Email Security with Cisco Ironport
11%
off

Email Security with Cisco Ironport

3.8 (5 ratings by Goodreads)
By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 10 business days
When will my order arrive?

Description

Email Security with Cisco IronPort thoroughly illuminates the security and performance challenges associated with today's messaging environments and shows you how to systematically anticipate and respond to them using Cisco's IronPort Email Security Appliance (ESA). Going far beyond any IronPort user guide, leading Cisco expert Chris Porter shows you how to use IronPort to construct a robust, secure, high-performance email architecture that can resist future attacks. Email Security with Cisco IronPortpresents specific, proven architecture recommendations for deploying IronPort ESAs in diverse environments to optimize reliability and automatically handle failure. The author offers specific recipes for solving a wide range of messaging security problems, and he demonstrates how to use both basic and advanced features--including several hidden and undocumented commands. The author addresses issues ranging from directory integration to performance monitoring and optimization, and he offers powerful insights into often-ignored email security issues, such as preventing "bounce blowback." Throughout, he illustrates his solutions with detailed examples demonstrating how to control ESA configuration through each available interface. Chris Porter,Technical Solutions Architect at Cisco, focuses on the technical aspects of Cisco IronPort customer engagements. He has more than 12 years of experience in applications, computing, and security in finance, government, Fortune(R) 1000, entertainment, and higher education markets. *Understand how the Cisco IronPort ESA addresses the key challenges of email security *Select the best network deployment model for your environment, and walk through successful installation and configuration *Configure and optimize Cisco IronPort ESA's powerful security, message, and content filtering *Understand the email pipeline so you can take full advantage of it-and troubleshoot problems if they occur *Efficiently control Cisco IronPort ESA through its Web User Interface (WUI) and command-line interface (CLI) *Implement reporting, monitoring, logging, and file management *Integrate Cisco IronPort ESA and your mail policies with LDAP directories such as Microsoft Active Directory *Automate and simplify email security administration *Deploy multiple Cisco IronPort ESAs and advanced network configurations *Prepare for emerging shifts in enterprise email usage and new security challenges This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.show more

Product details

  • Paperback | 576 pages
  • 187.96 x 228.6 x 33.02mm | 938.93g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587142929
  • 9781587142925
  • 2,388,677

About Chris Porter

Chris Porter was one of the first field systems engineers hired by IronPort Systems in 2003, around the time of the launch of the ESA C-series product. He has served as systems engineer, SE manager, and now technical solutions architect at Cisco, who acquired IronPort in June 2007. Chris has been involved in planning, deploying, and configuring Email Security Appliances (ESA) at hundreds of organizations, with a chief role in both pre-sales engagements and post-sales support. His experience has made him a trusted voice in ESA product design decisions. Chris holds a bachelor's and master's degree in Computer Science from Stevens Institute of Technology in Hoboken, NJ, and a CCNA certification. Chris is currently a technical solutions architect at Cisco, specializing in content security and the IronPort email and web-security products and services.show more

Table of contents

Introduction xxiii Chapter 1 Introduction to Email Security 1 Overview of Cisco IronPort Email Security Appliance (ESA) 1 AsyncOS 3 Security Management Appliances (SMA) 3 History of AsyncOS Versions 4 Software Features 5 Email Security Landscape 6 Email Spam 6 Viruses and Malware 7 Protecting Intellectual Property and Preventing Data Loss 8 Other Email Security Threats 9 Simple Mail Transfer Protocol (SMTP) 9 SMTP Commands 14 ESMTP Service Extensions 15 SMTP Message Headers and Body 16 Envelope Sender and Recipients 17 Transmitting Binary Data 18 MIME Types 20 Character Sets 21 Domain Name Service (DNS) and DNS MX Records in IPv4 and IPv6 22 Message Transfer Agents (MTA) 23 Abuse of SMTP 24 Relaying Mail and Open Relays 24 Bounces, Bounce Storms, and Misdirected Bounces 25 Directory Harvest Attacks 26 Summary 27 Chapter 2 ESA Product Basics 29 Hardware Overview 29 2U Enterprise Models 30 1U Enterprise Models 31 Selecting a Model 31 Basic Setup via the WUI System Setup Wizard 31 Connecting to the ESA for the First Time 31 Running the System Setup Wizard 32 Reconnecting to the WUI 38 LDAP Wizard and Next Steps 39 Examining the Basic Configuration 41 Next Steps 41 Setup Summary 42 Networking Deployment Models 43 Interfaces, Routing, and Virtual Gateways 43 Single Versus Multinetwork Deployment 47 Routing on Multinetwork Deployments 48 DNS Concerns 49 Firewall Rules 50 Securing Network Interfaces 51 Security Filtering Features 52 SenderBase and Reputation Filters 53 IronPort Anti-Spam 54 Antivirus Features 55 Summary 58 Chapter 3 ESA Email Pipeline 59 ESA Pipeline 59 Listeners 61 Host Access Table (HAT) and Reputation Filters 63 Rate Limiting with Mail Flow Policies 65 DNS and Envelope Checks 67 Sender Authentication 67 Recipient Access Table and LDAP Accept 67 Recipient and Sender Manipulation 70 Default Domain, Domain Map, and Aliases 70 Masquerading 71 LDAP Operations 72 LDAP Accept 72 LDAP Routing and Masquerading 73 Groups 73 Work Queue and Filtering Engines 73 Work Queue Overview 74 Incoming and Outgoing Mail Policies 74 Message Filters 75 Anti-Spam Engine 75 Antivirus Engines 76 Content Filtering 77 Virus Outbreak Filters 78 DLP and Encryption 78 Delivery of Messages 79 Selecting the Delivery Interface (Virtual Gateways) 80 Destination Controls 81 Global Unsubscribe 81 SMTP Routes 82 Selecting Bounce Profiles 83 Handling Delivery Errors with Bounce Profiles 84 Final Disposition 85 Summary 85 Chapter 4 ESA Web User Interface 87 Overview 87 Connecting to the WUI 87 WUI Tour 88 Monitor Menu 88 Overview 89 Incoming Mail 89 Outgoing Destinations 90 Outgoing Senders 90 Delivery Status 90 Internal Users 90 DLP Incidents 91 Content Filters 91 Outbreak Filters 91 Virus Types 92 TLS Connections 92 System Capacity 92 System Status 92 Scheduled Reports 93 Archived Reports 93 Quarantines 93 Message Tracking 94 Mail Policies Menu 94 Incoming Mail Policies 95 Incoming Content Filters 95 Outgoing Mail Policies 96 Outgoing Content Filters 96 Host Access Table (HAT) Overview 96 Mail Flow Policies 97 Exception Table 97 Recipient Access Table (RAT) 97 Destination Controls 97 Bounce Verification 98 DLP Policy Manager 98 Domain Profiles 99 Signing Keys 99 Text Resources 99 Dictionaries 99 Security Services Menu 100 Anti-Spam 100 Antivirus 101 RSA Email DLP 101 IronPort Email Encryption 101 IronPort Image Analysis 101 Outbreak Filters 102 SenderBase 102 Reporting 103 Message Tracking 103 External Spam Quarantine 103 Service Updates 103 Network Menu 104 IP Interfaces 105 Listeners 105 SMTP Routes 105 DNS 106 Routing 106 SMTP Call-Ahead 106 Bounce Profiles 106 SMTP Authentication 107 Incoming Relays 107 Certificates 107 System Administration Menu 108 Trace Tool 108 Alerts 109 LDAP 109 Log Subscriptions 109 Return Addresses 110 Users 110 User Roles 111 Network Access 111 Time Zone and Time Settings 111 Configuration File 112 Feature Keys and Feature Key Settings 112 Shutdown/Suspend 112 System Upgrade 113 System Setup Wizard 113 Next Steps 114 Options Menu 114 Active Sessions 115 Change Password 115 Log Out 115 Help and Support Menu 115 Online Help 116 Support Portal 116 New in This Release 116 Open a Support Case 117 Remote Access 117 Packet Capture 118 WUI with Centralized Management 118 Selecting Cluster Mode 119 Modify CM Options in the WUI 121 Modifying Cluster Settings 121 Other WUI Features 122 Variable WUI Appearance 122 Committing Changes 123 Summary 123 Chapter 5 Command-Line Interface 125 Overview of the ESA Command-Line Interface 125 Using SSH or Telnet to Access the CLI 125 PuTTY on Microsoft Windows 127 Simple CLI Examples 129 Getting Help 132 Committing Configuration Changes 133 Keeping the ESA CLI Secure 134 SSH Options on the ESA 135 Creating and Using SSH Keys for Authentication 136 Login Banners 140 Restricting Access to SSH 140 ESA Setup Using the CLI 141 Basics of Setup 142 Next Setup Steps 142 Commands in Depth 146 Troubleshooting Example 146 Status and Performance Commands 146 Command Listing by Functional Area 156 Mail Delivery Troubleshooting 156 Network Troubleshooting 156 Controlling Services 157 Performance and Statistics 158 Logging and Log Searches 159 Queue Management and Viewing 160 Configuration File Management 161 AsyncOS Version Management 162 Configuration Testing Commands 163 Support Related Commands 163 General Administration Commands 165 Miscellaneous Commands 166 Configuration Listing by Functional Area 167 Network Setup 167 Listeners 168 Mail Routing and Delivery 175 Policy and Filtering 176 Managing Users and Alerts 177 Configuring Global Engine and Services Options 177 CLI-Only Tables 179 Configuration for External Communication 179 Miscellaneous 180 Batch Commands 181 Hidden/Undocumented Commands 183 Summary 186 Chapter 6 Additional Management Services 187 The Need for Additional Protocol Support 187 Simple Network Management Protocol (SNMP) 188 Enabling SNMP 188 SNMP Security 189 Enterprise MIBs 189 Other MIBs 190 Monitoring Recommendations 191 Working with the ESA Filesystem 193 ESA Logging 196 ESA Subsystem Logs 196 Administrative and Auditing Logs 197 Email Activity Logs 198 Debugging Logs 199 Archive Logs 201 Creating a Log Subscription 202 Logging Recommendations 202 Transferring Logs for Permanent Storage 203 HTTP to the ESA 204 FTP to the ESA 204 FTP to a Remote Server 204 SCP to a Remote Server 205 Syslog Transfer 205 Understanding IronPort Text Mail Logs 206 Message Events 206 Lifecycle of a Message in the Log 207 Tracing Message History 209 Parsing Message Events 211 A Practical Example of Log Parsing 212 Using Custom Log Entries 215 Summary 217 Chapter 7 Directories and Policies 219 Directory Integration 219 The Need for Directory Integration 220 Security Concerns 220 Brief LDAP Overview 221 LDAP Setup on ESA 223 Advanced Profile Settings 225 Basic Query Types 226 Recipient Validation with LDAP 227 Recipient Routing with LDAP 229 Sender Masquerading 230 Group Queries 231 Authentication Queries 233 AD Specifics 233 Testing LDAP Queries 234 Advanced LDAP Queries 234 Troubleshooting LDAP 239 Incoming and Outgoing Mail Policies 241 Group-Based Policies 241 Group Matches in Filters 241 Other LDAP Techniques 242 Using Group Queries for Routing 242 Per-Recipient Routing with AD and Exchange 244 Using Group Queries for Recipient and Sender Validation 244 Summary 245 Chapter 8 Security Filtering 247 Overview 247 The Criminal Ecosystem 248 Reputation Filters and SenderBase Reputation Scores 248 Enabling Reputation Filters 249 Reputation Scores 250 Connection Actions 250 HAT Policy Recommendations 250 IronPort Anti-Spam (IPAS) 251 Enabling IPAS 252 IPAS Verdicts 253 IPAS Actions 254 Content Filters and IPAS 255 Recommended Anti-Spam Settings 257 Spam Thresholds 257 Actions for the Bold 258 Actions for the Middle-of-the-Road 258 Actions for the Conservative 258 Outgoing Anti-Spam Scanning 259 Sophos and McAfee Antivirus (AV) 259 Enabling AV 260 AV Verdicts 262 AV Actions 263 AV Notifications 263 Content Filters and AV 264 IronPort Outbreak Filters (OF) 266 Enabling OF 267 OF Verdicts 267 OF Actions 268 Message Modification 269 Content Filters and OF 270 Recommended AV Settings 270 Incoming AV Recommendations 271 Outgoing AV Recommendations 272 Using Content Filters for Security 273 Attachment Conditions and Actions 273 Filtering Bad Senders 276 Filtering Subject or Body 277 Summary 278 Chapter 9 Automating Tasks 279 Administering ESA from Outside Servers 279 CLI Automation Examples 280 SSH Clients 281 Expect 281 Perl 283 CLI Automation from Microsoft Windows Servers 285 WUI Automation Examples 287 Polling Data from the ESA 287 Retrieving XML Data Pages 287 Using XML Export for Monitoring 290 Pushing Data to the ESA and Making Configuration Changes 292 Changing Configuration Settings Using the CLI 293 Committing Changes Using the CLI 295 Changing Configuration Settings Using the WUI 296 Committing Changes Using the WUI 298 Retrieving Reporting Data from the WUI 298 Data Export URLs 299 Other Data Export Topics 302 Example Script 305 Summary 308 Chapter 10 Configuration Files 309 ESA and the XML Configuration Format 309 Configuration File Structure 310 Importing and Exporting Configuration Files 313 Exporting 314 Importing 315 Editing Configuration Files 316 Duplicating a Configuration 317 Partial Configuration Files 318 Automating Configuration File Backup 320 Configuration Backup via CLI 320 Configuration Backup via WUI 321 Configuration Files in Centralized Management Clusters 323 Summary 325 Chapter 11 Message and Content Filters 327 Filtering Email Messages with Custom Rules 327 Message Filters Versus Content Filters 328 Processing Order 331 Enabling Filters 332 Combinatorial Logic 332 Scope of Message Filters 333 Handling Multirecipient Messages 334 Availability of Conditions and Actions 334 Filter Conditions 334 Conditions That Test Message Data 335 Operating on Message Metadata 336 Attachment Conditions 337 System State Conditions 339 Miscellaneous Filter Conditions 340 Filter Actions 340 Changing Message Data 340 Altering Message Body 341 Affecting Message Delivery 343 Altering Message Processing 344 Miscellaneous Filter Actions 344 Action Variables 345 Regular Expressions in Filters 347 Dictionaries 350 Notification Templates 351 Smart Identifiers 352 Using Smart Identifiers 353 Smart Identifier Best Practices 354 Content Filter and Mail Policy Interaction 354 Filter Performance Considerations 359 Improving Filter Performance 360 Filter Recipes 362 Dropping Messages 362 Basic Message Attribute Filters 363 Body and Attachment Scanning 364 Complex Combinatorial Logic with Content Filters 366 Routing Messages Using Filters 367 Integration with External SMTP Systems 368 Cul-de-Sac Architecture 369 Inline Architecture 371 Delivering to Multiple External Hosts 371 Interacting with Security Filters 373 Reinjection of Messages 375 Summary 376 Chapter 12 Advanced Networking 377 ESA with Multiple IP Interfaces 377 Multihomed Deployments 378 Virtual Gateways 380 Adding New Interfaces and Groups 381 Using Virtual Gateways for Email Delivery 382 Virtual Gateways and Listeners 385 Multiple Listeners 386 Separating Incoming and Outgoing Mail 386 Multiple Outgoing Mail Listeners 386 Separate Public MX from Submission 387 ESA and Virtual LANs 388 Other Advanced Configurations 390 Static Routing 390 Transport Layer Security 392 Using and Enforcing TLS When Delivering Email 393 Using and Enforcing TLS When Receiving Email 396 Certificate Validation 397 Managing Certificates 398 Adding Certificates to the ESA 399 TLS Cipher and Security Options 402 Split DNS 405 Load Balancers and Direct Server Return (DSR) 408 Summary 411 Chapter 13 Multiple Device Deployments 413 General Deployment Guidelines 413 Email Availability with Multiple ESAs 415 Load-Balancing Strategies 415 SMTP MX Records 415 Domains Without MX Records 416 Incoming and Outgoing Mail with MX Records 417 Single Location with Equal MX Priorities 417 Multiple Locations with Equal MX Priorities 417 Unequal MX Priorities 418 Disaster Recovery (DR) Sites 419 Third-Party DR Services 419 Limitations of MX Records 420 Dedicated Load Balancers 422 Load Balancers for Inbound Mail 422 Load Balancers for Outgoing Mail 423 Multitier Architectures 424 Two-Tiered Architectures 425 Three-Tiered Architectures 426 Functional Grouping 427 Large Message Handling 429 Architectures with Mixed MTA Products 431 Integration with External Systems 431 External Email Encryption 432 External Data Loss Prevention (DLP) Servers 433 Email Archiving Servers 435 Archiving Inline or Cul-de-Sac 435 Archiving Through BCC 436 Other Archiving Ideas 437 Introducing, Replacing, or Upgrading ESA in Production 439 Adding the First ESA to the Environment 439 Replacing an ESA for Upgrade 440 Management of Multiple Appliances 443 Centralized Management Overview 443 Creating a CM Cluster 444 Joining an Existing CM Cluster 444 Creating and Managing CM Groups 446 Using CM in the WUI 450 Using CM in the CLI 453 Centralized Management Limitations and Recommendations 457 Size of CM Clusters 457 Configuration Files in Clusters 457 Upgrading Clustered Machines 457 Summary 459 Chapter 14 Recommended Configuration 461 Best Practices 461 Redundancy and Capacity 461 Securing the Appliance 462 Security Filtering 464 HAT Policy Settings 464 Whitelisting and Blacklisting 466 Spam Quarantining 468 Deciding to Quarantine or Not 468 End-User Quarantine Access 469 Administrative-Only Quarantine Access 469 Automated Notifications 470 Being a Good Sender 471 Being Rate Limited 471 Outbound Sending Practices 472 Handling Bounces 473 Variable Envelope Return Path 474 DNS and Sender Authentication 475 Dealing with Blacklisting 475 Compromised Internal Sources 477 Bounce Verification 479 Recommendations for Specific Environments 482 Small and Medium Organizations 483 Large or Complex Organizations 483 Service Providers 484 Higher Education 485 Email "Front End" to Complex Internal Organizations 486 Summary 487 Chapter 15 Advanced Topics 489 Recent Developments 489 Authentication Standards 490 Path-Authentication Standards: SPF and SIDF 491 Determining the Identity of the Sender 493 Deploying SPF 494 SPF Challenges 495 Using SPF and SIDF Verification on ESA 496 Message Authentication: DKIM 498 Enabling DKIM Signing on ESA 498 The DKIM-Signature Header 499 DKIM Selectors and DNS 499 Other DKIM Signing Options 500 DKIM Signing Performance 501 DKIM Verification on ESA 501 DKIM Challenges 502 DKIM and SPF Recommendations 503 Regulatory Compliance 504 General Concepts 504 Personally Identifiable Information (PII) 504 Payment Card Data 505 Personal Financial Information 505 Mitigation 506 Data Loss Prevention (DLP) 506 Enabling Data Loss Prevention Policies 506 Adding a DLP Policy 507 Taking Action on Matching Messages 507 Classifiers and Entities 509 Custom Classifiers 509 Customizing Policies 512 Customizing Content Matching on Predefined Policies 512 Customizing User and Attachment Rules 513 Integration with Content Filters 514 Summary 515 TOC, 3/23/2012, 9781587142925show more

Rating details

5 ratings
3.8 out of 5 stars
5 0% (0)
4 80% (4)
3 20% (1)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X