| Introduction xxiii Chapter 1 Introduction to Email Security 1 Overview of Cisco IronPort Email Security Appliance (ESA) 1 AsyncOS 3 Security Management Appliances (SMA) 3 History of AsyncOS Versions 4 Software Features 5 Email Security Landscape 6 Email Spam 6 Viruses and Malware 7 Protecting Intellectual Property and Preventing Data Loss 8 Other Email Security Threats 9 Simple Mail Transfer Protocol (SMTP) 9 SMTP Commands 14 ESMTP Service Extensions 15 SMTP Message Headers and Body 16 Envelope Sender and Recipients 17 Transmitting Binary Data 18 MIME Types 20 Character Sets 21 Domain Name Service (DNS) and DNS MX Records in IPv4 and IPv6 22 Message Transfer Agents (MTA) 23 Abuse of SMTP 24 Relaying Mail and Open Relays 24 Bounces, Bounce Storms, and Misdirected Bounces 25 Directory Harvest Attacks 26 Summary 27 Chapter 2 ESA Product Basics 29 Hardware Overview 29 2U Enterprise Models 30 1U Enterprise Models 31 Selecting a Model 31 Basic Setup via the WUI System Setup Wizard 31 Connecting to the ESA for the First Time 31 Running the System Setup Wizard 32 Reconnecting to the WUI 38 LDAP Wizard and Next Steps 39 Examining the Basic Configuration 41 Next Steps 41 Setup Summary 42 Networking Deployment Models 43 Interfaces, Routing, and Virtual Gateways 43 Single Versus Multinetwork Deployment 47 Routing on Multinetwork Deployments 48 DNS Concerns 49 Firewall Rules 50 Securing Network Interfaces 51 Security Filtering Features 52 SenderBase and Reputation Filters 53 IronPort Anti-Spam 54 Antivirus Features 55 Summary 58 Chapter 3 ESA Email Pipeline 59 ESA Pipeline 59 Listeners 61 Host Access Table (HAT) and Reputation Filters 63 Rate Limiting with Mail Flow Policies 65 DNS and Envelope Checks 67 Sender Authentication 67 Recipient Access Table and LDAP Accept 67 Recipient and Sender Manipulation 70 Default Domain, Domain Map, and Aliases 70 Masquerading 71 LDAP Operations 72 LDAP Accept 72 LDAP Routing and Masquerading 73 Groups 73 Work Queue and Filtering Engines 73 Work Queue Overview 74 Incoming and Outgoing Mail Policies 74 Message Filters 75 Anti-Spam Engine 75 Antivirus Engines 76 Content Filtering 77 Virus Outbreak Filters 78 DLP and Encryption 78 Delivery of Messages 79 Selecting the Delivery Interface (Virtual Gateways) 80 Destination Controls 81 Global Unsubscribe 81 SMTP Routes 82 Selecting Bounce Profiles 83 Handling Delivery Errors with Bounce Profiles 84 Final Disposition 85 Summary 85 Chapter 4 ESA Web User Interface 87 Overview 87 Connecting to the WUI 87 WUI Tour 88 Monitor Menu 88 Overview 89 Incoming Mail 89 Outgoing Destinations 90 Outgoing Senders 90 Delivery Status 90 Internal Users 90 DLP Incidents 91 Content Filters 91 Outbreak Filters 91 Virus Types 92 TLS Connections 92 System Capacity 92 System Status 92 Scheduled Reports 93 Archived Reports 93 Quarantines 93 Message Tracking 94 Mail Policies Menu 94 Incoming Mail Policies 95 Incoming Content Filters 95 Outgoing Mail Policies 96 Outgoing Content Filters 96 Host Access Table (HAT) Overview 96 Mail Flow Policies 97 Exception Table 97 Recipient Access Table (RAT) 97 Destination Controls 97 Bounce Verification 98 DLP Policy Manager 98 Domain Profiles 99 Signing Keys 99 Text Resources 99 Dictionaries 99 Security Services Menu 100 Anti-Spam 100 Antivirus 101 RSA Email DLP 101 IronPort Email Encryption 101 IronPort Image Analysis 101 Outbreak Filters 102 SenderBase 102 Reporting 103 Message Tracking 103 External Spam Quarantine 103 Service Updates 103 Network Menu 104 IP Interfaces 105 Listeners 105 SMTP Routes 105 DNS 106 Routing 106 SMTP Call-Ahead 106 Bounce Profiles 106 SMTP Authentication 107 Incoming Relays 107 Certificates 107 System Administration Menu 108 Trace Tool 108 Alerts 109 LDAP 109 Log Subscriptions 109 Return Addresses 110 Users 110 User Roles 111 Network Access 111 Time Zone and Time Settings 111 Configuration File 112 Feature Keys and Feature Key Settings 112 Shutdown/Suspend 112 System Upgrade 113 System Setup Wizard 113 Next Steps 114 Options Menu 114 Active Sessions 115 Change Password 115 Log Out 115 Help and Support Menu 115 Online Help 116 Support Portal 116 New in This Release 116 Open a Support Case 117 Remote Access 117 Packet Capture 118 WUI with Centralized Management 118 Selecting Cluster Mode 119 Modify CM Options in the WUI 121 Modifying Cluster Settings 121 Other WUI Features 122 Variable WUI Appearance 122 Committing Changes 123 Summary 123 Chapter 5 Command-Line Interface 125 Overview of the ESA Command-Line Interface 125 Using SSH or Telnet to Access the CLI 125 PuTTY on Microsoft Windows 127 Simple CLI Examples 129 Getting Help 132 Committing Configuration Changes 133 Keeping the ESA CLI Secure 134 SSH Options on the ESA 135 Creating and Using SSH Keys for Authentication 136 Login Banners 140 Restricting Access to SSH 140 ESA Setup Using the CLI 141 Basics of Setup 142 Next Setup Steps 142 Commands in Depth 146 Troubleshooting Example 146 Status and Performance Commands 146 Command Listing by Functional Area 156 Mail Delivery Troubleshooting 156 Network Troubleshooting 156 Controlling Services 157 Performance and Statistics 158 Logging and Log Searches 159 Queue Management and Viewing 160 Configuration File Management 161 AsyncOS Version Management 162 Configuration Testing Commands 163 Support Related Commands 163 General Administration Commands 165 Miscellaneous Commands 166 Configuration Listing by Functional Area 167 Network Setup 167 Listeners 168 Mail Routing and Delivery 175 Policy and Filtering 176 Managing Users and Alerts 177 Configuring Global Engine and Services Options 177 CLI-Only Tables 179 Configuration for External Communication 179 Miscellaneous 180 Batch Commands 181 Hidden/Undocumented Commands 183 Summary 186 Chapter 6 Additional Management Services 187 The Need for Additional Protocol Support 187 Simple Network Management Protocol (SNMP) 188 Enabling SNMP 188 SNMP Security 189 Enterprise MIBs 189 Other MIBs 190 Monitoring Recommendations 191 Working with the ESA Filesystem 193 ESA Logging 196 ESA Subsystem Logs 196 Administrative and Auditing Logs 197 Email Activity Logs 198 Debugging Logs 199 Archive Logs 201 Creating a Log Subscription 202 Logging Recommendations 202 Transferring Logs for Permanent Storage 203 HTTP to the ESA 204 FTP to the ESA 204 FTP to a Remote Server 204 SCP to a Remote Server 205 Syslog Transfer 205 Understanding IronPort Text Mail Logs 206 Message Events 206 Lifecycle of a Message in the Log 207 Tracing Message History 209 Parsing Message Events 211 A Practical Example of Log Parsing 212 Using Custom Log Entries 215 Summary 217 Chapter 7 Directories and Policies 219 Directory Integration 219 The Need for Directory Integration 220 Security Concerns 220 Brief LDAP Overview 221 LDAP Setup on ESA 223 Advanced Profile Settings 225 Basic Query Types 226 Recipient Validation with LDAP 227 Recipient Routing with LDAP 229 Sender Masquerading 230 Group Queries 231 Authentication Queries 233 AD Specifics 233 Testing LDAP Queries 234 Advanced LDAP Queries 234 Troubleshooting LDAP 239 Incoming and Outgoing Mail Policies 241 Group-Based Policies 241 Group Matches in Filters 241 Other LDAP Techniques 242 Using Group Queries for Routing 242 Per-Recipient Routing with AD and Exchange 244 Using Group Queries for Recipient and Sender Validation 244 Summary 245 Chapter 8 Security Filtering 247 Overview 247 The Criminal Ecosystem 248 Reputation Filters and SenderBase Reputation Scores 248 Enabling Reputation Filters 249 Reputation Scores 250 Connection Actions 250 HAT Policy Recommendations 250 IronPort Anti-Spam (IPAS) 251 Enabling IPAS 252 IPAS Verdicts 253 IPAS Actions 254 Content Filters and IPAS 255 Recommended Anti-Spam Settings 257 Spam Thresholds 257 Actions for the Bold 258 Actions for the Middle-of-the-Road 258 Actions for the Conservative 258 Outgoing Anti-Spam Scanning 259 Sophos and McAfee Antivirus (AV) 259 Enabling AV 260 AV Verdicts 262 AV Actions 263 AV Notifications 263 Content Filters and AV 264 IronPort Outbreak Filters (OF) 266 Enabling OF 267 OF Verdicts 267 OF Actions 268 Message Modification 269 Content Filters and OF 270 Recommended AV Settings 270 Incoming AV Recommendations 271 Outgoing AV Recommendations 272 Using Content Filters for Security 273 Attachment Conditions and Actions 273 Filtering Bad Senders 276 Filtering Subject or Body 277 Summary 278 Chapter 9 Automating Tasks 279 Administering ESA from Outside Servers 279 CLI Automation Examples 280 SSH Clients 281 Expect 281 Perl 283 CLI Automation from Microsoft Windows Servers 285 WUI Automation Examples 287 Polling Data from the ESA 287 Retrieving XML Data Pages 287 Using XML Export for Monitoring 290 Pushing Data to the ESA and Making Configuration Changes 292 Changing Configuration Settings Using the CLI 293 Committing Changes Using the CLI 295 Changing Configuration Settings Using the WUI 296 Committing Changes Using the WUI 298 Retrieving Reporting Data from the WUI 298 Data Export URLs 299 Other Data Export Topics 302 Example Script 305 Summary 308 Chapter 10 Configuration Files 309 ESA and the XML Configuration Format 309 Configuration File Structure 310 Importing and Exporting Configuration Files 313 Exporting 314 Importing 315 Editing Configuration Files 316 Duplicating a Configuration 317 Partial Configuration Files 318 Automating Configuration File Backup 320 Configuration Backup via CLI 320 Configuration Backup via WUI 321 Configuration Files in Centralized Management Clusters 323 Summary 325 Chapter 11 Message and Content Filters 327 Filtering Email Messages with Custom Rules 327 Message Filters Versus Content Filters 328 Processing Order 331 Enabling Filters 332 Combinatorial Logic 332 Scope of Message Filters 333 Handling Multirecipient Messages 334 Availability of Conditions and Actions 334 Filter Conditions 334 Conditions That Test Message Data 335 Operating ... |
内容加载中,请稍后...
商品评论(0条)