Security Basics: Re: Securing Corporate Web Based Email

[Brian Keefer <chort () amaunetsgothique com>]

On Wed, 2004-01-28 at 14:33, Jeff McLaughlin wrote:
> A second, any known appliances or software that can assist with web based
> mail content and tracking abuse.
The IronWebMail product from CipherTrust proxies webmail connections and
scans the stream for signature matches on know bad traffic.  It will
block attacks before they're passed to the internal server.  For OWA
specifically it has the ability to do session length enforcement,
time-out enforcement, and real secure log-off (which OWA was totally
lacking prior to 2K3).

It works with any webmail product (or any HTTP traffic, for that
matter), but the extended features around session management are for
OWA-only.

There are other commercial products available that also do AV and
content scanning on webmail traffic, although I'm not aware of the
performance implications of such a setup.

-- 
Brian Keefer, CISSP
Systems Engineer
CipherTrust Inc, www.CipherTrust.com


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------