Category : Best Practices
Share NTFS USB Hard Drive on VMware vSphere/ESX 4
The other day, I was discussing virtualization in email security (for example, anti spam virtual appliance). One of the drawbacks of ESX (and ESXi) is the lack of support for external data storage (non Data Store). Of course, you can add a multitude of data stores, local and remote, and it is THE way to go. But I needed to be able to backup my virtual appliances to an external hard drive using NTFS (so that it can be read on my Windows machines). (Jun 29, 2010)
Interesting question from a customer: “Why should we block .EXEs?”
The majority of phishing attempts with drive-by-downloads try to entice you to download EXE files and run them locally. EXE files should always be blocked. You can open certain files on a case-by-case basis and in a very controlled fashion, but that’s the extent of it. (May 26, 2010)
Most Common Support Issue: Whitelist = Spoofed Spam
No one likes to see spam in their Inbox, especially when it comes from themselves! Users often get confused and even worry that their identity has been stolen. The main cause for this is that they have whitelisted their own email address to bypass scanning for outbound traffic. Users do not realize (or understand) that spammers can spoof their email address and send spam that appears to be from themselves. (May 14, 2010)
Deep header inspection: use with caution
Some anti-spam tools will actually look at the reputation of IP addresses in each of the received headers of an email. Reputation mechanisms usually involve multiple sources, e.g., DNSBLs and Honeypot-driven reputation services. (Apr 19, 2010)
Simple Admin Tricks: Quick & Dirty Monitoring
From time to time, you’ll need to monitor a port to see if there's a problem brewing. For smaller companies, it can be quite a chore to deploy some sort of commercial or open-source monitoring solution (e.g., NAGIOS-based stuff), when all you want to do is do some quick and dirty monitoring. (Mar 26, 2010)
Cool Tool: WinSCP
I just wanted to share with you a very useful tool that’s been around for a while now, and it helped me solve a problem on a customer’s machine. To properly investigate, I had to extract several logs from the customer’s server on a scheduled basis and have them FTP'd here so that I could keep tabs on the server's behavior. (Feb 26, 2010)
Blocked by RFC-IGNORANT ... Now what?
From time to time, customers wind up getting blocked by a seldom seen blacklist called "RFC-Ignorant." Unlike classical blacklists that are usually honeypot driven, this one is driven by people who have manually reported you as violating RFC. (Jan 22, 2010)
Welcome back, dear Customer!
Email Security product and solution vendors rely heavily on customer loyalty and retention. The recipe for achieving this is different for every company. What never changes is the total joy of winning back a customer that left for some reason, tried the competition and then returned. (Jan 15, 2010)
10 Resolutions You Shouldn’t Break This Year
It's that time of the year again..time to make (and break) resolutions. Here are some things to help you keep your email and network safe from malicious attacks. Resolutions you don't want to break! (Jan 08, 2010)
How do you fix a bad reputation?
In an earlier post, I had written about the various security measures to take to prevent losing your good reputation.But what happens if you find yourself on someone’s blacklist? What do you do? (Jan 06, 2010)
Spoofing: are you who you say you are?
Spammers often play games with the 'From' field but there are Internet standards that can help you easily determine whether the sender is who he claims to be. (Dec 11, 2009)
Reverse DNS checking: Is it safe to use?
Every time I do a setup with a customer, the question always comes up: Should we use Reverse DNS checking or not when configuring connection-level blocking security measures? (Dec 04, 2009)
You only have one reputation – don’t lose it
Having a bad reputation might have seemed cool when you were a teenager, but if your email server has been given a bad rap, it’s definitely UNcool – especially if your business depends on delivering email. Trying to get your reputation back can be time consuming and costly, so the best approach is to do your utmost not to lose it in the first place. (Dec 02, 2009)
Country-Based Blocking
Is it good or bad? Well the answer is "it depends." If your organization only operates within North-America, for instance, blocking the more prolific spam sources by country may be a very good way to reduce the amount of traffic hitting your MTA. (Oct 30, 2009)
Email Security Gateway Deployment: Avoid These Common Mistakes
Don't declare your primary mail server (MTA) as a secondary MX. (Oct 02, 2009)
SPF woes with third party services … a workaround.
Many people use SPF (Sender Policy Framework) as an anti-spoofing measure. They create an SPF record in their DNS zone for their domain. From time to time though, some customers will do business or use third party services that will send out Email on their domain's behalf and unfortunately, this will cause recipient MTAs to hard-fail or soft-fail these messages. (Sep 04, 2009)
Security Back to Basics
You can use Windows Routing and Remote Access (RRAS) for firewalling purposes. It's fairly simple to setup as well. (Aug 21, 2009)
