Best practices for implementing messaging security
- — 15 October, 2007 11:07
Most enterprises have some type of messaging security in the form of spam and virus filtering. When installing a new or replacement messaging-security system, key areas to pay attention to are performance, user experience, and management and operational costs. Performance is generally easy to manage. Aside from simply having enough hardware to do the job, there are three keys to keep performance up to par.
First, some sort of reputation-based filtering should occur early in the transaction, certainly before the entire e-mail has been accepted by the messaging-security gateway. This single step will block 50 percent to 75 percent of incoming messages in a typical enterprise, giving a dramatic reduction in total load. Proper use of good reputation-based filtering products has an almost vanishingly low false-positive rate -- far lower than the antispam engines themselves.
If reputation-based filtering is done properly, it also results in only detectable false positives, because the sender gets notification from his own mail gateway that the message was blocked. This allows for quick remediation and is preferable to a typical antispam/antivirus false positive, where the message goes into a black hole and is unlikely to be discovered. Antispam engines that can return their verdict before the message is fully accepted are even better, but for performance reasons this is not yet a common strategy.
A second performance optimization is to make sure the messaging-security gateway has access to the directory of legitimate e-mails, either through dynamic lookups or a regular transfer of directory information to the gateway. By accepting only e-mail for existing users, the system performance is again increased.
Establishing ties between your messaging-security measures and your e-mail directory also solves the problem of what to do with messages that have been wrongly addressed. If they're simply dropped, then legitimate correspondents won't know that their messages were never received.
But if they're placed into a queue to be returned, the load of attempting to bounce misaddressed and spam e-mail will quickly overload even the largest systems. Some enterprises have been reluctant to deploy directory information to the edge because of a misguided belief that this measure aids attackers in directory attacks. In fact, protecting against such attacks is easily done, and all enterprise-class products have had this feature for years.
The third key strategy for best performance is to make sure a high-availability configuration is in place from the start. Unlike other security appliances, such as firewalls built on fanless, diskless, custom-made platforms, messaging-security gateways are all Linux (or occasionally Windows) servers, with the attendant potential for hardware, disk subsystem and even operating system failure.
Some vendors have selected poorly engineered platforms to cut costs, which further reduces overall reliability. While a replacement is rarely more than a FedEx transaction away, being without spam protection for even 24 hours can cripple an e-mail system -- and being without e-mail for 24 hours can cripple a business. The solution to all of these vulnerabilities is to have redundant, load-sharing, hardware in place from the start so that a problem in one system does not take the entire gateway function offline.