 |
 |
 |
|
 |
Barbican eDoS - CyberWarfare Defense against the transport vehicle: SpamThe intellectual property of this product is globally protected.Another form of creating e-Mail Denial-of-Service (eDoS) conditions, as well as providing a transport vehicle for Malware content in the forms of Virii, Worms, and Phishing Schemes, is Spam (unsolicited broadcast of commercially or politically motivated e-mails). eDoS goes hand-in-hand with the other two forms of Denial-of-Service attacks, dDoS and vDoS. OverviewThe widespread transmission of unsolicited broadcast email (UBE), commonly called "Spam", is a tremendous burden upon businesses and individuals worldwide.The BarbicanTM Email Denial of Service Protection Appliance (Barbican eDoS) is a member of Melior's Barbican family of products that defend our customers' networks against attacks, intrusions and exploitations by outside parties. Barbican eDoS is specifically designed to protect electronic mail servers that use the Simple Mail Transport Protocol (SMTP) from the daily bombardment of "Spam" email. Barbican eDoS is available as a stand-alone technology element or as an add-in for the Barbican Real-time Network ProtectionTM (RNP) device. The exact configuration will be determined depending upon the customer's specific needs (network traffic load, network topology, email traffic volume, etc.). PurposeBarbican eDoS provides a Connect-And-Forget solution to the problem of UBE.Customers who protect their email servers with Barbican eDoS can typically expect that at least 98% of incoming UBE directed against their users will be intercepted and disposed of according to their wishes. Additionally, various other types of hostile activities, such as account database dictionary attacks and SMTP AUTH attacks will be mitigated or eliminated. Optionally, executable files contained in message bodies (which are potentially virus/worm/trojan files) may be deleted or quarantined. DeploymentBarbican eDoS stand-alone is a rack-mounted (1U) device that is connected as a transparent, undetectable device between one or more SMTP servers (the "protected" servers) and the Internet.
Typically the device has three Ethernet interfaces - an "outside" interface (where packets arrive from the global Internet), an "inside" interface (connected to the network segment in which the protected server(s) will reside) and an administrative interface used for configuration and reporting purposes. OperationAfter installation and activation, Barbican eDoS intercepts all incoming communication on TCP/IP port 25 (SMTP) and selectively relays this traffic to the local destination server(s), depending upon the result of its inspection of the traffic and the disposition instructions that the customer has established. Traffic that has been identified as UBE may be discarded, rejected, held in quarantine or sent on with a "considered to be spam" tag embedded in the message.UBE IdentificationBarbican eDoS uses a multi-tiered approach to the identification of desired email traffic and the concomitant elimination of undesired email traffic. The intent is to make the identification at the earliest possible point in the SMTP transaction in order to reduce the consumption of the customer's network bandwidth and computing resources to the lowest practical point.OriginThe Internet Protocol (IP) address of the delivering host is checked against local and external resources. The test order is:
Envelope Elements
Header elementsThe customer may optionally specify that Melior-supplied and/or customer-defined lists of message header element patterns will be used to qualify messages for acceptance/rejection (whitelist/blacklist).URL references in message bodiesMost spam messages are sent in order to entice the recipient into visiting a web site. Using a patent-pending algorithm, Barbican eDoS examines the body of each incoming message to determine whether any URLs reference sites that are identified as Spam-related. Messages having such references are identified as UBE.DispositionThe customer has several options with respect to the disposition of a message identified as "Spam":
AdministrationThe administrative Ethernet interface gives the customer two methods for configuring and maintaining the device: a command-line interface using the TELNET protocol, and a web-based configuration tool using HTTP.Instrumentation and ReportingBarbican eDoS devices transmit status and operational information to a customer-specified destination using the "syslog" protocol. These may be analyzed and used to generate reports by a customer-provided application, or by Melior's Central Reporting System product.Operating ResourcesThe Barbican eDoS device makes its determination of the spam/non-spam status of each message based upon information and rules supplied by Melior and by the customer.Melior-provided Data SetsBarbican eDoS automatically acquires and employs a large and sophisticated database provided by Melior. This database includes information supplied by the Spamhaus Project as well as proprietary data sources developed by Melior or acquired on an exclusive basis by Melior.Local Data SetsThe customer may configure Barbican eDoS to use a wide variety of whitelists and blacklists, as well as a supplementary set of DNS blocking lists of the customer's choice.Data Set DistributionMelior transmits information necessary to the operation of Barbican eDoS using specially-formatted email messages addressed to the registered contact account at Customer's location.Barbican eDoS recognizes and intercepts these messages, so the contact person never sees them unless Barbican eDoS is out of service. A public-key cryptography system is used to protect and authenticate certain classes of information. Anti-Spam Technique ComparisonThe anti-Spam product market place is fairly fragmented with few dominating players. Product offerings generally take the form of one of three designs:Appliances, Proxies and Locally installed software. Appliances hold the smallest market share, while arguably the most effective in stopping Spam, though there are few dominating players. There is a large fragmentation of the market over a number of very small players. The appliances tend to be larger, PC-based platforms with considerable overhead in the administration and care of these systems, lending themselves to configuration issues and other problems. The Melior ConfigFree Barbican eDoS system provides for basically no installation overhead resolving this barrier to implementation. Typically an appliance is installed on the network, given an IP addresses, set up to connect to the local mail servers and tested. Changes are made to the DNS systems to bring incoming mail over to the appliance itself, which then stores and forwards the email to the local mail system. This exercise has a considerable places for human failure and any such mis-configuration will result in delays or loss of legitimate email. With ConfigFree Barbican eDoS there is only optional setup steps. The Melior eDoS product is a un-plug and plug in setup [Unplug and play!]. The user simply unplugs their mail server's Ethernet connection and plugs that into the eDoS product. Then they plug the eDoS product into the Ethernet connection, register their eDoS box and that's it. The Melior, Inc. eDoS product goes instantly to work protecting the customer's email. Proxy systems work by having all email sent to a far away place for filtering and scanning. Once they have determined the legitimacy of the email, they then send it on to the local email system. Proxy systems have a number of failure points; network, equipment, configuration and so forth. Like an appliance, they are hard to set up, hard to maintain, except, and unlike an appliance, all the customer's email is sent to a distance server before coming to the customer. Local software applications have the largest market share. Outside of the Melior eDoS product, they are the simplest to install. Generally installation is accomplished by installation of software and giving someone a credit card number (for periodic updates). These systems are simply and frequently compromised. There is an old adage about protecting the fort with the guns on the inside, and that holds true here as well. While initially effective, most people report a decline in effectiveness over time as the system is slowly compromised. Frequent updates and periodic re-installations are needed to maintain system functionality. This is especially true in a non-stand-alone environment (where other software is running, web, file services etc) on the same equipment. Availability and PriceMelior has not released an availability and shipment date for the Barbican eDoS product; however expects to release the product in 2005.Pricing for the unit itself, the mandatory service and maintenance agreement (as with all Barbican products), and the monthly cost for the Melior data feed for Spam & Phish databases, has not been publicly announced. Please keep me informed about Melior's Barbican eDoS product. |
|
© Copyright 1987 - 2006 Melior, Inc. - CyberWarfare Defense
Trade- and Servicemarks, Copyrights, and Patent-Pending Protection is effective in WTO countries.
v 09082010-2046 NetGroup GmbH Dortmund/MEZ