Checking the content of transferred data becomes more and more important.
The reasons for content control are threats and vulernerabilities as well as legal reasons.
There are two fundamental choices for checking content:
- Anti-Virus Software on Gateways, Fileserver, Mailserver and Clients
By deploying such a software, people try to block malicious code as far as possible.
At least the execution of malicious code on the PC or Server should be prevented.
Today's Scanners can also be cascaded.
The main reason for the use of such Scanners are real threads by viruses and worms, which
might be the reason for an immense damage (e.g. loss of data, loss of bandwidth,
time, espionage, ...).
Malicious Code can be recognized by Software from many manufacturers.
Some give an overall protection, others are specialized on subareas.
Today's Software mostly filters malicious code by pattern recognition, which is fast.
Recognizing this code by it's behavior is slower and used not too often.
So for most Software, the patterns have to be downloaded from the manufacturer and
to be distributed to every system.
Worms and viruses spread rapidly in the Internet.
That's a reason, why at least every hour the latest patterns should be downloaded.
So products, doing a download once a day, should only be used carefully and should
never be the only protection.
When cascading Anti-Virus Software (e.g. E-Mail-Gateway > E-Mail-Server > Client)
one should take care, not to deploy software from only one manufacturer.
In updating the patterns time is important. This time differs from manufacturer to manufacturer
- and there is never ever one of them the fastest.
So if there is a homogenious installation, it might happen, that just this manufacturer
is the slowest in publishing the latest patterns.
This might be quite a disadvantage for the security level and so this security measure
doesn't work as well as wanted.
- Content Filtering on Gateways
Due to several reasons, Content Filtering on Gateways for surfing in the World Wide Web (HTTP)
or for E-Mail (SMTP) is recommended. One example is "disturbance at the office".
In Germany, the ownership of some of such material is not allowed by law.
Other countries have similar laws.
Sometimes, the recording of such data is done automatically: Have a look at caches on Gateways or in Browsers.
This doesn't concern extreme data only, but also data beeing copyrighted like e.g. music (mostly MP3),
or films (mostly MPEG, DivX, or WMA).
Most filters for Content Control are installed on Gateways, but in future they will also
be installed on clients. This is necessery due to privacy: More and more data are transferred
encrypted (e.g. HTTPS/SSL, S/MIME, GPG, PGP) - and so the Gateway can't filter the content.
More and more filters for Content Control are also used to filter SPAM E-Mail.
Here one has to follow local laws, which might forbid to delete an E-Mail without notice to
the designated receiver. Or a law forbids to quarantine an E-Mail, because other people as the
receiver might read it.
So if a product is selected, the local law should be kept in mind.
An example for critical, sensitive data are the logfiles, which should be encrypted or at least anonymized.
Only on suspicious events they should be checkable - by a double authentication by to persons (e.g.
data security officer/staff council or works council and General Manager/CEO or chief administrator).
Vendors (selection in alphabetical order, list not complete):
- Anti-Virus Software on Gateways, Fileserver, Mailserver and Clients
Computer Associates, F-Secure, Finjan, Kaspersky, McAfee, Sophos, Symantec, Trend Micro, ...
- Content Control on Gateways
Clearswift (MIMEsweeper), SurfControl, WebSense, SecureComputing Webwasher, ...
Please ask us if you have further questions. |
|
