www.novell.com

Protecting GroupWise® from Viruses and Security Threats Using GWAVA

Protecting GroupWise® from Viruses and Security Threats Using GWAVA

Charles TaiteCTOBeginfinite, Inc.charlest@beginfinite.com

Howard TaylerGroupWise Product ManagerNovell, Inc.htayler@novell.com

Who Is Beginfinite Inc.?

• Focused exclusively on GroupWise® security

• Developers of GWAVA (formerly MTASieve)

• Offices in Canada and USA

• Products available worldwide through resellers and distributors

The Cost of E-Mail Security Breaches

“In 2001, e-mail viruses, worms and trojans caused worldwide damages worth $13.2 billion”

Computer Economics, January 2002

What Are Businesses Doing About It?

“According to Forrester Research, an average of .0024% of revenue is being spent on IT security. That’s a little bit less than what most companies spend on coffee.”

-Richard A. ClarkeChair of the President’s criticalInfrastructure Protection Board

and Special Advisor to thePresident for CyberSpace Security

Put GWAVA on the Case

GWAVA scrutinizes every message that passes through your GroupWise MTAs…

• Providing eSecurity Policy Management for Virus protection Spam prevention Content control Bandwidth control

How GroupWise Works

Traditional file scanning is useless because GroupWise stores all messages in an encrypted database

A virus can move freely around your GroupWise system because it cannot be scanned

Other products that claim to protect GroupWise are really designed generically for SMTP—It’s like posting a guard outside your front door, but who’s watching the interior and your back door and your windows?

This image depicts a virus (green line) successfully traveling from “LA 2” to “NY 2”;It is never scanned because it never passes through GWIA—This system is not fully protected because scanning only occurs at the edge of your network

How Generic Gateways WorkVirusVirusblockedblocked

VirusVirusblockedblocked

VirusVirusdelivereddelivered

Urban Myth…

“Wait a second, we don’t use Outlook. Aren’t we immune to viruses?”

—What many of you are thinking

Security Backdoors—MAPI

Outlook and Office can access the GW address book via MAPI

Example:Badtrans was one of the most successful viruses in 2001—It spread using MAPI

Security Backdoors—MAPI Top 50

Here’s a short list of MAPI-capable viruses:

W32.NavidadVBS.Sargo.A@mm.intVBS.Breberka.A@mmVBS.Breberka.B@mmVBS.Elva.WormW32.Badtrans.gen@mmVBS.Trappy@mm VBS.VBSWG.BVBS.VBSWG.AFVBS.NoonW32.Badtrans.B@mmVBS.Haptime.B@mmVBS.Haptime.C@mmW32.XTC.WormW32.Modnar.Worm@mmW32.Abotus.Worm@m

VBS.Emin.A@mmW32.Finaldo.B@mmWorm.ExploreZip.CWorm.ExploreZip(pack)JS.Olvort.A@mmJS.Congrats.A@mmW32.Nimda.A@mmWorm.ExploreZip.BW97M.PieceW97M.Melissa.AUW97M.Melissa.AMW97M.Afeto.A@mW32.WinExt.Worm W32.SouthPark.WormW32.Navidad.16896W32.HLLP.Scrambler.F

W32.HLLP.ScramblerW32.Allgro@mmVBS.Pleh.A@mmVBS.LoveLetter.CHVBS.LoveLetter.BJVBS.Futonik.A@mmVBS.FreelinkVBS.Catfish@mmVBS.BubbleBoyJS.Prawn.A@mmW32.Yarner.A@mmW97M.Melissa.WW97M.Melissa.AVBS.Plan VBS.Loveletter.ASVBS.Kelly.A@mm

Security Backdoors— Web Mail

VirusVirusdelivereddelivered

VirusVirusdelivereddelivered

VirusVirusdelivereddelivered

How many people check their personal web mail from work?

Security Backdoors— Blended Viruses

VirusVirusdelivereddelivered

VirusVirusdelivereddelivered

VirusVirusdelivereddelivered

NIMDA was a blended virus that also attacked web servers and penetrated networks through browsers

VirusVirusdelivereddelivered

VirusVirusdelivereddelivered

VirusVirusdelivereddelivered

MS Outlook is embedded in recent versions of Windows and may be in use on your network… whether you allow it or not

Security Backdoors— (un)Authorized Outlook Usage

Since  GWAVA was designed from the ground up for GroupWise, it can run as a NetWare Loadable Module™ on all of your Message Transfer Agent servers. Both Internet AND inter-office traffic must pass through your MTAs. It’s like having a guard in every hallway of your building. GWAVA can prevent a virus from spreading beyond a single post office.

In this image viruses cannot travel to other post offices because they are scanned by GWAVA when they pass through the MTA

How GWAVA Works

VirusVirusblockeblockedd

VirusVirusblockedblocked

VirusVirusblockedblocked

VirusVirusdelivereddelivered

VirusVirusblockeblockedd

As messages pass through the MTA, GWAVA temporarily moves the message (and attachments) to a quarantine zone, where they can be scanned for policy violations

Since GWAVA essentially exposes attachments in the quarantine zone, GWAVA makes it possible for you to use your existing AV NLM to scan the attachment

Quarantine and Filtering

Anti-Virus Strategy Using GWAVA

“562 million e-mails and 2 million viruses are carried by the Internet each day”

-IDC/Barrings

Anti-Virus Strategy Using GWAVA (cont.)

Virus scanning

Address blocking

Size limits

Attachment blocking

Content filtering

Tight integration with traditional AV NLM™ allows GWAVA to protect GroupWise from known viruses

Blocking file types known to carry viruses (i.e. VBS, SCR, COM, PIF, EXE…) can protect GroupWise from outbreaks of unknown viruses

Anti-Spam Strategy Using GWAVA

Viruses and spam have a lot in common…

• They target your inbox with unwanted messages• They can tie up e-mail servers with excessive traffic• They tempt you to click an attachment or link

Spam is a very subtle and gradual virus infection that is slowly degrading your

GroupWise system

Anti-Spam Strategy Using GWAVA (cont.)

Virus scanning

Address blocking

Size limits

Attachment blocking

Content filtering

A traditional approach to combating spam that rejects e-mail arriving from specified address or domains (i.e. block all mail from “abroller.com”)

Spammers may change their addresses/domains on a regular basis. Content filtering can block spam from both known and unknown sources (i.e. block mail containing the phrase “loose weight”)

E-Mail Usage Policy Using GWAVA

“The biggest threats to security may already be inside your network”

-Anne Chen, eWeekk km

E-Mail Usage Policy Using GWAVA (cont.)

Virus scanning

Address blocking

Size limits

Attachment blocking

Content filtering

Prevent confidential information from being shared with your competitors Control bandwidth usage by limiting attachment sizePrevent the exchange of non-business related materials (i.e. *.MP3, *.AVI, *.JPG…)Block confidential terms or inappropriate language

GWAVA Versions

Standard Edition• Virus scanning• Attachment blocking • Size limits• Content filtering• Anti-spam• Stand-alone management

Enterprise Edition • Virus scanning• Attachment blocking • Size limits• Content filtering• Anti-spam• Multi-server management

• ConsoleOne® snap-in

How To Contact Us

• Phone: +1 514 639 4850 Option 4 1-866-GO-GWAVA

• E-mail: info@beginfinite.com• Web: www.beginfinite.com

demonstratio