RE: E-mail filtering recommendations needed. - SCO

This is a discussion on RE: E-mail filtering recommendations needed. - SCO ; This is not and SCO UNIX specific question but I am posting it to c.u.s.m to tap into the broad experience and acumen of the group's members. I have a client that has been subject to a security audit by ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: RE: E-mail filtering recommendations needed.

  1. RE: E-mail filtering recommendations needed.

    This is not and SCO UNIX specific question but I am posting it to c.u.s.m to
    tap into the broad experience and acumen of the group's members.

    I have a client that has been subject to a security audit by their
    major client account and I have to respond to several "action items."

    Specifically, the requirement is to prohibit the use of third party web-mail
    accounts (hotmail, gmail, etc..) as well as instant messaging.

    Current system configuration: A single SCO UNIX 5.0.7 Enterprise
    system hosting the main application and providing SAMBA file and
    print services to the Windows network. 25+ mixed Windows 98 and
    Windows XP systems running terminal emulation software for UNIX
    application access. Internet access is provided through a Cisco
    (Linksys) 8-port cable/DSL router: BEFSR81.

    E-mail for the client is provided by their Web site hosting company and
    users use Outlook or Outlook express to pop e-mail from the Web hosting
    company's server and send outgoing e-mail through the same server.

    1) Any recommendations on how to prevent IM and non company e-mail
    providers in this environment?

    2) Any recommendations on examining outgoing e-mail in this environment
    to prevent users from e-mailing sensitive company information including
    SS numbers and protected client information?

    3) Any recommendations for "network appliance" products to provide
    IP filtering to prevent access to "prohibited" web sites?
    --

    Steve Fabac
    S.M. Fabac & Associates
    816/765-1670

  2. Re: E-mail filtering recommendations needed.

    Steve M. Fabac, Jr. wrote:
    > Specifically, the requirement is to prohibit the use of third party web-mail
    > accounts (hotmail, gmail, etc..) as well as instant messaging.


    And you said in your mind... "are you nuts?", I hope. You can *discourage*
    web-mail, but you cannot "prohibit" it. Unless by prohibit they mean, "you'll
    try but if someone gets around it, you are not responsible for more than $1 in
    damages".

    InstantMessaging that uses known IP ports is blockable, but there are thousands
    of ways to chat that could work over any number of ports. And with AOL opening
    up the API, by next week they'll be a thousand more ways to use IM that didn't
    exist today.

    In the old day's they would hire a spy to watch someone's every moment. Sounds
    like you need "spy in a box". Perhaps you need someone with KGB or CIA
    experience to document the number of spys you need in order to spy on the spys.

    Make sure they add to the requirement list "detects camera phones taking
    pictures of screens", "erases memory of workers at the end of the day", "tracks
    and is able to reproduce movement of pens and pencils", as well as "Blocks
    blackberry devices within visual sight of monitor".

    How do you know that those XP and Win98 boxes have not been already compromised
    and are keylogging?

    If it's that important, why is this system even on the internet?

    This whole project looks like arranging deck chairs on the titanic. I guess as
    long as you get a really big tip, and a seat in a lifeboat it's okay.


  3. Re: E-mail filtering recommendations needed.

    In article <4431F0B4.1449652D@att.net>, Steve M. Fabac, Jr.
    wrote:

    >This is not and SCO UNIX specific question but I am posting it
    >to c.u.s.m to tap into the broad experience and acumen of the
    >group's members.


    >I have a client that has been subject to a security audit by their
    >major client account and I have to respond to several "action items."


    >Specifically, the requirement is to prohibit the use of third
    >party web-mail accounts (hotmail, gmail, etc..) as well as
    >instant messaging.


    >Current system configuration: A single SCO UNIX 5.0.7 Enterprise
    >system hosting the main application and providing SAMBA file and
    >print services to the Windows network. 25+ mixed Windows 98 and
    >Windows XP systems running terminal emulation software for UNIX
    >application access. Internet access is provided through a Cisco
    >(Linksys) 8-port cable/DSL router: BEFSR81.


    >E-mail for the client is provided by their Web site hosting company and
    >users use Outlook or Outlook express to pop e-mail from the Web hosting
    >company's server and send outgoing e-mail through the same server.


    You could put up a local mail server which will poll the ISPs
    server for local mails, and use the pop account to access that
    local mail. Then the user pop accounts would be removed from
    the ISP, or have a different set of passwords for the ISP accounts
    that would be used by the protocol you are using to fetch the users
    mail.

    This way it keeps the users local.

    To keep the users from using web-mail such as hotmail, gmail, etc.,
    you would set the machine to use a local DNS server which has
    a hosts file accessed first with bogus [eg non-routeable] addresses
    for those commercial accounts.

    [an aside - I do this to keep things from such places as
    Jouble-click.net from appearing by mapping those names to 127.0.0.1]

    >1) Any recommendations on how to prevent IM and non company e-mail
    >providers in this environment?


    On IM perhaps you could block the ports you use. The mail question
    I answered before.

    >2) Any recommendations on examining outgoing e-mail in this environment
    >to prevent users from e-mailing sensitive company information including
    >SS numbers and protected client information?


    That is going to require some extensive/complex filtering. And
    if someone want's to get by this for some reason it would be easy
    to work-around - such as spelling SSN's in text.

    Make sure that client sensitive information can't be captured
    locally to be sent out if possible.

    >3) Any recommendations for "network appliance" products to provide
    >IP filtering to prevent access to "prohibited" web sites?


    I have a client using SonicWall - but they don't use a fraction of
    it's capabilities, though what you want is available.

    A client of mine using SWs had a new HW firm that wanted to replace
    the Sonics with the VPN to another city - with Linksys - because
    they knew how to configure them.

    This client needed to be sure that the systems were up as much as
    possible. So they opted for the 24x7 support from Sonic.
    Their support - the few times it was needed - was excellent
    and in one instance when someone uplugged the far city for a few
    days when the office was move, the authorization codes went away.
    That's a security feature.

    Having a problem getting it up and running a call to Sonic actually
    wound up with the Sonic tech setting the machine up remotely.

    Contrast that with some of the stories I've heard about people
    trying to get support from Linksys - or other low-priced devices.

    I suspect other industrial strength products have similar support
    policies.

    Bill
    --
    Bill Vermillion - bv @ wjv . com

+ Reply to Thread