September Cover 


Cabling Infrastructure

CommScope

Hitachi Cable

HyperlineSystems

Panduit

Cable closures

Fiber Instrument Sales

Cabling Raceways

ADC Telecommunications

Pre-terminated cabling

Corning Cable Systems

HellermannTyton

WAN Services

Masergy Communications

Media conversion

Transition Networks

Network Security

Juniper Networks

Power over Ethernet

Transition Networks

Power Management

Eaton/Powerware Pulizzi

Remote Monitoring

Network Technologies

Sensaphone

Switching

Transition Networks

Voice over IP

Microsoft

TC Communications

VoIP Testing/Analysis

GL Communications

Wireless

Canon Broadcast

Oberon

OFS

Features

December 2005

SPECIAL FOCUS: MSPs/INTEGRATORS

CPA firm defends against spam

Outsourced security service provides cost savings and increased staff productivity.


David Curbo, president of Cannon & Company, and Sara Oaks, head of information services for the firm, save hours every week through a managed service.

One afternoon in the height of the 2005 tax season, accountants at Cannon & Company waiting for client communications began noticing delays in e-mail delivery. As Sara Oaks, network administrator and head of information services, recalls, “A couple of people asked me why they hadn’t received an e-mail sent 30 minutes ago. While I was doing the normal checks on my system to see if anything was non-functional, I got a call from our service provider’s NOC asking what was wrong. They were seeing mail stack up in their servers, queuing for our domain.”

Cannon & Company, a full-service CPA firm in Memphis, Tenn., provides a full range of accounting, auditing, tax, management advisory and other professional services to clients representing all facets of the economy. Its staff of professionals provide expertise in various fields, including the medical industry, wholesale distribution, manufacturing, not-for-profits, retail, and pension and profit sharing plans.

With such a large client base, the pace becomes hectic in April for the 40-member company. For a CPA firm, there are few things worse than going down during tax season. On this April day, a deluge of spam brought on by a directory harvest attack was severely impacting Cannon’s network. The firm’s new perimeter-based managed e-mail service, however, overcame the attack.

Spam can raise a plague of biblical proportions. Ask the firm’s four directors, who used to spend many hours a week sorting through e-mail and eliminating spam, deeply resenting the infringement on their time and productive capacity.

The company had previously tried to protect itself with an antispam software program, but the cure was almost as bad as the disease. Users had to tag each message as legitimate or not so that the program could screen senders. That eventually reduced but never blocked the influx of spam.

Finally, Cannon replaced the software with the perimeter-based managed e-mail service, mailMAX from SecurePipe.

From the beginning of October 2004 to the end of October 2005, more than 1.2 million inbound messages destined for the Cannon e-mail system were routed instead through mailMAX servers. Delivery of approximately 95% of that traffic was prevented.

For Cannon executives, the ratio of spam to real mail was even higher. Returning from a nine-day vacation, Cannon’s president, David Curbo, found that 3,000 messages had been blocked–99.94% of the incoming stream.

mailMAX scans both inbound and outbound e-mail, checking for spam, viruses, harassing or inappropriate content, pictures, key words, attachment types, and message size. The filtering service, built by Cincinnati-based Mycom and recently acquired by Chicago-based SecurePipe, operates on highly secure servers in the SecurePipe network operations center (NOC).

Client implementation is simple
On the front end, reporting tools provide real-time information on e-mail traffic. The system automatically sends summary notifications of stopped messages to the network administrator, individual clients or user groups. On the back end, mailMAX security engineers proactively monitor traffic, alerting the designated IT contact in the client company when issues develop.

Because there is nothing to install on the client network, implementation is simple. According to Oaks, “All that I needed to do was make some changes in our Novell Groupwise mail server configuration in order for us to communicate with the mailMAX servers, and for our mail to be directed properly. Once we were communicating, I went out to the mailMAX Web site and configured each area to shelter mail properly.”

Initially, Oaks and her assistant devoted time to inputting information for the spam filter. Once mailMAX 2.0 came out, those time requirements dropped off to almost nothing, she says. The new version provides usability improvements and functional enhancements, including IP address blocking, real-time blacklists and sensitivity settings for its multifactorial spam blocking.

“We bumped the screening level up and found that the good e-mail was still getting through and spam was reduced to a negligible amount,” Oaks offers. “In addition, version 2.0 allows us to control the size of incoming e-mails.”

Because the solution does not reside on the firm’s network, interoperability with other network components is a non-issue. At the time it was introduced, Cannon’s network environment consisted of a Novell 6 server, Novell Groupwise e-mail server and 40 workstations. Since then, the network has been totally replaced with a more complex environment, consisting of a Windows 2003 file server, Microsoft Exchange 2003 server and two Citrix Presentation 4.0 servers.

To transition from one network environment to another, Oaks only had to send two e-mails. The first informed the mailMAX engineers of the new mail server details. The second was to verify what had to be changed on her end.

harvest attack prevented
“Spam blocking was what we were looking for originally because we hadn’t experienced virus outbreaks. But virus screening has been a major side benefit of the service,” explains Oaks. Integrated with its spam blocking, mailMAX virus screening supplements Symantec AntiVirus Corporate Edition Version 10.0 running on the network mail server.

“On six to eight different occasions during the last two years, when a virus was caught but did not infect the network, we learned how important having that second level of protection was,” Oaks says.

In April, the service made its biggest impact when it detected the directory harvest attack. After receiving Oaks’ call, a mailMAX engineer recognized the signs of the attack, a scenario where spammers send tens of thousand of blank e-mails to every possible combination of user names at a particular company. One consequence of this type of an attack is that it can quickly overwhelm and shut down a mail server.

Because of the address list management features designed into the managed service, all e-mail traffic not specifically addressed to a valid e-mail address can be blocked from ever entering the network, thereby ensuring the server remains available for legitimate mail processing. Oaks quickly provided the list of valid addresses, enabling the engineer to avert the directory harvest attack already under way, and then configure the service to protect the firm from similar attacks in the future.

“mailMAX costs about $1,000 a year for a firm our size,” Oaks says. “When we looked at the time it would save high-level people and the time it would take to recover from a virus infection, that cost is minor. The decision to outsource has most definitely allowed us to redirect time both to client work and IT priorities.”

For more information from SecurePipe:
www.rsleads.com/512cn-260