For many organizations, email is more than a communication tool; it's the very lifeblood of how business gets done. Providing a single solution to email security problems such as spam and malware can be a great area for consultants to plumb since the problem directly affects employee productivity and the company's bottom line. Email firewalls also offer companies, especially SMBs, the benefit of replacing disparate email products with a single appliance.
 |
| Email Security Project Guide |
| Find more tips and strategies for securing your customer's email systems in our Email Security Project Guide, designed specifically for channel professionals. |
|
|
|
|
The first software-only products to protect mail servers had an Achilles heel that malware writers were quick to exploit: if one could gain control of the server hardware due to widespread security deficiencies of the controlling OS, then the software could be bypassed or corrupted.
In response to this and other problems, the email firewall has arisen. Though it shares a similar name and function, it differs from the common network firewall, which inspects and accepts/rejects incoming packets with a rule-based control mechanism. The email firewall goes up one level of abstraction and looks at the entire message being sent, not just the individual packets that compose the message.
An email firewall usually sits between the network firewall and the connected mail servers. Since the email firewall is a separate hardware device with its own hardened OS, malware cannot gain control of it with the tricks that might work on an unprotected mail server. Additionally, the dedication of hardware to one task increases efficiency and reduces the latency of mail delivery. The throughput of an enterprise-class mail firewall can be up to 150,000 mail messages per hour.
Email firewalls also include security functionality typically provided by standalone products, such as antivirus, antispam and content filtering. By replacing these disparate products with an email firewall, companies are able to decrease the amount of resources required to implement and manage them.
Antispam functionality
Email firewalls can deal with spam in a variety of ways. Some firewalls allow the use of an external spam filtering service. But the use (and expense) of such a service may be overkill for SMBs. In that case, the antispam tools included with the email firewall may be just the ticket. These tools differ little from standalone antispam products:
- Source Address Filtering
- Whitelisting and blacklisting
- The Distributed Checksum Clearinghouse (DCC) method, which counts how often mail is seen by other mail servers
- Statistical Token Analysis (Bayesian filter)
Antivirus capabilities
Some of the same techniques used for spam removal are also used for virus protection. For this effort, an external subscription-based service keeps track of virus signatures and transmits them to the firewall. The firewall then evaluates email attachments (or the email itself) for a signature match. This first line of defense can be supplemented with internal virus controls at the desktop, for example. Access control policies can also be customized at the firewall to stop known malware.
Outbound filters
Email firewalls can also be used to stop outbound transfer of company materials. This usually requires setting outbound control policies so that specific documents or classes of documents are blocked from being sent outside the firewall. This kind of content filtering can also be set up to block the transmission of malformed messages.
The hardware
Email firewalls differ in their hardware configurations depending on the size of the company. An email firewall can be a great solution for SMBs requiring fences around their direct Internet connection. But multiple vendors offer the devices, and consultants should evaluate the features of each to match them with their customers' needs. Smaller units generally come in the mini 1U rack format, with a fast Ethernet connection. Medium-sized organizations mostly use 1U format units that have ATA RAID for storage backup and Gigabyte Ethernet. High-volume sites use a 2U format unit with RAID 0 +1, redundant power supplies and Gigabyte Ethernet.
About the author
Larry Loeb has been online since the world revolved around {!decvax}. He's been in many of last century's dead tree magazines about computers, having been a Consulting Editor to the late, lamented BYTE magazine, among other things. You can reach him at larryloeb@larryloeb.com.
