CMP Network Computing
Log In to Network Computing
   Techweb
 
Top 11 List Security Channel SpamOmeter Internet Threat Level
Live Lab Cams Storage Channel IT Pro Downloads Network Design Manual
 Site Map |  What's New |  Current Issue |  Past Issues |  Article Index |  Newsletters |  Content Feeds |  Subscribe
Welcome to Network Computing Networking News Product Reviews, Sneak Previews, Analysis Workshops, Primers, Tutorials Site Content According to Technology Covered Forums, Blogs, Opinions Site Tools for IT Professionals Centerfold Case Studies Interactive Buyer's Guides


IT Knowledge Made Simple
Stay on top of strategic IT infrastructure trends with our special IT StrategyCenter, powered by StudioOne Networks.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Resilient IT / Strategies

Ensuring Email Integrity in Financial Services

By Tom Schmidt

Email is a critical component of the corporate infrastructure. But as the financial services industry knows all too well, email is also a target and medium for malicious code and attackers. Email has also evolved from being strictly a communications channel to a repository of business records, confidential customer information, corporate documents, and financial transactions -- all of which makes managing email more challenging. This article looks at what financial institutions can do to reduce the risk and potential downtime posed by security threats and spam, and to control the flow of unauthorized or inappropriate content in email both internally and externally.

Protecting the perimeter
The two primary email-borne threats today continue to be viruses and spam. Several measures can be taken to prevent them from reaching downstream servers and email users, however.

The most common virus content found in email is the result of mass-mailer worms. These programs use email addresses found on compromised systems and automatically generate emails to replicate and distribute their payload to unsuspecting users and systems. Since mass-mailer worm emails have no intrinsic business value, they can be deleted automatically without fear of legitimate data loss. Gateway-based antivirus scanners can identify and distinguish mass-mailer worms and allow administrators to delete them.
 
Mass-mailer worms also usually rely on the same variety of data or file types to deliver the payload as an attachment. These are file types such as .scr, .pif, and .vbs, which are typically not found in regular business transactions. Attachment filtering can accomplish this through the creation of policies to delete messages when the presence of a suspicious extension type is found.
 
As for spam, it continues to be a serious security concern since it can be used to deliver Trojans, viruses, and phishing attempts. According to the most recent Internet Security Threat Report, spam made up 50% of all email traffic in the second half of 2005.

The Threat Report also found that a widely targeted port for financial organizations is TCP port 25, which provides SMTP email service. TCP port 25 is often scanned by spammers who are attempting to locate computers that can be used to deliver unsolicited email. These unprotected systems, called open relays, allow anyone to relay mail. Successful compromise of this port may result in spammers using it to relay spam, which will result in unauthorized consumption of network bandwidth. This in turn may result in system slowdowns or, in worst-case scenarios, DoS (Denial-of-Service) conditions. Organizations whose systems are identified as being used to send spam risk being blacklisted, which could subsequently result in email from the organization's end users being blocked.

Spam quarantines, generally housed on a server separate from the mail infrastructure, are ideal places to move unwanted spam content from active message stores (and consequently end-user mailboxes) to less expensive media, and they are far easier to scale and maintain. Quarantines are required because antispam systems cannot be 100% accurate.

It is important that financial institutions look for an antispam solution that is not a collection of manual tools, but rather an integrated, frequently updated response mechanism with highly accurate spam definitions and techniques based on the latest spamming techniques.
 
For SMTP perimeter protection, there are three ways to implement solutions. These "form factors" can be described as follows:

  • Software-based solutions, which require installation of application software on the customer-provided hardware and operating system
  • Appliance-based solutions, where application software is pre-installed on a vendor-maintained operating system and hardware
  • Hosted service solutions, where the software and systems are located off-premises at a hosted provider and Internet email mail streams are redirected through this environment to be scanned

Safeguarding internal mail servers
These days, it's not enough to have perimeter protection in place. It's also necessary to inspect internal mail traffic in order to:

  • Prevent viruses from entering through other vectors, such as personal Web-based email or via remote laptop users whose virus definitions may not be current
  • Prevent authorized content from being sent to unauthorized users within and outside of the organization. Preventing leakage internally is just as critical as external or outbound data leakage.
  • Enforce email usage (or content) policies throughout the company
  • Clean message stores of older, unwanted content

Mail server protection solutions should be able to inspect content in real time as email is being committed to the message store, when it is being accessed from the store, and on a scheduled or on-demand basis. Sweeps of message store content should be based on updated virus definitions or specific content rules designed to identify suspicious or inappropriate content.
 
Keys for email security
To keep up-to-date against the latest email threats, today's financial institutions require a solution backed by a global network of security, antivirus, and antispam research and response centers. After all, the Internet knows no borders and time zones, so neither should the response organization that provides ongoing updates for critical antivirus, antispam, and security scanning services. Global operations are also essential to provide financial institutions with 24x7 responses, wherever they are located.

Also, financial institutions should consider a mail security solution that provides integrated virus scanning, antispam, and content filtering controls, plus the flexibility to choose between software-based, appliance-based, and hosted service form factors.

Email issues in 2006
The need for multi-tier protection was underscored by the release earlier this month of San Francisco-based Ferris Research's latest report, "Top 10 Messaging & Collaboration Issues of 2006." According to Ferris, increasingly sophisticated antispam software and state-of-the-art email security products will be called for this year to mitigate email threats. Other pressing issues will include email archiving and retention (mandated by Sarbanes-Oxley and other government regulations) and mobile messaging security.

Conclusion
Today's financial institutions rely on email as a primary form of business communication. That's why they require a solution that ensures the security of their email information and systems. This solution must reduce the risk and potential downtime posed by security threats and spam, help satisfy email policies, and address email content compliance needs.
 
A subsequent article will show how the solution must also address regulatory compliance needs, enable data migration to less expensive storage, facilitate email server migration, and optimize the availability and resiliency of the email infrastructure. Only then can financial institutions claim to have ensured the integrity of their email.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.

IT Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Network and Infrastructure
Analytics and ROI
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

Increasingly sophisticated antispam software and state-of-the-art email security products will be called for this year to mitigate email threats.

-- Ferris Research's latest report, "Top 10 Messaging & Collaboration Issues of 2006"
Sponsor Tools

White Papers

View More


Resources
Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


CIO Interview: CIO of Port of Portland, Michelle Gaines
Playtime: 7 min 59 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.
Advertisement
Site Navigation
Home | Article Index | Newsletters | RSS Feeds | Site Map | IT Tools | Reviews | Technologies | Workshops/Tutorials | News | Forums/Blogs/Opinion | Bookstore | Jobs | RFP/RFQs | White Papers | Audio | Downloads | Editors | Webmaster | Sales and Marketing | Magazine Media Kit | Online Media Kit | Events | Reprints | Editorial Calendar
Technology News and Opinion
Small Business Pipeline | IT Utility Pipeline | Business Intelligence Pipeline | Desktop Pipeline | Compliance Pipeline | Server Pipeline | Storage Pipeline | Security Pipline | Mobile Pipeline | Linux Pipeline | Advanced IP Pipeline
Companion Sites
Independent Testing Services | Network Magazine | IT Pro Downloads | UnixWorld | Interactive Buyer's Guide | InternetWeek | InformationWeek | Transform Magazine | Pipeline Technology Sites | Intelligent Enterprise | TechWeb | Shop-Marketplace.com



TechWeb is brought to you by CMP Media LLC, Copyright © 2004
Privacy Statement | Terms Of Service