Foursys - protecting your network from threats

The use of Email is a vital tool for communications in today’s busy workplaces. The need for security around email communication to ensure private, reliable delivery of genuine business messages has never been more important.

There are several key factors to consider when reviewing email requirements; Foursys has highlighted the main areas below:

• The levels of protection offered (in terms of spam, malware, content, granularity)
• Internal email protection/filtering for your groupware solution (Exchange, Notes etc)
• Hosted/SAAS/outsourced or on Premise
• Redundancy/Failover and the levels of resilience needed
• Email Encryption requirements

The levels of protection offered (in terms of spam, malware)

Determining what level of anti-spam and malware protection you require can be confusing.

Ultimately the trade off is usually between protection vs usability vs cost.

If cost isn’t an issue, then Foursys would advise any organisation to simply implement multiple gateways to ensure a maximum level or protection is achieved.  However in the real-world protection, usability and cost are the driving factors and Foursys Account Managers can talk in depth about the products, how they compare and what solution best fits your requirements.

Internal email protection/filtering

Protecting your internal mail server from hosting/delivering malware to recipients should always be a consideration.  Today’s networks frequently have mobile devices synchronising there email with internal email servers and its all too easy for people to have other email systems synchronising with their mobile at the same time, bringing in messages from private email accounts.

Further consideration should also be given to controlling inappropriate content travelling around internal email servers that could breach an organisation email usage policy.

Hosted or on Premise

Hosted Advantages
All of the top hosted (or software as a service) providers have multiple data centres and so the contingency (Disaster Recovery) scenario is effectively outsourced, meaning that email delivery to your organisation should be very reliable.

Anti-spam and Malware updates are every bit as effective as on-premise systems and arguably in many cases more effective, due to the anti-spam updates being available immediately (or near immediately).  The update time for anti-spam signatures to all hosted providers is near immediate and most providers utilise multiple anti-virus technologies ensuring comprehensive security protection.

Some hosted providers can also offer email archiving and business continuity as optional features.

Hosted Disadvantages
Many IT managers feel a loss of control associated with effectively outsourcing email filtering to a provider.

In-depth content filtering and many of the more granular filtering options are frequently lacking or are less sophisticated in hosted email systems.

Hosted email solutions in general are relatively expensive compared to in-house systems and in many cases additional content filtering or archiving are chargeable extras.

It is rare to find any integration with other internal security systems, such as internal filtering on MS Exchange for example.

On-Premise Advantages
The IT department has direct and usually instant control over the email software/appliance and can dictate its complete usage within their environment.

On-premise systems tend to be commercially more attractive than hosted systems.

In most cases, on-premise systems tend to allow more granular control over email content and delivery.

On-Premise Disadvantages
A contingency (Disaster Recovery) scenario should always be factored in i.e. what happens if the software/appliance goes down? How do we continue to deliver email in this situation? What happens if we cannot deliver email? Usually a second server or appliance can be used in this instance and there are a number of methods of deployment. Foursys can advise for your particular situation if required.

The anti-spam technology may not be as accurate as hosted providers and depending upon the solution chosen, you may be limited to one anti-virus scanner examining email content for malware. So careful consideration is needed to ensure any email solution fits into your security strategy – product evaluations and proof of concept projects are essential at this stage.

Email archiving may involve additional hardware/solutions, and therefore additional cost and management resource. 

Email Encryption

What does an organisation need from encryption?

There are really three types of encryption:

• Server (gateway) to Server encryption.
• Server (gateway) to recipient encryption
• User (client) to user encryption.

There is also an array of technologies that support these options.  Today most organisations (in our experience) still use little or no encryption, despite standards like TLS (Transport Layer Security) being widely available.

Unencrypted emails can (technically) be read by anyone that listens in along the message path i.e. if your organisation is sending confidential information and your ISP (as an example) has a wayward engineer listening in, then its contents could be exposed.

Server to Server encryption typically uses one of the following technologies:

TLS (Transport Layer Security), PGP (Pretty Good Privacy), S/MIME (Secure/Multipurpose Internet Mail Extensions)

Server to server encryptions primary benefit is that it’s relatively easy to setup and utilise.  With most email systems, you simply enter a domain and options such as:

• No encryption.
• Attempt encryption.
• Require encryption.

The email then follows the rules configured on the mail gateway.  However it is important to note that the email isn’t encrypted on its path to the sending gateway and the receipt receives the email unencrypted.

Server to Recipient Encryption
By ensuring that only the specified end user can access the protected email content, most organisations will fore-fill their regularity requirements by utilising server to recipient encryption.

Server to recipient encryption has the added advantage of not requiring any (specific) localised client installed software (in most cases) and so rules governing encryption can be configured on the email system.

This can make the whole management of encryption a relatively straight forward process, with the gateway/hosted system dictating what content gets encrypted, utilising rules configured by the administrator.

This approach can (with most systems) either trigger encryption through content within the email or on by matching specific email addresses (requiring no end user interaction). 
Usually these systems can also trigger encryption by key words inserted into the text by the end user.

Many of these systems can also act as web mail providers, allowing recipients to log on the box to either receive messages or securely reply through a secure web tunnel.

Sender to Recipient Encryption
Typically sender to recipient encryption requires client software installed at both ends to ensure successfully encryption/decryption.  This process is useful for specific sending of confidential emails between two or three specific individuals, but usually requires the user to trigger the encryption.

Because of the high levels of user interaction and the software requirements on the client, Foursys doesn’t currently provide a Sender to recipient encryption solution.