|
To
view this update as a Web page, copy this link into your
browser: www.qtsnet.com/stayinformed/quiknews/quiknews_july2003.htm.
To
subscribe or unsubscribe, please follow instructions at
the bottom of this page.
Welcome to the July edition of QTS QuikNews, our monthly
e-mail newsletter. In this monthly e-mail, you will
receive an update of what's new at QTS - new products we
support, new patches and upgrades, solution ideas and
promotions to save you money, and information about our
company and our clients.
In
this issue:
QTS
NEWS
QUIKNEWS
GOES HTML!
As should be obvious by now, for those of you who have
been reading the plain text version for the past two and a
half years, we have shifted to an HTML format which we
hope makes your reading experience more pleasant. Please
email QuikNews@QTSnet.com
with any feedback, especially if the new format presents
problems for any of our readers. Special thanks to the Lenskold
Group for assisting us with the conversion.
QTS
PARTNER RAZORPOINT SECURITY FEATURED IN NY TIMES
QTS’ partner for Penetration & Attack Test services,
Razorpoint Security, was featured in the NY Times Magazine
for an article about wireless network security.
Visit http://www.nytimes.com/2003/07/13/magazine/13HACKING.html
for the article (you’ll need to register for NY Times
Online, which is free).
CUSTOMER
SATISFACTION SURVEY WINNER
Congratulations to Richard Sypeck of Lite DePalma, whose
customer satisfaction survey was randomly drawn as our Q2
winner. Richard will receive a $50 gift certificate for
Amazon.com. Thank you to Richard and all other QTS
customers who submitted Customer Satisfaction Surveys in
Q2–we appreciate the feedback.
QTS
IS HIRING!
QTS is recruiting for senior level technical personnel, as
well as entry and senior level sales staff. If you know
anyone who might be a good fit, please have them submit
their resume to Liz Meechan, our Office Manager. Liz can
be reached at lmeechan@QTSnet.com,
or (973)984-7600 x223.
PRESS
RELEASES
QTS
LAUNCHES QUIKSECURE PENETRATION & ATTACK TESTING
SERVICE
7/28/2003:
QTS today launched its new QuikSecure™ Penetration &
Attack Testing Service, in conjunction with and through
its partnership with Razorpoint Security Technologies.
Offered exclusively to QTS customers by Razorpoint
Security, the QuikSecure PAT offerings package
Razorpoint's Attack/Penetration Test services into three
levels, specifically targeted to meet the needs of QTS'
Medium Business customers.
Read more at http://www.QTSnet.com/stayinformed/l3_stay_pr44.htm
PRESIDENT'S
CORNER
Spam
is a growing problem – it comes up in almost every IT
strategy planning meeting I have with clients and
prospects as one of their top concerns. Numerous studies
have been done suggesting that as much as half of all the
email sent on the Internet is spam, and this number
continues to rise. The consequences of this vary based on
the recipient’s situation, but several of the legitimate
concerns identified include:
*
lost employee time and productivity, spent managing a
deluge of useless messages that flood their inbox. I’ve
heard of many people spending up to half an hour every day
deleting messages from their mailbox;
* wasted storage space on servers and local PCs, as junk
mail consumes just as much space as legitimate mail and
most employees are not disciplined enough to delete their
mailbox contents regularly. This causes increased disk
storage costs, reduced system performance and other
negatives;
* legal liability for employees receiving and viewing
offensive material (sexually explicit messages with
embedded pictures, hate mail, etc.).
Some
of these issues need to be addressed via an
organization’s information security policies,
specifically email policies for message viewing and
handling and mailbox management. Many organizations are
putting limits on mailbox sizes and message retention,
forcing users to move mail they want to keep to folders
and auto-deleting the remainder. All of this needs to be
planned out, regardless of any technology tools put in
place to manage spam, as the constant trend we are seeing
is more and more people sending more and more email, which
takes up more and more disk space with larger and larger
files. This trend is unlikely to slow down any time soon.
As
to the curious name of “spam,” there was an article in
the New York Times a few months ago that traced the
history of the term. For those of you who enjoy offbeat
comedy, you may recall the Monty Python skit with the
couple ordering spam in a diner, and the Vikings singing
“spam, spam, spam” louder and louder to the point
where that was all that could be heard. This is actually
the generally credited origin of the term (much to the
consternation of Hormel, the makers of the spiced ham food
that the whole skit was based on). As the Internet
evolved, the term caught on.
Since
the good folks at Hormel have legally protected their name
and asked that email spam not be capitalized to avoid
confusion with their product, you will see me leave the
name in lower case, though it is often capitalized or
initially capped by most writers.
Battling
spam is an ongoing fight. As new techniques to detect and
eliminate spam are identified and put in place, spammers
put in new countermeasures to get around them. As an
example, spammers introduced random numbers into the
header to ensure message uniqueness and defeat some types
of signature-based anti-spam techniques. This will no
doubt continue, because spamming is a lucrative market –
why send direct mail and incur postage costs, when email
marketing can be sent at virtually no charge to a larger
audience.
Fighting
spam is similar to fighting viruses, and is optimally
handled by a multi-technique approach. Most anti-spam
products incorporate most or all of the following
techniques, and some of the more basic techniques will be
finding their way into basic email systems in the upcoming
years to at least provide basic capabilities. A defense in
depth strategy is always best for any security-related
issue.
Some
of the techniques employed by software vendors and IT
departments to combat spam are listed below, and the
solutions vary from email screening gateways (which I
personally consider to be a “must-have” in any solid
email security infrastructure) to fully outsourced mail
management services (which can make sense for some
customers, but which have inherent negatives including
loss of control and an almost certain vendor shake-out
that will occur in the next few years, similar to the ISP
shake-out we endured a few years ago).
Signatures
– once a spam message is sent and identified as spam,
the content of that message can be “fingerprinted” and
(some) email systems can be configured to reject it. This
is similar to they way virus signatures work. However,
spammers often avoid this first technique by coming up
with ways to make the messages unique in some way. Thus,
fingerprinting technologies continue to evolve to combat
this (to illustrate the scope of the problem,
SurfControl’s Anti-Spam Agent contains a database with
35,000 known spam fingerprints, and it is updated daily
with new additions).
Real-time
Blacklists – these are services available on the
Internet that classify specific senders as known spammers.
There are roughly 125 low-cost or free RBL services on the
Internet – two of the most well-known are Open Relay
Database (www.ordb.org)
and MAPS (www.mail-abuse.org).
When you configure your email server or gateway software
to use an RBL (Exchange 2000 and below and GroupWise 6 and
below do not support them natively, but front-end gateways
such as Symantec Antivirus for SMTP Gateways or
SurfControl Mail do), the mail server does a DNS query
against the RBL list upon receipt of a mail message to
confirm that the sender is “OK.” If they are on the
list, then the message is bounced as undeliverable.
An
unfortunate by-product of RBL services is that sometimes
legitimate senders’ mail is bounced when this is
implemented – many email servers, particularly older
ones, are configured with “Open Relay” enabled by
default. This means that spammers who detect this can
“relay” their spam off the server, making it seem like
the spam is coming from that server rather than
themselves. Those servers thus are detected as spammers,
and added to the list (or added by scans that simply see
Open Relay is on). Novell GroupWise users have been
particularly unfortunate here, as GroupWise has
traditionally had problems with being detected as having
relay open even when it is shut down due to bugs in the
software. It is important that you ensure Open Relay is
shut down on all of your servers that can send mail on the
Internet, or restricted to only relaying from internal
addresses, depending on your configuration. We have seen
many customers negatively impacted by this, and only
recently has the default configuration for email software
changed Open Relay to “off.”
Reverse
lookups are a related technique that can catch relayed
messages – some email servers can have this turned on,
so that when a message is received the server does a
reverse DNS lookup to verify it was actually received from
the same domain it says it was sent from. This helps avoid
relayed messages, but can also result in false positives
where legitimate messages get bounced back (see below)
depending on the configuration of both email systems.
Also, keep in mind that both Reverse Lookup and Realtime
Blacklist approaches consume additional CPU cycles and may
slow down your mail system.
Custom
Blacklists – some products support the ability to
designate specific top-level domains (usually this would
be country codes where spam is unregulated), second level
domains (e.g., QTSnet.com) or specific email addresses as
known spammers, and block their email. This is another
basic function, but most older (pre-2003) email servers do
not support this – you generally need to add an email
gateway product such as the ones from Symantec or
SurfControl to do this.
Whitelists
– whitelists are the opposite of blacklists, and are an
important tool in fighting “false positives”
(legitimate email that is caught as spam). Whitelists
allow for specific “good, known” domains to send
messages while bypassing the content filtering rules. For
example, you would always want QTSnet.com to be able to
send to your organization, lest there be any chance
QuikNews would be detected as spam by one of these
techniques and deleted (a catastrophic event, to say the
least!).
The
downside of using this approach is that it can be
time-intensive to maintain such lists. Although some
legitimate senders’ addresses are obvious, often
legitimate communications come from outsourced third party
services or servers with other names (many email
newsletters are handled this way) and it is a constant
fight to keep such lists current. This approach requires a
level of care and feeding that many businesses are not
equipped to provide.
In
next month's column, I will share some of the more
advanced techniques being applied to combat spam, and
future trends.
As
always, feel free to email me your comments or thoughts at
nrosenberg@QTSnet.com.
Thank you.
Neil
Rosenberg
President & CEO
Quality Technology Solutions
|
