Barracuda Email Security System ESS 1 Barracuda ESS
Barracuda Email Security System (ESS) 1 Barracuda ESS is a cloud base service that monitors and protects SRJC Email Infrastructure from spam, virus, email spoofing, typosquatting, malware, crypto-locker and phishing threats.
2 Why Email is exploited by hackers: • Email is the most common way to communicate with individuals and companies because of this it is commonly exploited by hackers to gain access into any organization’s network. • Email has unrestricted access into an organization’s network. All that is needed is a valid email address and Email infrastructure system will accept email from anyone. • Spammers harvest email address either from a compromised person’s or organization’s computer or buy from hackers. It is estimated that spammers send out 1. 7 million emails per day and make an average $7, 000 from those emails.
The email exploits come in many forms: 3 • SPAM – range from unwanted advertising to personal information mining • Phishing email – used to extract credential or financial information from recipient • Email Address Spoofing – used to deliver the following exploits • Typosquatting – know as URL hijacking is when a URL looks legit but redirects to a nefarious web site i. e. www. amaz 0 ns. com. It is also used to take advantage of mistyped URL i. e. gooogle. com • Malware – code that install a malicious app • Crypto-Locker - which encrypts local and network data. Money must be paid to unencrypt the data. • Adware - Unwanted pop up ads • Spyware – app that monitors and captures your keystrokes or transmits data covertly from the hard drive • Trojans or Worms – Turns a PC in a Zombie that can be programmed to perform nefarious tasks on the internet. • Virus – code that can cause malicious tasks to run on the computer
4 External Inbound Email to *@santarosa. edu Email from the Internet Suspicious email Barracuda Email Security System (ESS) SRJC Email Client Microsoft Office 365 staff accounts Clean email Linux 6. 6 busservices primary smtp Windows 2012 R 2 busexchange 1 Exchange 2016 hybrid Windows 2012 R 2 busexchange 2 Exchange 2016 hybrid
5 How Barracuda ESS works Barracuda ESS looks at all email as suspicious until it’s proven otherwise. After the email is scanned and determined to be clean or legit it is delivered to the recipient. As with all applications there are some false positives and some legitimate email is flagged as suspicious. The idea is that it is better to error on the side of caution so that email quarantined and then at the behest of the recipient looked at by the Email System Administrators and released if it passes scrutiny. To mitigate this behavior in the future Barracuda; is a dynamic system; allows emails that are incorrectly labeled as spam or suspicious to be relabeled and whitelisted.
Barracuda Email Protection Methods 6 1. Barracuda uses algorithm called Advanced Threat Protection Service that analyzes inbound email attachments with most MIME types in a separate, secured cloud environment, detecting new threats and determining whether to block such messages. This service is used to minimize zero hour threats; which are threats that are unleased with no 2. Barracuda Real Time Block List - is a dynamic list of known domains and IP addresses of know spammers. 3. Barracuda Real Time System 4. Mail Scanning – Barracuda uses 3 layers of virus scanning. 1. Uses open source virus definitions from open source community to monitor and block latest virus threats 2. Proprietary virus definitions, created and maintained by Barracuda. List is maintained 24/7. 3. All email is scanned even those coming from domains that have been whitelisted by SRJC email admins 5. Barracuda provides Anti-Fraud and Anti-Phishing protection 6. Email Continuity – Since Barracuda receives all external email traffic first for security reason. In the unlikely event that Microsoft Office 365 becomes unavailable user can access their email by logging into Barracuda to view their email. These email messages will only be available for 96 hours.
Additional Security Features in Barracuda ESS 7 Outbound Mal Encryption is performed by the Barracuda Email Encryption Service, which also provides a web interface, the Barracuda Message Center, for recipients to retrieve encrypted messages. Figure 1: Mail Flow for Encrypted messages sent through the Barracuda Email Security Service. When the Barracuda Email Encryption Service encrypts the contents of a message, the message body does not display in the Message Log. Only the sender of the encrypted message(s) and the recipient can view the body of an encrypted message. Barracuda protects the organization’s email reputation by monitoring out going email. This is done to prevent a compromised system from sending out spam email. When this happens the emails are deferred an email is sent to system administrators to investigate the issue.
8 User Quarantine Feature Barracuda Quarantine Feature allows users to view and manage emails that have been quarantined.
- Slides: 8