Home page logo
/

bugtraq logo Bugtraq mailing list archives

New paper - Testing the Enterprise Security: Anti-Spam and Anti-Virus Solutions
From: marian.ventuneac () ul ie
Date: 9 Jun 2009 13:00:01 -0000


Paper: Testing the Enterprise Security: Anti-Spam and Anti-Virus Solutions

Abstract:

Enterprise Anti-Spam and Anti-Virus solutions are widely used to protect corporate e-mail servers against various 
external threats including spamming, viruses, spyware, and phishing attacks. Usually claiming a high rate of malicious 
message filtering (between 95-99%), it is hard to argue that its main purpose is realized. However, no comprehensive 
benchmarking on how such security solutions stand against internal attacks is currently available. Relying on various 
commercial and open-source technologies (Microsoft .NET, MySQL, PHP, Linux, Apache HTTP server, etc.), the majority of 
Anti-Spam and Anti-Virus enterprise solutions employ Web-based applications to allow remote configuration, 
administration and management of spam-quarantined e-mails. While Web-based applications are often found to be 
vulnerable to a wide variety of security vulnerabilities (including SQL Injection, Cross-Site Scripting, Denial of 
Service, Privilege Escalation, etc.), such enterprise security solution
 s make unfortunately no exception.

This paper highlights the need of vendor-certified security testing for Anti-Spam and Anti-
Virus enterprise solutions, in order to protect it against internal attacks. In a structured effort to benchmark and 
potentially improve various enterprise security products, the author’s recent research done in collaboration with Data 
Communication Security Laboratory from University of Limerick, (Ireland) is presented. Various security vulnerabilities 
identified in high-profile enterprise Anti-Spam and Anti-Virus products commercialized by vendors such as Marshal8e6 
[1], Barracuda Networks [2], and Symantec [3] are discussed, while the implications of vulnerabilities exploitation and 
the risks for the enterprise are analyzed.

Author: Dr. Marian Ventuneac

Paper download: http://www.testingexperience.com/testingexperience02_09.pdf


  By Date           By Thread  

Current thread:
  • New paper - Testing the Enterprise Security: Anti-Spam and Anti-Virus Solutions marian . ventuneac (Jun 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]