113

        System Setup Wizard 113

        Next Steps 114

        Options Menu 114

        Active Sessions 115

        Change Password 115

        Log Out 115

        Help and Support Menu 115

        Online Help 116

        Support Portal 116

        New in This Release 116

        Open a Support Case 117

        Remote Access 117

        Packet Capture 118

    WUI with Centralized Management 118

        Selecting Cluster Mode 119

        Modify CM Options in the WUI 121

        Modifying Cluster Settings 121

    Other WUI Features 122

        Variable WUI Appearance 122

        Committing Changes 123

    Summary 123

Chapter 5 Command-Line Interface 125

    Overview of the ESA Command-Line Interface 125

    Using SSH or Telnet to Access the CLI 125

        PuTTY on Microsoft Windows 127

        Simple CLI Examples 129

    Getting Help 132

        Committing Configuration Changes 133

    Keeping the ESA CLI Secure 134

        SSH Options on the ESA 135

        Creating and Using SSH Keys for Authentication 136

        Login Banners 140

        Restricting Access to SSH 140

    ESA Setup Using the CLI 141

        Basics of Setup 142

        Next Setup Steps 142

    Commands in Depth 146

        Troubleshooting Example 146

        Status and Performance Commands 146

        Command Listing by Functional Area 156

        Mail Delivery Troubleshooting 156

        Network Troubleshooting 156

        Controlling Services 157

        Performance and Statistics 158

        Logging and Log Searches 159

        Queue Management and Viewing 160

        Configuration File Management 161

        AsyncOS Version Management 162

        Configuration Testing Commands 163

        Support Related Commands 163

        General Administration Commands 165

        Miscellaneous Commands 166

        Configuration Listing by Functional Area 167

        Network Setup 167

        Listeners 168

        Mail Routing and Delivery 175

        Policy and Filtering 176

        Managing Users and Alerts 177

        Configuring Global Engine and Services Options 177

        CLI-Only Tables 179

        Configuration for External Communication 179

        Miscellaneous 180

        Batch Commands 181

        Hidden/Undocumented Commands 183

    Summary 186

Chapter 6 Additional Management Services 187

    The Need for Additional Protocol Support 187

    Simple Network Management Protocol (SNMP) 188

        Enabling SNMP 188

        SNMP Security 189

        Enterprise MIBs 189

        Other MIBs 190

        Monitoring Recommendations 191

    Working with the ESA Filesystem 193

    ESA Logging 196

        ESA Subsystem Logs 196

        Administrative and Auditing Logs 197

        Email Activity Logs 198

        Debugging Logs 199

        Archive Logs 201

        Creating a Log Subscription 202

        Logging Recommendations 202

        Transferring Logs for Permanent Storage 203

        HTTP to the ESA 204

        FTP to the ESA 204

        FTP to a Remote Server 204

        SCP to a Remote Server 205

        Syslog Transfer 205

    Understanding IronPort Text Mail Logs 206

        Message Events 206

        Lifecycle of a Message in the Log 207

        Tracing Message History 209

        Parsing Message Events 211

        A Practical Example of Log Parsing 212

        Using Custom Log Entries 215

    Summary 217

Chapter 7 Directories and Policies 219

    Directory Integration 219

        The Need for Directory Integration 220

        Security Concerns 220

    Brief LDAP Overview 221

    LDAP Setup on ESA 223

        Advanced Profile Settings 225

        Basic Query Types 226

        Recipient Validation with LDAP 227

        Recipient Routing with LDAP 229

        Sender Masquerading 230

        Group Queries 231

        Authentication Queries 233

        AD Specifics 233

        Testing LDAP Queries 234

        Advanced LDAP Queries 234

        Troubleshooting LDAP 239

    Incoming and Outgoing Mail Policies 241

        Group-Based Policies 241

        Group Matches in Filters 241

    Other LDAP Techniques 242

        Using Group Queries for Routing 242

        Per-Recipient Routing with AD and Exchange 244

        Using Group Queries for Recipient and Sender Validation 244

    Summary 245

Chapter 8 Security Filtering 247

    Overview 247

    The Criminal Ecosystem 248

    Reputation Filters and SenderBase Reputation Scores 248

        Enabling Reputation Filters 249

        Reputation Scores 250

        Connection Actions 250

        HAT Policy Recommendations 250

    IronPort Anti-Spam (IPAS) 251

        Enabling IPAS 252

        IPAS Verdicts 253

        IPAS Actions 254

        Content Filters and IPAS 255

    Recommended Anti-Spam Settings 257

        Spam Thresholds 257

        Actions for the Bold 258

        Actions for the Middle-of-the-Road 258

        Actions for the Conservative 258

        Outgoing Anti-Spam Scanning 259

    Sophos and McAfee Antivirus (AV) 259

        Enabling AV 260

        AV Verdicts 262

        AV Actions 263

        AV Notifications 263

        Content Filters and AV 264

    IronPort Outbreak Filters (OF) 266

        Enabling OF 267

        OF Verdicts 267

        OF Actions 268

        Message Modification 269

        Content Filters and OF 270

    Recommended AV Settings 270

        Incoming AV Recommendations 271

        Outgoing AV Recommendations 272

    Using Content Filters for Security 273

        Attachment Conditions and Actions 273

        Filtering Bad Senders 276

        Filtering Subject or Body 277

    Summary 278

Chapter 9 Automating Tasks 279

    Administering ESA from Outside Servers 279

    CLI Automation Examples 280

        SSH Clients 281

        Expect 281

        Perl 283

        CLI Automation from Microsoft Windows Servers 285

    WUI Automation Examples 287

    Polling Data from the ESA 287

        Retrieving XML Data Pages 287

        Using XML Export for Monitoring 290

    Pushing Data to the ESA and Making Configuration Changes 292

        Changing Configuration Settings Using the CLI 293

        Committing Changes Using the CLI 295

        Changing Configuration Settings Using the WUI 296

        Committing Changes Using the WUI 298

    Retrieving Reporting Data from the WUI 298

        Data Export URLs 299

        Other Data Export Topics 302

        Example Script 305

    Summary 308

Chapter 10 Configuration Files 309

    ESA and the XML Configuration Format 309

    Configuration File Structure 310

    Importing and Exporting Configuration Files 313

        Exporting 314

        Importing 315

    Editing Configuration Files 316

        Duplicating a Configuration 317

        Partial Configuration Files 318

    Automating Configuration File Backup 320

    Configuration Backup via CLI 320

    Configuration Backup via WUI 321

    Configuration Files in Centralized Management Clusters 323

    Summary 325

Chapter 11 Message and Content Filters 327

    Filtering Email Messages with Custom Rules 327

        Message Filters Versus Content Filters 328

        Processing Order 331

        Enabling Filters 332

        Combinatorial Logic 332

        Scope of Message Filters 333

        Handling Multirecipient Messages 334

        Availability of Conditions and Actions 334

    Filter Conditions 334

        Conditions That Test Message Data 335

        Operating on Message Metadata 336

        Attachment Conditions 337

        System State Conditions 339

        Miscellaneous Filter Conditions 340

    Filter Actions 340

        Changing Message Data 340

        Altering Message Body 341

        Affecting Message Delivery 343

        Altering Message Processing 344

        Miscellaneous Filter Actions 344

    Action Variables 345

    Regular Expressions in Filters 347

    Dictionaries 350

    Notification Templates 351

    Smart Identifiers 352

        Using Smart Identifiers 353

        Smart Identifier Best Practices 354

    Content Filter and Mail Policy Interaction 354

    Filter Performance Considerations 359

        Improving Filter Performance 360

    Filter Recipes 362

        Dropping Messages 362

        Basic Message Attribute Filters 363

        Body and Attachment Scanning 364

        Complex Combinatorial Logic with Content Filters 366

        Routing Messages Using Filters 367

        Integration with External SMTP Systems 368

        Cul-de-Sac Architecture 369

        Inline Architecture 371

        Delivering to Multiple External Hosts 371

        Interacting with Security Filters 373

        Reinjection of Messages 375

    Summary 376

Chapter 12 Advanced Networking 377

    ESA with Multiple IP Interfaces 377

        Multihomed Deployments 378

        Virtual Gateways 380

        Adding New Interfaces and Groups 381

        Using Virtual Gateways for Email Delivery 382

        Virtual Gateways and Listeners 385

    Multiple Listeners 386

        Separating Incoming and Outgoing Mail 386

        Multiple Outgoing Mail Listeners 386

        Separate Public MX from Submission 387

    ESA and Virtual LANs 388

    Other Advanced Configurations 390

        Static Routing 390

        Transport Layer Security 392

        Using and Enforcing TLS When Delivering Email 393

        Using and Enforcing TLS When Receiving Email 396

        Certificate Validation 397

        Managing Certificates 398

        Adding Certificates to the ESA 399

        TLS Cipher and Security Options 402

        Split DNS 405

        Load Balancers and Direct Server Return (DSR) 408

    Summary 411

Chapter 13 Multiple Device Deployments 413

    General Deployment Guidelines 413

    Email Availability with Multiple ESAs 415

    Load-Balancing Strategies 415

        SMTP MX Records 415

        Domains Without MX Records 416

        Incoming and Outgoing Mail with MX Records 417

        Single Location with Equal MX Priorities 417

        Multiple Locations with Equal MX Priorities 417

        Unequal MX Priorities 418

        Disaster Recovery (DR) Sites 419

        Third-Party DR Services 419

        Limitations of MX Records 420

        Dedicated Load Balancers 422

        Load Balancers for Inbound Mail 422

        Load Balancers for Outgoing Mail 423

    Multitier Architectures 424

        Two-Tiered Architectures 425

        Three-Tiered Architectures 426

        Functional Grouping 427

        Large Message Handling 429

    Architectures with Mixed MTA Products 431

        Integration with External Systems 431

        External Email Encryption 432

        External Data Loss Prevention (DLP) Servers 433

        Email Archiving Servers 435

        Archiving Inline or Cul-de-Sac 435

        Archiving Through BCC 436

        Other Archiving Ideas 437

    Introducing, Replacing, or Upgrading ESA in Production 439

        Adding the First ESA to the Environment 439

        Replacing an ESA for Upgrade 440

    Management of Multiple Appliances 443

        Centralized Management Overview 443

        Creating a CM Cluster 444

        Joining an Existing CM Cluster 444

        Creating and Managing CM Groups 446

        Using CM in the WUI 450

        Using CM in the CLI 453

        Centralized Management Limitations and Recommendations 457

        Size of CM Clusters 457

        Configuration Files in Clusters 457

        Upgrading Clustered Machines 457

    Summary 459

Chapter 14 Recommended Configuration 461

    Best Practices 461

        Redundancy and Capacity 461

        Securing the Appliance 462

    Security Filtering 464

        HAT Policy Settings 464

        Whitelisting and Blacklisting 466

        Spam Quarantining 468

        Deciding to Quarantine or Not 468

        End-User Quarantine Access 469

        Administrative-Only Quarantine Access 469

        Automated Notifications 470

    Being a Good Sender 471

        Being Rate Limited 471

        Outbound Sending Practices 472

        Handling Bounces 473

        Variable Envelope Return Path 474

        DNS and Sender Authentication 475

        Dealing with Blacklisting 475

        Compromised Internal Sources 477

    Bounce Verification 479

    Recommendations for Specific Environments 482

        Small and Medium Organizations 483

        Large or Complex Organizations 483

        Service Providers 484

        Higher Education 485

        Email “Front End” to Complex Internal Organizations 486

    Summary 487

Chapter 15 Advanced Topics 489

    Recent Developments 489

    Authentication Standards 490

        Path-Authentication Standards: SPF and SIDF 491

        Determining the Identity of the Sender 493

        Deploying SPF 494

        SPF Challenges 495

        Using SPF and SIDF Verification on ESA 496

        Message Authentication: DKIM 498

        Enabling DKIM Signing on ESA 498

        The DKIM-Signature Header 499

        DKIM Selectors and DNS 499

        Other DKIM Signing Options 500

        DKIM Signing Performance 501

        DKIM Verification on ESA 501

        DKIM Challenges 502

        DKIM and SPF Recommendations 503

    Regulatory Compliance 504

        General Concepts 504

        Personally Identifiable Information (PII) 504

        Payment Card Data 505

        Personal Financial Information 505

        Mitigation 506

    Data Loss Prevention (DLP) 506

        Enabling Data Loss Prevention Policies 506

        Adding a DLP Policy 507

        Taking Action on Matching Messages 507

        Classifiers and Entities 509

        Custom Classifiers 509

        Customizing Policies 512

        Customizing Content Matching on Predefined Policies 512

        Customizing User and Attachment Rules 513

        Integration with Content Filters 514

    Summary 515

TOC, 3/23/2012, 9781587142925

 

Erscheint lt. Verlag 3.5.2012
Verlagsort Indianapolis
Sprache englisch
Maße 187 x 231 mm
Gewicht 934 g
Themenwelt Informatik Netzwerke Mail Server
Informatik Netzwerke Sicherheit / Firewall
ISBN-10 1-58714-292-9 / 1587142929
ISBN-13 978-1-58714-292-5 / 9781587142925
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
die Anleitung in Bildern : auch für Microsoft Outlook 365 geeignet

von Otmar Witzgall

Buch | Softcover (2023)
Vierfarben (Verlag)
16,90