Archive for May, 2009

Don’t Block IM, Control it!

Saturday, May 23rd, 2009

We’ve just released the latest in our ‘securing social media’ series of guides for IT managers, this time on how to secure instant messaging (IM) services.

We are often asked by IT managers whether they should ban IM completely. It’s pretty hard to do that these days, with the number of business using platforms like Skype, which have in-built IM functions, or who use Facebook (also with inbuilt IM) or other chat services to contact customers or remote workers.

Securing IM is actually pretty simple, and doesn’t have to cost the earth. The biggest threat (as with so many things) is from employees clicking on malware-infected web links, shared over IM.

The most important things IT managers can do to reduce the risk are:

  • Control which IM platform employees can use and make sure they update it when new releases are available – they often include security updates
  • Set user guidelines and educate employees about the risks, such as never clicking on links, controlling who’s on your contact list, logging off at the end of a session and not sharing personal details
  • Keep security (anti-virus and firewalls) updated to protect against the inevitable times when an employee will inadvertently click on a bad link
  • Set your security to secure all outgoing communications, including IM, as well as incoming communications. If you just block an application, it will often find a way through a firewall – either using ‘tunnelling’ software, or by searching through all available ports until it finds one open. If you configure firewalls to block all outbound connections except those to secure proxies, this forces all web access (including IM) through a gateway security system.

IM is too widely used for companies to ignore it these days. I hope that the guide will be useful – we welcome feedback on it, and the others in the series.

It’s available to download free, here.

Posted in Security | Comments Off

A thorn in the side of spammers?

Monday, May 18th, 2009

We’ve just gone live with what we think is a game-changing anti-spam system, eMail Relationship Manager. This week, we’re rolling the new system out across all our clients; our beta tests over the last four months have shown that the new system will almost entirely eradicate spam (99.5 per cent, as opposed to the usual 95-98 per cent of current spam filters).

It has become clear that existing methods for identifying and blocking spam – broadly speaking based on message content analysis, challenge response and sender reputation – are untenable, and the problem is now at a scale where it is causing real problems for email users and anti-spam systems. Given the volumes of spam sent these days, 95-98 per cent effectiveness just isn’t enough.

So, we started working on a new system that changes the way spam is classified, detected and treated, by applying learning from the behaviour between a message sender and recipient. This is in addition to, and not instead of, the usual filtering techniques. eMail Relationship Manager analyses historical information about the relationship between sender and recipient, checking against a central database that is updated continually, to judge the likelihood of an email being spam. Each email is given a score, based on the trust and strength of the relationship between sender and recipient, and message type. The usual content and reputation analysis is then applied to that message. If a message of a trusted sender is identified as displaying unusual behaviour, like coming from the wrong country, then the system will flag this up as a change in behaviour and adjust the score returned appropriately.

The only real way to combat spam is to chip away at the incentive for spammers to send it. If they have to prove a trusted relationship between a sender and recipient, then it’ll make their job that bit harder.

Posted in Developments | Comments Off

Securing Email

Friday, May 15th, 2009

It has been a problem we have had for a while: how to make email more secure.  It is definitely something that continues to be a discussion point and so it should be.  The information that is sent across the internet is increasingly of a sensitive nature.  Currently, people rely on obscurity to keep their data safe.  But with progressively more intelligent search engines available (www.autonomy.com springs to mind) that can churn through vast amounts of data – let alone email – and make sense of it, it is something that needs to be addressed.

We are seeing encryption being provided already in client-side solutions like S/MIME and PGP, but these rely on individual users to manage it. As any IT manager will tell you, this is far from perfect.  Some cloud producers like Mimecast and Webroot are now building this into their proprietary systems. This is great for their users and their correspondents, but requires the end user to decide what to encrypt.

However, another approach is to let the gateway device encrypt what it can.  So by using STARTTLS for instance, this is already possible and an increasing number of MTA’s support this.  Using opportunistic encryption, STARTTLS-enabled devices can make an encrypted connection if the remote end is set up to accept it.

The problem, as ever, is getting everybody to adopt it.  Anecdotal data suggests that anywhere from 20% to 60% of email servers are capable of implementing this: so one fifth of all email could be sent encrypted over the internet if people chose to implement it.  So the question is, why don’t we?

I tend to believe that the reason is that we have got used to unencrypted email. It is the dead body in the room – at first it was a concern, but we have got used to the smell now and we just naturally avoid it.

Really, STARTTLS is easy to implement, but how to fit it into your day?  If you have a managed service you can just delegate and get on with your real work, not so easy if you have to bone up on it and then deploy it.

Once a certificate has been purchased which requires a yearly subscription, its pretty much free if you have the right software implementation and if it is opportunistic then you only gain when a remote end is capable of it.

It should be mentioned that while the destination is effectively authenticated by the TLS certificate, the author is not.  So it is not a solution to Spam, hoaxes or similar -but just being able to know that your email is more secure across the internet should be a huge motivator.

Posted in Information | Comments Off

Launch of New Customer Portal

Monday, May 11th, 2009

Tomorrow  (12th May 2009), Network Box will be launching a new Customer Portal (Box Office) providing customers with a single, powerful web-based user interface for the management of one or more Network Boxes, at a country, regional or global level.

The new Box Office Customer Portal will provide real-time status of Network Box devices and, as before, allows for formalised two-way communication with the Network Box Network Operation Centres (NOCs) responsible for monitoring and configuration of the equipment and network.

Users will be able to monitor their network security via a single overview page showing a world map marking all Network Box installations, Virtual Private Networks (VPN) and management links. The map is customisable and can show boxes, Internet connectivity and VPN links. Pop-up displays allow the user to summarise device status, and hot-links are provided for connection to other parts of the network.

Please note that this migration will take place between 00:00 GMT and 02:05 GMT where there maybe upto 5 minutes of outage time. PUSH updates and NOC service/support will not be affected by this.

Five core modules
The portal offers five core modules to users.
1.    Ticketing – this shows customers and NOC initiated tickets and their status. This forms the primary communications channel between the customer and the NOC as it provides formalised issue tracking, Service Level Agreement (SLA) conformance, and authenticated access control to change and configuration requests.  Also included is a deployment survey module, that allows users to track the information requirements stage of deployments, including gathering the information necessary for deployment, using online collaborative tools.
2.    Inventory – this shows box ownership and status and includes a health module, which is connected to the Network Box Global Monitoring System (GMS), to show box, gateway and VPN link health status.
3.    Licensing – showing the SLA agreements and contractual arrangements
4.    Workload statistics – showing box workload and trend analysis
5.    User management module – permitting designated customer administrators to view and maintain Box Office user accounts themselves (without requiring NOC involvement). This module permits the customer greater control of management of the team supporting global deployments.
For more information on the new portal, there is a user manual (4.4MB) here.

Posted in Developments | Comments Off