Five mistakes users make when securing e-mail

Jeff Brainard, Mirapoint Inc.   Today’s Top Stories    or  Other Software Stories  

Why SaaS is Vital to Email and Web Security Virtualization: HP's approach to solving customers needs Web Security SaaS: The Next Generation of Web Security Compliance By The Numbers - Addressing Requirements with Online Document Management and Collaboration Technology Optimizing Virtualization Success with Facts and Transparency Sign up to receive Security Resource Alerts

July 19, 2004 (Computerworld) -- E-mail has become an important application on corporate, service provider, education and government networks, and securing it is equally important. Although some things in life can work 90% of the time and it's good enough, customers' dependence on mission-critical e-mail communications requires that the right e-mail security solutions work 100% of the time at the highest levels of effectiveness.

Accordingly, when organizations select and deploy what they believe is the right solution, they need to follow certain guidelines to prevent mistakes that could jeopardize the whole network.

Here's a list of top mistakes that many customers make regarding e-mail security:

1. Running security software on an insecure operating system
Insecure operating systems like Microsoft Windows or even Sun Microsystems' Solaris have many public exploits that hackers can take advantage of and technical documentation for the world to see. Many administrators deploying these products at the edge of their networks forget to harden the operating system from attack. The result is that hackers can seize control over executable environments that are left available, ports that are left open and services that are left running for non-e-mail applications such as FTP or Telnet.

2. Using only desktop antivirus and antispam software
Many companies think desktop software solves the problem. However, this approach creates the problem of junk mail and malicious e-mail that traverses the internal network creating significant risk of exposure and then gets to the core mail server where it wastes storage and process resources. Desktop software is often controlled by the end user and can be disabled, or it may not be updated often enough to yield the highest levels of protection. By using an e-mail security gateway appliance, end users need not worry about desktop-based updates or installations because security is done by the IT department and through intelligent, self-updating appliances within the network.

3. No outgoing protection
With many viruses propagating via e-mail, no business wants to let spam containing a virus like Sobig to get sent to its partners, suppliers or customers. Some customers, such as service providers or educational institutions, also need to watch out for the "spammer" within their network. Outgoing filtering can reduce these risks. In addition, using filtering and policy enforcement features can prevent leaks of sensitive information and filter out inappropriate content such as profanity or harassment.

4. No redundancy of gateway
Your home alarm system is effective only if it's working properly. It's the same with e-mail security: It needs to be running and providing protection around the clock. The right solutions need to have built-in reliability and system redundancy to recover from a power loss and to ensure that no critical e-mail messages are lost or corrupted.

5. No logging or reporting
Just as companies can view employee activity on the telephony network using call records from bills, the same approach should be applied to e-mail, so managers and IT administrators can get a bird's-eye view into e-mail activity. IT managers should know who is sending large volumes of outgoing e-mail, who is sending e-mail to competitors or who is having inappropriate communications with other employees or outsiders via e-mail. This is especially important for regulatory compliance and increasing corporate liability concerns.

Jeff Brainard is a senior manager at Mirapoint, a provider of e-mail server and security appliances based in Sunnyvale, Calif.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"Oh, glorious FCC! Bringer of upcoming products. Thank you for the gift we've just received......." Read more... "A video is making the rounds showing how Vista SP1 has significantly improved Vista's immensely annoying User Account Control (UAC)...." Read more... Read more Software posts or See all Blogs

Mozilla launches Firefox 3.0 RC1 early Microsoft: Don't misunderstand UAC, other Vista features HP confirms XP SP3 endless reboot snafu, promises patch More top stories...

Microsoft pulls Windows Home Server backup feature Yahoo tells Icahn that its own board knows best Tools circulate that crack Debian, Ubuntu keys

Shuttle Columbia's hard drive data recovered from crash site Specialists have retrieved about 99% of the data on a disk drive on board the crashed space shuttle Columbia. Don't miss the photographs of the recovered drive. The top 15 vaporware products of all time These big ideas were supposed to revolutionize technology, but they never actually appeared. In a few cases, you'll be glad they didn't. Opinion: Malware vs. anti-malware, 20 years into the fray Nearly 20 years after the first Internet worm, Steven J. Vaughan-Nichols takes stock of the malware/anti-malware landscape and spotlights how the two sides are approaching the battle. Leopard at six months: Does it live up to the early hype? Though some thought it was released too soon, Mac OS X 10.5 has matured into a solid operating system, says reviewer Michael DeAgonia. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 2 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone See your link here

Computerworld Technology Briefing: An open-source path to optimal virtualization Download this Technology Briefing now! (Source: Novell/IBM/Intel) Looking for a virtualization strategy that offers both the flexibility and reliability to meet the demands of mixed-source environments? Look no further than the fast-emerging open virtualization approach backed by some of the biggest names in enterprise computing. Together they are pointing the way toward higher data center performance without higher costs. Download this executive briefing  E-Mail As a Service: Time for Another Look? E-Mail As a Service: Time for Another Look? Download this webcast, compliments of Google. Go to the webcast  Top 10 Reasons to Go Green in IT Get this white paper now! (Source: Verdiem) With fast facts and figures, this free e-booklet details the significant savings you can expect from a greener IT department. Plus: how sustainability can improve employee and customer retention, boost IT performance, even protect against energy price fluctuations. Download your copy of this e-booklet now. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Securing Financial Services Beyond the Perimeter Intercept Spam & Viruses With MessageLabs Meeting PCI Compliance with SonicWALL Global Management System View more whitepapers

• Mozilla launches Firefox 3.0 RC1 early
• Microsoft: Don't misunderstand UAC, other Vista features
• HP confirms XP SP3 endless reboot snafu, promises patch
• More top stories 

ITIL Best Practices Zone BMC provides the ITIL solutions you need to drive business value through better management of technology and IT processes. Learn more in the BMC ITIL Best Practices Zone. Learn more in the ITIL Best Practices Zone See All Zones



In Depth: Apple's Leopard leaps to new heights A refined look, revamped apps and new options build on an already solid OS foundation. Read more...



Eliminate Hidden Processes that Sap Up to 40% of Developers' Time Are time constraints pressuring your development, QA, and support resources to cut corners on software quality? If so, your company's not alone. According to a commissioned study conducted by Forrester Consulting on behalf of BMC Software, "...problem resolution is a major time-sink for developers and a drain on the efficiency of application development and support." Watch this webcast now!  See more Webcasts



Best Places to Work in IT Where can you earn top dollar, get the best benefits, the latest IT and more? Find out in our 14th annual survey.