Free! Registration is required.
High-speed Internet access has become ubiquitous across small and large enterprises worldwide. Businesses acknowledge that Internet applications such as email, Web browsing, and instant messaging are essential ways to communicate with customers, suppliers, and partners. But with the opportunities that these applications provide come many risks and threats that an organization needs to address. This book explores these risks and discusses ways in which they can be reduced or eliminated by limiting inappropriate use, eliminating spam, protecting corporate information assets, and ensuring that the Internet is secure and available for authorized business purposes.
High-speed Internet access has become ubiquitous across small and large enterprises worldwide. Content, information and knowledge are the core of the IT business and the reason for existence. From financial institutions researching market trends to medical researchers worldwide collaborating efforts the Internet has been the largest single boon to communication since the Gutenburg press. Businesses acknowledge that Internet applications such as email, Web browsing, and instant messaging are an essential medium to communicate with customers, suppliers and partners. However, any technology brings with it risks and persons who misuse the technology to their own ends. Viruses abound, posing a threat to data integrity and system stability. "Black hats," or malicious hackers, take on as a hobby or vocation the destruction of security for a variety of ends and motivations. Viruses and spam are easily the two largest problems an administrator faces today and as each becomes more sophisticated the lines between them blur. This book explores these risks and discusses ways in which they can be reduced or eliminated by limiting inappropriate use, eliminating spam, protecting corporate information assets, and ensuring that this vital resource is secure and available for authorized business purposes.
To make sense of the various risks, this book will focus on specific applications used for legitimate and nefarious purposes, with the single largest one being email. Chapter 1 will cover topics such as unwanted content in the form of spam, malware, unauthorized system usage (such as checking personal mail from within the enterprise), and information security. We'll examine some specific recent threats in order to better understand the challenges faced.
Unwanted content, usually in the form of spam, has shown exponential growth and with that growth comes added costs and security concerns. Although there are many tools on the market to handle the problem, the niche is fragmented and addressing the problem adds more complexity to enterprise systems. Chapter 2 will help answer the question, What is an overworked administrator to do? It used to be that halting the spam onslaught was not too difficult; you'd set a few rules to look for key phrases and that was that. But the spammers have gotten sneakier of late, crafting their mails to defeat rules and filters. One of the most promising tools, Bayesian filtering, is rather easily defeated. Chapter 3 will look at the combination of technical approaches needed to provide a flexible solution.
With the tools, though, the administrator must be able to ensure that legitimate mail still gets delivered. When a legitimate email is processed by tools as spam, it is called a “false positive” and can have disastrous results in the enterprise; sales leads can be lost, important business information will be overlooked, timely issues will pass their deadline. Chapter 4 will address how any cure for the problem must have the ability to be fine-tuned for a given environment to alleviate losing legitimate or critical mail.
Many companies must have a solution that does not interfere with the many rules and regulations that affect them within their specific industry (such as the SEC for financial trading houses). In Chapter 5, we'll look at how the existence of those regulations almost demands that administrators craft an Acceptable Use Policy, or AUP, for mail and this can aid in battling the spam problem. In Chapter 6, we'll look at how an AUP can be extended to cover other areas of user interaction with the Internet to include Web browsing, instant messaging, chat forums, and other avenues. While tools exist to aid the administrator in controlling these against the backdrop of an AUP, more tools add more complexity to the enterprise. An integrated approach, one that gives the administrator overall control, is needed.
From spam to multi-megabyte Christmas greetings, from viruses to social-engineering exploits, the administrator must cover many bases to protect the enterprise. In Chapter 7, wwe'll discuss how to bring email content security and enterprise network management together to provide a single view of information security across an organization. In Chapter 8, we'll look at the benefits of an integrated approach, consistent policies, single-instance of users, and common administration.
-- Daniel Chenault