Indeed. * *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Fri, Jan 27, 2012 at 11:19 AM, Kevin Lundy <[email protected]> wrote: > You could also look at something like the Ironport, which includes some > very basic DLP capabilities. > > Broadly speaking, DLP is not a quick project. It could easily take a year > to properly scope, evaluate, plan, test, and deploy. > > On Fri, Jan 27, 2012 at 11:01 AM, Kurt Buff <[email protected]> wrote: > >> For an email gateway to protect your Exchange infrastructure >> (including antispam and antivirus), and which can be put in the DMZ, >> there's an open source project called Maia Mailguard. Commercial >> alternatives include Barracuda's offerings. >> >> On Fri, Jan 27, 2012 at 07:32, [email protected] <[email protected]> wrote: >> > I am figuring on putting somekind of smtp/owa forwarding device in the >> dmz. Leave Exchange 2003 or even 2010 out of the DMZ but off my core >> tellering (SQL server) LAN as well just to apease them. >> > >> > VPN is currently Cisco anyconnect. I am going to add some kind of >> multi factor and ACL to the firewall for those that do get access. As well >> the software or agent that verifies windows updates and virusscan patching >> prior to authentication. >> > >> > Looking at DLP now. Currently all I do is look at outgoing emails. So >> anything more will be better. >> > >> > >> > >> > -----Original Message----- >> > From: Kurt Buff [mailto:[email protected]] >> > Posted At: Friday, January 27, 2012 10:04 AM >> > Posted To: [email protected] >> > Conversation: DLP, SIEM, Network Access Control, VPN multi factor >> authentication, Moving Exchange into a DMZ >> > Subject: Re: DLP, SIEM, Network Access Control, VPN multi factor >> authentication, Moving Exchange into a DMZ >> > >> > DLP is way more than just restricting access to removable devices. >> > http://code.google.com/p/opendlp/ >> > >> > VPN access restrictions such as you mentioned are a good thing. There >> are open source two factor auth solutions. >> > >> > Exchange doesn't go in a DMZ >> > >> > On Fri, Jan 27, 2012 at 06:46, [email protected] <[email protected]> >> wrote: >> >> >> >> >> >> Ok, so we have had a NCUA IT audit and some of the recommendations are >> >> as >> >> follows: >> >> >> >> >> >> >> >> Data Loss Prevention (DLP) >> >> >> >> The Credit Union should have the the ability to use USB storage >> >> devices, DVD, and CD drives turned off unless required. With some for >> >> of alerting if a user is trying to use those devices without >> permission. >> >> >> >> >> >> >> >> Security Information and Event Management (SIEM) system >> >> >> >> The Credit Union should have a SIEM system in place to consolidate >> >> logs from all devices and applications, encrypt those logs, have real >> >> time alerting, and compliance reporting. >> >> >> >> >> >> >> >> VPN access >> >> >> >> The Credit Union should have Network Access Controls such as scanning >> >> the connecting machine for correct configuration prior to allowing >> >> access to the network, some kind of multi factor token or device, and >> >> a more detailed access list on the VPN client area of the firewall. >> >> >> >> >> >> >> >> DMZ >> >> >> >> The Credit Union should move the Microsoft Exchange server into a DMZ >> >> of the firewall or industry best practice for proxing email traffic >> >> into and out of the DMZ to protect the Credit Union's internal network >> >> if a breach occurs on the email system. >> >> >> >> >> >> >> >> With all of this being said, can you get me some vendor information >> >> about about each of these areas. It can be freeware, it can be >> >> appliances, it can be anything that is easily managable. >> >> >> >> And Management is looking for a quick turn around on this so >> >> whitepapers and recommendations first. >> >> >> >> >> >> >> >> This is what I sent my software vendors. Did I ask the right >> questions? >> >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
