Foursys - protecting your network from threats

Foursys Security Newsletter - January 2009

Welcome to the January 2009 edition of the Foursys Newsletter. The idea is to keep customers up to date with news from Foursys and also our key suppliers Sophos, Utimaco and Websense. This month we have lots of news for you so we have 8 items below. We hope you will find this Newsletter useful and any feedback is welcome.

Sophos announce their first Disk Encryption product

This is especially relevant if you use Sophos SAV or Endpoint on the desktop and are interested in encrypting your laptops and PCs disk drives or files.

This week Sophos announced their first disk encryption product following the merger with Utimaco, the global specialist in Encryption solutions with 25 years experience in this area. The Sophos Endpoint Security and Data Protection bundle (ESDP for short!) is a combination of Sophos Endpoint and Disk Encryption software for use on some or all of your laptops and desktop PCs. The Licence will cover all your PCs, but it is up to you how many you want to install with Disk Encryption. As well as whole disk encryption users can also encrypt files for use on removable storage devices and for email exchange with third parties if that is also needed. The Sophos Data Protection part is based on proven software from Utimaco with over 3 million users globally (Utimaco SafeGuard Easy and PrivateCrypto). The cost of ESDP is only 20% more than Endpoint on its own and covers ALL your PCs so this is probably the most cost effective encryption solution available today. And it is easy to use with a simplified installation process.

The product is due for release in Q2 2009 but if you order before March then you get six months free on the data protection part.

Support for Windows 2000 and XP will be standard when the product is released in Q2 2009, but Vista support in ESDP will not be available until next year so if you need this now then you can consider another SafeGuard product. Foursys can advise you if this is the case.

If you are part way through your licence and want to consider an upgrade now to ESDP then we can advise on this too.

The key thing is that Foursys is the only UK Sophos Platinum Partner that is also an Accredited Utimaco Partner so we are in the best position to advise you on the most suitable Sophos/Utimaco product to meet your encryption needs.

For more information call us on 01223 810 910 and ask for a quotation on ESDP, or discuss all the options with our sales or technical teams.

Encryption at the MailGateway - software appliance solution

The Sophos/Utimaco SafeGuard MailGateway is a powerful and secure software appliance that allows users to send and receive encrypted mail. It supports established standards like S/MIME and OpenPGP but also includes SafeGuard PDFMail so you can send/receive mail to someone who does not support these standards or even have the infrastructure in place. That makes Encrypted Email a much simpler solution for the organisation, the IT Department and end users than many alternatives from other suppliers.

SafeGuard MailGateway works with all the major content filters (e.g. MIMEsweeper SMTP) and all the major email servers (Microsoft Exchange, Notes Domino, etc).

This makes the SafeGuard MailGateway a very flexible solution.

In a few months Sophos will also be including support for SafeGuard PDFMail and MailGateway in their ES Email Appliances so users with Sophos Email can have an integrated solution.

For more information see Foursys website http://www.foursys.co.uk/safeguard+mailgateway.aspx or call us on 01223 810 910 to discuss SafeGuard MailGateway with our sales/technical team.

Free Data Loss Prevention workshops by Websense and Foursys

This seminar on Data Leakage Prevention is primarily intended for Public Sector organisations (NHS and Government) but will also be relevant to Corporate organisations who want to put in place a comprehensive DLP solution.

Recent examples of data leaks show just how critical it is for organisations to put in place stringent security processes around how they use, share and distribute confidential information. Because most instances of data loss are unintentional. Honest employees are naively flouting security precautions by removing data on discs or USB keys, or unintentionally emailing it out to external sources without realising the risks of doing this.

You will find out more about the Websense Data Security Solution, seen by analysts at both Forrester and Gartner as the leading DLP solution because of its strong market strategy and automated learning capability. The Websense DLP solution allows you to look at context, content and destination so that you can manage who can send what information to who and how.

Our free seminars are being held at:

- Websense UK's Head Office in Reading on Tuesday 24th February
- Manchester United Football Club in Old Trafford on Tuesday 3rd March (tour included!).

Spaces are limited so if this is an area that you need to know about then register now at http://www.foursys.co.uk/workshopseminar.aspx

Foursys Security Health Check - Sophos, Websense, MIMEsweeper or Microsoft ISA

Until the end of March 2009 Foursys are offering all customers, even if you are not a Foursys customer, a Security Health Check at 20% off the normal list price of £1250.

Total cost is now £995 plus VAT, including all expenses for mainland UK and a written Foursys Security Health Check report with recommendations.

A Security Health Check can cover any one of these products normally in one day - Sophos Endpoint (and Email if installed), Websense Web Security, MIMEsweeper Email or Microsoft ISA. If you have 2 or more products then we can provide a combined price to cover all of them.

The Technical Benefits of a Health Check are clear: you ensure the product is configured correctly with suitable rules and policies, conforms to best practice and is installed with the latest version and all fixes. But the Business Benefits are also just as important: you ensure you get a real ROI on your investment and can show due diligence by having an external review of the configuration.

For more information call Louisa Kelly or her colleagues at Foursys on 01223 810 910 or see http://www.foursys.co.uk/health+check.aspx

Foursys Training Courses - Update

The Training Room is now open in our offices just outside Cambridge so if you are based in London or East Anglia then you can have your administrator training course here (see location at http://www.foursys.co.uk/directions+and+map.aspx) . Foursys restricts its courses to one organisation at a time to ensure customers retain complete confidentiality of their security policy. This also ensures small class numbers.

But if you prefer then we can run the training course on your premises - we deliver and collect the PCs used for training including networking equipment and AV hardware.

Our Microsoft ISA course has now been extended to 3 days to give time for extra labs and to go into greater depth within the product. For more details and prices see http://www.foursys.co.uk/microsoft+isa+server+training.aspx
Our Websense Web Security course has been upgraded to include V7 (but we can run a V6 course if you prefer) and the Sophos Endpoint course has also been upgraded to include the latest SAV 7.6.

For more details on Foursys training see http://www.foursys.co.uk/training+courses.aspx or call Louisa Kelly or her colleagues at Foursys on 01223 810 910

Sophos Email Security Appliances - new ES models and Clustering now included

Enhanced ES software functionality is now available at no extra cost and is available in the January 19th download:

- clustering support so multiple (up to 10) appliances can be managed from a single console
- new and improved dashboard
- enhanced certificate management for encrypted email

In addition there are now 3 appliances in the range:

- ES1000 remains for small/medium sites but is now able to able to process far more traffic (up from 20,000 to 50,000 messages per hour)
- ES5000 has replaced the ES4000 with updated hardware specification and is aimed at the medium/enterprise market and able to process up to 380,000 messages per hour.
- ES8000 is a new model high capacity platform for very large volumes of mail up to 550,000 messages per hour

The ES5000 and ES8000 both include hot-swap drives, RAID disk and hot-swap power supplies for resilience. All ES appliances include 3 years maintenance.

And if you order a 3 year Sophos Email licence then you are entitled to a Buy One Get One Free appliance offer until the end of March 2009.

For more information call Foursys on 01223 810 910.

For all Sophos SAV or Endpoint users - Conficker-A Virus

Foursys has received a number of calls from customers experiencing problems with the Conficker-A virus. Whilst an up to date and correctly configured Sophos Endpoint will defend against this virus, it is important to ensure that you are protected.

At Foursys we always recommend layers of defence, hence our recommendations are:

Ensuring that your machines are fully patched up to date, as the virus exploits a known windows vulnerability (MS08-067).
Lock down removable media (typically CDs and USB keys) to key personnel. This is a feature available in SAV 7.6.
Ensure the Sophos on-access scanner is running with both on read and on write scanning enabled and that it is configured to auto cleanup any detections.
If Sophos detects the virus on a machine, ensure a full system scan is run (with the cleanup options enabled) on that machine(s).
Try and identify the source infection for the virus as it typically spreads via network shares or USB devices.

The Sophos website has more information on this virus at http://www.sophos.com/security/analyses/viruses-and-spyware/malconfickera.html

The Microsoft patch can be obtained from: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Websense V7 Architecture changes

Websense version 7 has introduced a number of benefits over the previous release, but crucially there is an underlying architecture change that customers need to be aware of. In version 6, Websense configuration was managed by the policy server, which stored the configuration in a flat xml file. This is still true with version 7, however the core configuration is now stored within a policy database, controlled by the new policy broker service. This allows for multiple policy servers to run and filter web traffic with the same configuration/policy. Additional policy servers are then updated from the policy broker service, via the individual policy server that has received configuration changes.
So updates happen in this order:

Change made on Websense Manager.
Configuration modified within the local Websense policy server
Policy Server updates the configuration within the policy broker/database.
Configuration in other policy servers are then updated from the policy broker service.

In short you no longer need to manually push out configuration changes between multiple Websense servers. Additionally even if the policy broker service goes down, policy servers will continue to filter traffic. The idea being to allow Websense to more easily scale for contingency and fail over proxy servers or clustered solutions. There is also now a backup tool for ensuring you can restore your Websense configuration much more easily.

Please note the architecture and feature enhancements within Websense have resulted in a notable change in hardware specification required to operate Websense V7.

Contact Foursys on 01223 810 910 or sales@foursys.co.uk if you want to discuss these Websense V7 changes in more detail and ask for our PDF briefing on "Websense V7 Architecture Changes".