In message <[EMAIL PROTECTED]>, Jim McLeod writes:
Hi Jim,
>
>With all the problems recently due to the ILU virus and subsequent variants,
>our IT management has been looking into possibly outsourcing virus scanning
>of our e-mail to companies such as mail.com and www.messagelabs.com. My
This looks like a huge step back security-wise. Now, not only don't
you have complete control over your e-mail system anymore, you have
also opened a huge hole in your system.
As most today's business's rely on e-mail and as more and more
confidential data traverses the 'Net as various attachments, mostly
unencrypted, your IT management has allowed possible industrial spies
a new point-of-snooping.
I am not saying that the company you are (will) outsource
virus-scanning in e-mail isn't doing their job (and that is *ONLY*
virus-scanning, you don't pay them to make sure your e-mails aren't
tampered with while on their servers, right?) well.
>MTA and their MTA in the clear making it so much easier for someone to
>snoop. Am I being overly paranoid? We have no control over the path between
>the two end points in between our MTA and theirs and I would suspect that
>the path would be fairly consistent and anyone within that path would have
>access to snoop it. At least with our protected MTA being the MX for our
>domain, our end is the only constant making it more difficult to access for
>snooping. Also, as encryption becomes more and more prevelant, this outsourcin
>g
>solution becomes totally useless.
>
I'd be more affraid of someone
snooping/altering/deleting/delaying/you-name-it your e-mails on your
outsourcing site. Yes, I guess I am a bit more paranoid than you, but
just imagine what would happen if there is an important message for
your CEO, that is conveniently delayed for a day or two, so that your
competition can overtake a deal that seemed set just a day ago. Or,
that some important e-mail is altered if it's not encrypted or have
random bits mangled if it's encrypted, all in order to delay decision
making.
There are many possiblities to tamper with your e-mail messages and
your e-mail outsource can have a plausible reason for delays/tampers
ready: "The virus scanning software made a mistake, we have already
contacted the virus scanner vendor and they are looking into it."
>My suggestion has been to utilize the new Mail Filter API provided in our
>current MTA, sendmail, to interface with various virus scanning software
>such as McAfee's vscan. As we move into encryption, we can move to
>Sendmail's SecureSwitch and continue to content and virus scan email before
>it's encrypted when sending and after it's encrypted when receiving. Again,
>this builds upon our current e-mail infrastructure.
This sounds like a reasonable reaction to latest virus hysterias,
however you should look moe for proactive solutions, even if it means
banning certain software that is known to bring more trouble than it's
worth. It would be funny if it wasn't such a tragedy, how people can
easily adopt to all the bugs and lacks of security in computer
systems, while expecting 100% security everywhere else.
Saso
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
