The Messaging Firewall
A Policy towards Security
Electronic messaging has rapidly become essential to the effective operation of any modern organisation. In the rush to exploit the benefits of messaging technology it is easy to overlook the risks that accompany its use. It is therefore vital that such a business-critical application should fall within the scope of an organisation's overall security policy.
When formulating a security policy it is important to identify the particular threats that messaging represents and to understand the risks that these threats pose to your business. Having embraced electronic messaging, your organisation quickly becomes reliant on the correct and continued operation of that service. Where this service is also a pathway to the world outside your organisation, then abuse of this service can threaten many of your key business processes.
Only once the threats are identified, can you start to address how to counteract these and limit the resultant exposure to risk that they represent. In short, you need to put in place mechanisms to enforce your particular security policy. Such mechanisms will need to be effective without being so invasive and difficult to manage that they disrupt the very services you set out to protect.
What threats?
One way to look at messaging threats is to categorise them as either "people threats" or "system threats".
People threats arise from the actions of individuals, both inside and outside your organisation. Many of these threats will not arise from deliberate acts, but may be due to simple carelessness. Providing written procedures for your staff to follow is a valuable step, but can you trust your employees not to make a mistake?
Here are some very real concerns that illustrate people threats:
- Leakage of sensitive information
E-mail is an ideal conduit for the accidental or deliberate leakage of sensitive information. This is not an "eavesdropping" threat, so much as the potential for material being sent to unapproved recipients. - Virus infiltration
Macro viruses are on the increase and e-mail is set to become the primary transport for this type of virus infiltration. - Junk mail
Connection to the Internet has brought with it the curse of "junk" mail, absorbing messaging bandwidth and wasting the time of its recipients. - Legal liability
Organisations can be held legally accountable for what their employees say on their behalf, and it is easier to maintain a record of e-mail dialogues when compared to their verbal equivalent.
The Messaging Firewall
The NET-TEL approach to these diverse threats is to utilise a Messaging Firewall in order to enforce your security policy. The Messaging Firewall can be deployed to defend the boundaries of your chosen messaging environment, where this boundary may be between organisations, departments or workgroups.
The NET-TEL Messaging Firewall can operate as a stand-alone system, much like its network firewall counterpart. Alternatively, it can be added to a NET-TEL Route400 Message Server as an integral part of a messaging backbone solution.
The NET-TEL Messaging Firewall is designed to tackle real-world commercial security concerns. As such it achieves its objectives without the need to resort to heavyweight cryptographic solutions that are so burdensome in terms of management and infrastructure. The primary philosophy is to prevent damage that is accidental and to limit and track the possibility for deliberate attack.
The Messaging Firewall provides the following key mechanisms for security enforcement:
- Access Control
- Content Analysis
- Load Control
- Alarms
- Audit Trail
The rights of individual users to exchange e-mail is governed by the formation of Closed User Groups (CUGs). Such Groups provide an environment within which the members are free to exchange e-mail. Communication is not authorised unless both sender and recipient are part of the same Group.
Groups can be formed to reflect the working practices of an organisation. By this means users can be prevented from unauthorised disclosure of information. So, for example, the risk posed by a sender accidentally including an inappropriate carbon-copy recipient is eliminated.
In addition to controlling user actions, the NET-TEL Messaging Firewall can ensure that the originator of a message passed from an external service is consistent with the identity of that service. This technique of Route Authentication can prevent some common forms of "masquerade" attack.
Content Analysis
The most flexible weapon in the armoury of the NET-TEL Messaging Firewall is that of Content Analysis. This is an open-ended mechanism within which to create truly custom solutions. You can easily integrate your own chosen mechanisms to operate upon the individual components (or body parts) of a message.
Some examples of customer-defined mechanisms are:
- Lexical scanning - looking for messages containing key text phrases that might appear in, say, company sensitive material or indeed in junk mail
- Document blocking - preventing the passage of specific types of document. For example, to support a company policy whereby no spreadsheets may be sent out of the organisation.
- Private encryption - performing private encryption of specific types of material before it is passed externally.
NET-TEL offers a key Content Analysis mechanism in the form of the Route400 Virus Scanner. The Virus Scanner identifies virus-infected message attachments, raises alarms and can sanitise infected attachments.
Load Control
It would be intolerable for a rogue (or possibly hostile) external server to cause the loss or degradation of your messaging service. However, this situation can all too easily occur if an external server "floods" the communications capacity of your own servers.
The NET-TEL Messaging Firewall employs strict resource sharing in order to protect the capacity of your messaging service.
Alarms and Audit Trail
Support mechanisms are vital in order to provide visibility of policy enforcement and of any actual attack.
The Alarm system of the NET-TEL Messaging Firewall alerts system management to potential attack and can also provide vital early warning of rogue system activity. The alarm system is fully integrated with the Message Server and can be monitored by the same local or centralised tool-set.
A highly detailed audit trail of both system and user activity is provided by comprehensive accounting and archiving facilities. Using these facilities you can keep track, to any required level of detail, of who is using your system and for what purposes.
Protect and Survive
Opening a messaging environment up to external connection opens the door to a barrage of new threats. The security and integrity of your messaging environment is a paramount concern. Furthermore, your users must be protected both from themselves and from those who would exploit them.
NET-TEL's advanced products help you to defend your messaging environment. The Route400 Secure MTA Gateway transforms a Route400 Message Server into a Messaging Firewall. The Route400 Virus Scanner supplies an essential line of defence against the pervasive threat of virus infection.
