- ホーム
- > 洋書
- > 英文書
- > Internet / General
Full Description
Email Security with Cisco IronPort thoroughly illuminates the security and performance challenges associated with today's messaging environments and shows you how to systematically anticipate and respond to them using Cisco's IronPort Email Security Appliance (ESA). Going far beyond any IronPort user guide, leading Cisco expert Chris Porter shows you how to use IronPort to construct a robust, secure, high-performance email architecture that can resist future attacks.Email Security with Cisco IronPortpresents specific, proven architecture recommendations for deploying IronPort ESAs in diverse environments to optimize reliability and automatically handle failure. The author offers specific recipes for solving a wide range of messaging security problems, and he demonstrates how to use both basic and advanced features--including several hidden and undocumented commands.The author addresses issues ranging from directory integration to performance monitoring and optimization, and he offers powerful insights into often-ignored email security issues, such as preventing "bounce blowback." Throughout, he illustrates his solutions with detailed examples demonstrating how to control ESA configuration through each available interface.Chris Porter,Technical Solutions Architect at Cisco, focuses on the technical aspects of Cisco IronPort customer engagements. He has more than 12 years of experience in applications, computing, and security in finance, government, Fortune (R) 1000, entertainment, and higher education markets.*Understand how the Cisco IronPort ESA addresses the key challenges of email security*Select the best network deployment model for your environment, and walk through successful installation and configuration*Configure and optimize Cisco IronPort ESA's powerful security, message, and content filtering*Understand the email pipeline so you can take full advantage of it-and troubleshoot problems if they occur*Efficiently control Cisco IronPort ESA through its Web User Interface (WUI) and command-line interface (CLI)*Implement reporting, monitoring, logging, and file management*Integrate Cisco IronPort ESA and your mail policies with LDAP directories such as Microsoft Active Directory*Automate and simplify email security administration*Deploy multiple Cisco IronPort ESAs and advanced network configurations*Prepare for emerging shifts in enterprise email usage and new security challengesThis security book is part of the Cisco Press (R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Contents
Introduction xxiiiChapter 1 Introduction to Email Security 1Overview of Cisco IronPort Email Security Appliance (ESA) 1AsyncOS 3Security Management Appliances (SMA) 3History of AsyncOS Versions 4Software Features 5Email Security Landscape 6Email Spam 6Viruses and Malware 7Protecting Intellectual Property and Preventing Data Loss 8Other Email Security Threats 9Simple Mail Transfer Protocol (SMTP) 9SMTP Commands 14ESMTP Service Extensions 15SMTP Message Headers and Body 16Envelope Sender and Recipients 17Transmitting Binary Data 18MIME Types 20Character Sets 21Domain Name Service (DNS) and DNS MX Records in IPv4 and IPv6 22Message Transfer Agents (MTA) 23Abuse of SMTP 24Relaying Mail and Open Relays 24Bounces, Bounce Storms, and Misdirected Bounces 25Directory Harvest Attacks 26Summary 27Chapter 2 ESA Product Basics 29Hardware Overview 292U Enterprise Models 301U Enterprise Models 31Selecting a Model 31Basic Setup via the WUI System Setup Wizard 31Connecting to the ESA for the First Time 31Running the System Setup Wizard 32Reconnecting to the WUI 38LDAP Wizard and Next Steps 39Examining the Basic Configuration 41Next Steps 41Setup Summary 42Networking Deployment Models 43Interfaces, Routing, and Virtual Gateways 43Single Versus Multinetwork Deployment 47Routing on Multinetwork Deployments 48DNS Concerns 49Firewall Rules 50Securing Network Interfaces 51Security Filtering Features 52SenderBase and Reputation Filters 53IronPort Anti-Spam 54Antivirus Features 55Summary 58Chapter 3 ESA Email Pipeline 59ESA Pipeline 59Listeners 61Host Access Table (HAT) and Reputation Filters 63Rate Limiting with Mail Flow Policies 65DNS and Envelope Checks 67Sender Authentication 67Recipient Access Table and LDAP Accept 67Recipient and Sender Manipulation 70Default Domain, Domain Map, and Aliases 70Masquerading 71LDAP Operations 72LDAP Accept 72LDAP Routing and Masquerading 73Groups 73Work Queue and Filtering Engines 73Work Queue Overview 74Incoming and Outgoing Mail Policies 74Message Filters 75Anti-Spam Engine 75Antivirus Engines 76Content Filtering 77Virus Outbreak Filters 78DLP and Encryption 78Delivery of Messages 79Selecting the Delivery Interface (Virtual Gateways) 80Destination Controls 81Global Unsubscribe 81SMTP Routes 82Selecting Bounce Profiles 83Handling Delivery Errors with Bounce Profiles 84Final Disposition 85Summary 85Chapter 4 ESA Web User Interface 87Overview 87Connecting to the WUI 87WUI Tour 88Monitor Menu 88Overview 89Incoming Mail 89Outgoing Destinations 90Outgoing Senders 90Delivery Status 90Internal Users 90DLP Incidents 91Content Filters 91Outbreak Filters 91Virus Types 92TLS Connections 92System Capacity 92System Status 92Scheduled Reports 93Archived Reports 93Quarantines 93Message Tracking 94Mail Policies Menu 94Incoming Mail Policies 95Incoming Content Filters 95Outgoing Mail Policies 96Outgoing Content Filters 96Host Access Table (HAT) Overview 96Mail Flow Policies 97Exception Table 97Recipient Access Table (RAT) 97Destination Controls 97Bounce Verification 98DLP Policy Manager 98Domain Profiles 99Signing Keys 99Text Resources 99Dictionaries 99Security Services Menu 100Anti-Spam 100Antivirus 101RSA Email DLP 101IronPort Email Encryption 101IronPort Image Analysis 101Outbreak Filters 102SenderBase 102Reporting 103Message Tracking 103External Spam Quarantine 103Service Updates 103Network Menu 104IP Interfaces 105Listeners 105SMTP Routes 105DNS 106Routing 106SMTP Call-Ahead 106Bounce Profiles 106SMTP Authentication 107Incoming Relays 107Certificates 107System Administration Menu 108Trace Tool 108Alerts 109LDAP 109Log Subscriptions 109Return Addresses 110Users 110User Roles 111Network Access 111Time Zone and Time Settings 111Configuration File 112Feature Keys and Feature Key Settings 112Shutdown/Suspend 112System Upgrade 113System Setup Wizard 113Next Steps 114Options Menu 114Active Sessions 115Change Password 115Log Out 115Help and Support Menu 115Online Help 116Support Portal 116New in This Release 116Open a Support Case 117Remote Access 117Packet Capture 118WUI with Centralized Management 118Selecting Cluster Mode 119Modify CM Options in the WUI 121Modifying Cluster Settings 121Other WUI Features 122Variable WUI Appearance 122Committing Changes 123Summary 123Chapter 5 Command-Line Interface 125Overview of the ESA Command-Line Interface 125Using SSH or Telnet to Access the CLI 125PuTTY on Microsoft Windows 127Simple CLI Examples 129Getting Help 132Committing Configuration Changes 133Keeping the ESA CLI Secure 134SSH Options on the ESA 135Creating and Using SSH Keys for Authentication 136Login Banners 140Restricting Access to SSH 140ESA Setup Using the CLI 141Basics of Setup 142Next Setup Steps 142Commands in Depth 146Troubleshooting Example 146Status and Performance Commands 146Command Listing by Functional Area 156Mail Delivery Troubleshooting 156Network Troubleshooting 156Controlling Services 157Performance and Statistics 158Logging and Log Searches 159Queue Management and Viewing 160Configuration File Management 161AsyncOS Version Management 162Configuration Testing Commands 163Support Related Commands 163General Administration Commands 165Miscellaneous Commands 166Configuration Listing by Functional Area 167Network Setup 167Listeners 168Mail Routing and Delivery 175Policy and Filtering 176Managing Users and Alerts 177Configuring Global Engine and Services Options 177CLI-Only Tables 179Configuration for External Communication 179Miscellaneous 180Batch Commands 181Hidden/Undocumented Commands 183Summary 186Chapter 6 Additional Management Services 187The Need for Additional Protocol Support 187Simple Network Management Protocol (SNMP) 188Enabling SNMP 188SNMP Security 189Enterprise MIBs 189Other MIBs 190Monitoring Recommendations 191Working with the ESA Filesystem 193ESA Logging 196ESA Subsystem Logs 196Administrative and Auditing Logs 197Email Activity Logs 198Debugging Logs 199Archive Logs 201Creating a Log Subscription 202Logging Recommendations 202Transferring Logs for Permanent Storage 203HTTP to the ESA 204FTP to the ESA 204FTP to a Remote Server 204SCP to a Remote Server 205Syslog Transfer 205Understanding IronPort Text Mail Logs 206Message Events 206Lifecycle of a Message in the Log 207Tracing Message History 209Parsing Message Events 211A Practical Example of Log Parsing 212Using Custom Log Entries 215Summary 217Chapter 7 Directories and Policies 219Directory Integration 219The Need for Directory Integration 220Security Concerns 220Brief LDAP Overview 221LDAP Setup on ESA 223Advanced Profile Settings 225Basic Query Types 226Recipient Validation with LDAP 227Recipient Routing with LDAP 229Sender Masquerading 230Group Queries 231Authentication Queries 233AD Specifics 233Testing LDAP Queries 234Advanced LDAP Queries 234Troubleshooting LDAP 239Incoming and Outgoing Mail Policies 241Group-Based Policies 241Group Matches in Filters 241Other LDAP Techniques 242Using Group Queries for Routing 242Per-Recipient Routing with AD and Exchange 244Using Group Queries for Recipient and Sender Validation 244Summary 245Chapter 8 Security Filtering 247Overview 247The Criminal Ecosystem 248Reputation Filters and SenderBase Reputation Scores 248Enabling Reputation Filters 249Reputation Scores 250Connection Actions 250HAT Policy Recommendations 250IronPort Anti-Spam (IPAS) 251Enabling IPAS 252IPAS Verdicts 253IPAS Actions 254Content Filters and IPAS 255Recommended Anti-Spam Settings 257Spam Thresholds 257Actions for the Bold 258Actions for the Middle-of-the-Road 258Actions for the Conservative 258Outgoing Anti-Spam Scanning 259Sophos and McAfee Antivirus (AV) 259Enabling AV 260AV Verdicts 262AV Actions 263AV Notifications 263Content Filters and AV 264IronPort Outbreak Filters (OF) 266Enabling OF 267OF Verdicts 267OF Actions 268Message Modification 269Content Filters and OF 270Recommended AV Settings 270Incoming AV Recommendations 271Outgoing AV Recommendations 272Using Content Filters for Security 273Attachment Conditions and Actions 273Filtering Bad Senders 276Filtering Subject or Body 277Summary 278Chapter 9 Automating Tasks 279Administering ESA from Outside Servers 279CLI Automation Examples 280SSH Clients 281Expect 281Perl 283CLI Automation from Microsoft Windows Servers 285WUI Automation Examples 287Polling Data from the ESA 287Retrieving XML Data Pages 287Using XML Export for Monitoring 290Pushing Data to the ESA and Making Configuration Changes 292Changing Configuration Settings Using the CLI 293Committing Changes Using the CLI 295Changing Configuration Settings Using the WUI 296Committing Changes Using the WUI 298Retrieving Reporting Data from the WUI 298Data Export URLs 299Other Data Export Topics 302Example Script 305Summary 308Chapter 10 Configuration Files 309ESA and the XML Configuration Format 309Configuration File Structure 310Importing and Exporting Configuration Files 313Exporting 314Importing 315Editing Configuration Files 316Duplicating a Configuration 317Partial Configuration Files 318Automating Configuration File Backup 320Configuration Backup via CLI 320Configuration Backup via WUI 321Configuration Files in Centralized Management Clusters 323Summary 325Chapter 11 Message and Content Filters 327Filtering Email Messages with Custom Rules 327Message Filters Versus Content Filters 328Processing Order 331Enabling Filters 332Combinatorial Logic 332Scope of Message Filters 333Handling Multirecipient Messages 334Availability of Conditions and Actions 334Filter Conditions 334Conditions That Test Message Data 335Operating on Message Metadata 336Attachment Conditions 337System State Conditions 339Miscellaneous Filter Conditions 340Filter Actions 340Changing Message Data 340Altering Message Body 341Affecting Message Delivery 343Altering Message Processing 344Miscellaneous Filter Actions 344Action Variables 345Regular Expressions in Filters 347Dictionaries 350Notification Templates 351Smart Identifiers 352Using Smart Identifiers 353Smart Identifier Best Practices 354Content Filter and Mail Policy Interaction 354Filter Performance Considerations 359Improving Filter Performance 360Filter Recipes 362Dropping Messages 362Basic Message Attribute Filters 363Body and Attachment Scanning 364Complex Combinatorial Logic with Content Filters 366Routing Messages Using Filters 367Integration with External SMTP Systems 368Cul-de-Sac Architecture 369Inline Architecture 371Delivering to Multiple External Hosts 371Interacting with Security Filters 373Reinjection of Messages 375Summary 376Chapter 12 Advanced Networking 377ESA with Multiple IP Interfaces 377Multihomed Deployments 378Virtual Gateways 380Adding New Interfaces and Groups 381Using Virtual Gateways for Email Delivery 382Virtual Gateways and Listeners 385Multiple Listeners 386Separating Incoming and Outgoing Mail 386Multiple Outgoing Mail Listeners 386Separate Public MX from Submission 387ESA and Virtual LANs 388Other Advanced Configurations 390Static Routing 390Transport Layer Security 392Using and Enforcing TLS When Delivering Email 393Using and Enforcing TLS When Receiving Email 396Certificate Validation 397Managing Certificates 398Adding Certificates to the ESA 399TLS Cipher and Security Options 402Split DNS 405Load Balancers and Direct Server Return (DSR) 408Summary 411Chapter 13 Multiple Device Deployments 413General Deployment Guidelines 413Email Availability with Multiple ESAs 415Load-Balancing Strategies 415SMTP MX Records 415Domains Without MX Records 416Incoming and Outgoing Mail with MX Records 417Single Location with Equal MX Priorities 417Multiple Locations with Equal MX Priorities 417Unequal MX Priorities 418Disaster Recovery (DR) Sites 419Third-Party DR Services 419Limitations of MX Records 420Dedicated Load Balancers 422Load Balancers for Inbound Mail 422Load Balancers for Outgoing Mail 423Multitier Architectures 424Two-Tiered Architectures 425Three-Tiered Architectures 426Functional Grouping 427Large Message Handling 429Architectures with Mixed MTA Products 431Integration with External Systems 431External Email Encryption 432External Data Loss Prevention (DLP) Servers 433Email Archiving Servers 435Archiving Inline or Cul-de-Sac 435Archiving Through BCC 436Other Archiving Ideas 437Introducing, Replacing, or Upgrading ESA in Production 439Adding the First ESA to the Environment 439Replacing an ESA for Upgrade 440Management of Multiple Appliances 443Centralized Management Overview 443Creating a CM Cluster 444Joining an Existing CM Cluster 444Creating and Managing CM Groups 446Using CM in the WUI 450Using CM in the CLI 453Centralized Management Limitations and Recommendations 457Size of CM Clusters 457Configuration Files in Clusters 457Upgrading Clustered Machines 457Summary 459Chapter 14 Recommended Configuration 461Best Practices 461Redundancy and Capacity 461Securing the Appliance 462Security Filtering 464HAT Policy Settings 464Whitelisting and Blacklisting 466Spam Quarantining 468Deciding to Quarantine or Not 468End-User Quarantine Access 469Administrative-Only Quarantine Access 469Automated Notifications 470Being a Good Sender 471Being Rate Limited 471Outbound Sending Practices 472Handling Bounces 473Variable Envelope Return Path 474DNS and Sender Authentication 475Dealing with Blacklisting 475Compromised Internal Sources 477Bounce Verification 479Recommendations for Specific Environments 482Small and Medium Organizations 483Large or Complex Organizations 483Service Providers 484Higher Education 485Email "Front End" to Complex Internal Organizations 486Summary 487Chapter 15 Advanced Topics 489Recent Developments 489Authentication Standards 490Path-Authentication Standards: SPF and SIDF 491Determining the Identity of the Sender 493Deploying SPF 494SPF Challenges 495Using SPF and SIDF Verification on ESA 496Message Authentication: DKIM 498Enabling DKIM Signing on ESA 498The DKIM-Signature Header 499DKIM Selectors and DNS 499Other DKIM Signing Options 500DKIM Signing Performance 501DKIM Verification on ESA 501DKIM Challenges 502DKIM and SPF Recommendations 503Regulatory Compliance 504General Concepts 504Personally Identifiable Information (PII) 504Payment Card Data 505Personal Financial Information 505Mitigation 506Data Loss Prevention (DLP) 506Enabling Data Loss Prevention Policies 506Adding a DLP Policy 507Taking Action on Matching Messages 507Classifiers and Entities 509Custom Classifiers 509Customizing Policies 512Customizing Content Matching on Predefined Policies 512Customizing User and Attachment Rules 513Integration with Content Filters 514Summary 515TOC, 3/23/2012, 9781587142925
