QuickStart!
      Symantec™ Mail Security 8200 Series Appliance
      Email security appliance with integrated, industry-l...
What is Symantec™ Mail Security 8200 Series Appliance?
                        Symantec™ Mail Security 8200 Series applian...
Value Statements
                 The following value statements will help you articulate the tangible results customers c...
• Reduces acquisition, installation, and management cost.

                  • Requires less time and expertise to impleme...
Detects directory harvest attacks before they have a chance to impact the mail server. In
           DHA attacks, maliciou...
network level, the Sender Reputation Service can identify abusive senders and prevent
                abusive senders and ...
−    Spanish
                       • Language Expertise—Technicians deployed across the globe analyze spam and
          ...
• 24-Hour-A-Day False Positive Resolution—Provides quick false positive
                    resolution. False positives ar...
• Rapid Response—Provides advanced automation and expert technologies for rapid
                    virus detection. Rapid...
• Transport Layer Security (TLS)—The included MTA supports the ability for
                    encrypted connections using...
• Provides a convenient graphical editor.

           Powerful System Management
               Gives administrators contr...
−   Quarantine is low on disk space

                  • Logs—Allows logging levels to be set on a 7-point sliding scale, ...
−    Forward message                −   Send notification
                                 −    Archive message           ...
• Misidentified Message Submission—Automatically sends messages identified by
                    administrator and users ...
• Blocked Senders List—Using their email client, users can specify addresses that
                    will always be block...
Mail Server Box           The MTA included with Symantec Mail Security 8200
                                            Se...
Symantec provides Channel demo units (appliances) at a discount to resellers to enable
                       them to demo...
Telephone Support                Gold          Platinum        Premium          Global
                                   ...
Term                    Description
                                   filtering, if enabled).



           Annotate (Act...
Term                      Description
           Content Compliance        Allows administrators to create supplementary f...
Term                      Description
           Attacks                   number of generated recipient addresses in the ...
Term                    Description
           LDAP Synchronization    Refers to the ability to perform change-based 1- wa...
Term                 Description
           Quarantine           Provides administrators and/or users direct Web-based
   ...
Term                 Description
           SMTP (Simple Mail    A server-to-server mail transfer protocol used by many ma...
Term              Description
           Traffic Shaping   The Symantec Mail Security 8200 Series feature manages
        ...
Symantec, the Symantec Logo, LiveUpdate are U.S. registered trademarks of Symantec Corporation.
           Symantec Securi...
Upcoming SlideShare
Loading in...5
×

Symantec™ Mail Security 8200 Series Appliance

4,112

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,112
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
21
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Symantec™ Mail Security 8200 Series Appliance"

  1. 1. QuickStart! Symantec™ Mail Security 8200 Series Appliance Email security appliance with integrated, industry-leading antispam and antivirus technologies What is Symantec™ Mail Security 8200 Series Appliance?..........................................................................................2 Key Messages.................................................................................................................................................................2 Value Statements.............................................................................................................................................................3 Key Features & Benefits.................................................................................................................................................3 System Requirements....................................................................................................................................................15 Technical Specifications...............................................................................................................................................16 Licensing Symantec Mail Security 8200 Series............................................................................................................16 Glossary .......................................................................................................................................................................18 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 1
  2. 2. What is Symantec™ Mail Security 8200 Series Appliance? Symantec™ Mail Security 8200 Series appliances offer the most accurate email security, powered by industry-leading Brightmail AntiSpam technology from Symantec, the global leader in information security1. Its innovative email firewall technologies reduce email infrastructure costs by restricting unwanted connections, while the appliance form factor and automatic spam filter and virus definition updates enable easy, low-cost deployment and management. With global management, administrators can easily configure, monitor, and report on all email security appliances from a single Web-based console. Content compliance features allow administrators to gain control over inbound and outbound email content so they can enforce internal or regulatory email content policies. Available Models The Symantec Mail Security 8200 Series appliances include two models, which enables customers to choose the appliance that best meets their needs: • Symantec Mail Security 8240 is an entry-level appliance for medium-sized businesses. It supports organizations between 100 and 1000 seats. Symantec Mail Security 8240 customers will typically purchase one appliance. • Symantec Mail Security 8260 is an enterprise-grade appliance for large-sized businesses and enterprises. It supports organizations with over 1,000 seats. Many of the customers in this segment will purchase multiple appliances. Key Messages • Powered by industry-leading Brightmail AntiSpam and Symantec AntiVirus™ technologies for effective spam and virus protection. • Appliance form factor and automatic updates enable easy, low-cost deployment and management. • Email firewall technologies reduce email infrastructure costs by restricting connections from spam-sending servers. • Content compliance features allow administrators to gain control over inbound and outbound email content. • All email security appliances can be managed from a single console. • Pre-defined reports provide insight into trends and attack statistics. • Two models meet the needs of medium and large size organizations. 1 Yankee Group, 2004 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 2
  3. 3. Value Statements The following value statements will help you articulate the tangible results customers can gain from using Symantec Mail Security 8200 Series appliances. IT and Mail Administrators • Delivered by the global leader in information security, Symantec Mail Security 8200 Series appliances consolidate the industry-leading spam and virus protection and the most comprehensive spam prevention into a single, powerful system for flexible administration and lower management costs. • Symantec Mail Security 8200 Series appliances integrates the best spam and virus protection, to accurately and effectively filter mail that enters the gateway. Its comprehensive email abuse prevention preemptively stops email attacks that consume resources and threaten business continuity. The powerful yet simple management makes it easy to deploy, maintain, and keep up-to-date. Symantec Mail Security 8200 Series appliances helps reduce your total costs of ownership for email security. Key Features & Benefits Easy Deployment and Management Appliance Form Factor Provides an appliance-based approach to email security, enabling a single point of management for common email threats. Symantec Mail Security 8200 Series appliances include the following features: • Compact—Uses rack-mounted, 1μ half-depth server appliances (Symantec Mail Security Series 8240 is half depth and Symantec Mail Security Series 8260 is full depth). • Reliable—Installed on a RAID-1 disk storage. Symantec Mail Security 8260 Series appliances features dual power supplies and fans. • Proven Operating System—Uses a tuned, secure Linux kernel that is optimized for Symantec Mail Security 8200 Series. • Leading Open Source Mail Transfer Agent (MTA)—Built on Postfix, the leading open source MTA. • Pre-Integrated—Includes the necessary operating system, MTA, and product software pre-installed, requiring no administrator modifications or installation. Benefits 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 3
  4. 4. • Reduces acquisition, installation, and management cost. • Requires less time and expertise to implement and operate. • Simplifies security management. Comprehensive Spam Prevention A key goal of spam prevention is to identify and block abusive email sources before they have a chance to inflict damage on internal email servers. By allowing or restricting SMTP connections as appropriate, spam prevention technologies help to stop attacks in early stages, offloading the filtering burden from the email server, and preventing spam and other email threats from ending up in user inboxes. With Symantec Mail Security 8200 Series appliances, the following spam prevention technologies comprise a first level of defense. They analyze incoming SMTP connections and enable preemptive responses and actions before messages progress further in the filtering process. Traffic Shaping • Identifies Abusive Senders—Throttles the connection rate for senders of spam or malicious content, but allows legitimate senders to easily connect. • Gives Legitimate Senders Excellent Quality of Service—Allows legitimate email senders’ mail to flow quickly, while spammers are given very poor quality of service and their mail is slowed to a trickle. Spammers have no way to force mail into the protected network, so their spam simply backs up on their own servers • Leverages Symantec’s Probe Network—For any traffic shaping approach to precisely and reliably identify “good” and “bad” email senders, it must have access to a large stream of email sender data. By leveraging its Probe Network of decoy email accounts and the filtering statistics over its 300 million protected antispam customer base, Symantec has huge visibility into email server sending patterns. Symantec is in a unique position to characterize email sources, which is critical for the Traffic Shaping feature. Benefits • Prioritizes sources with good traffic and stifles sources that are sending spam, reducing the capacity, load, and traffic downstream in the network. • Controls the speed at which certain senders can connect to mail server. • Reduces email load at the gateway. Directory Harvest Attack (DHA) Prevention 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 4
  5. 5. Detects directory harvest attacks before they have a chance to impact the mail server. In DHA attacks, malicious senders generate email addresses using common surnames and proceed to bombard the mail server. By tracking the bounced messages, spammers can obtain a list of valid email address within an organization. Benefits • Reduces future spam attacks. • Detects and stops directory attacks and other attempts to harvest email addresses. Spam Attack Prevention Detects possible spam attacks by examining the frequency and quality of the messages received from incoming IP addresses. For example, the email firewall on an appliance tracks how many messages received from a given IP address were identified as spam during a given window of time. Benefit Preemptively stops spam attacks that consume resources and threaten business continuity. Administrator-Defined Blocked Senders Recognizes blocked senders (identified by IP address) for the organization. The senders can be identified at the DNS or local level. Benefit Lets administrator decide how email from blocked sender will be handled. Reject Messages • Allows the MTA to reject the message based on the quality or behavior of the sender. This is helpful in response to messages sent from senders who are disseminating spam or otherwise using abusive tactics. • Sends a delivery failure notification, along with customizable text by the administrator. Failure notifications are valuable if the sender is unknowingly (via a compromised machine) sending spam or other unacceptable content. Benefit Improves processing by allowing the MTA to reject messages. Integrated Sender Reputation Service Data Leverages the reach and visibility of Symantec's Probe Network along with sender data culled from filtering statistics. Based on objective analysis of sending patterns at the 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 5
  6. 6. network level, the Sender Reputation Service can identify abusive senders and prevent abusive senders and spammers from connecting to the appliance. Benefit Allows Symantec Mail Security 8200 Series appliances to automatically block or allow SMTP connections based on sender profile and reputation data from the Sender Reputation Service. Third-Party Lists Lets administrators configure lookups to third-party lists of allowed or blocked sender services to which the administrator subscribes. Benefit Gives administrators configuration control to third-party sender lists. Industry-Leading Brightmail AntiSpam Protection Symantec Mail Security 8200 Series appliances incorporates multi-layered spam protection that leverages industry-leading technology and are backed by globally distributed operations centers. Symantec Mail Security 8200 Series appliances includes the following spam protection features and technologies: Safe IP List Provides a constantly updated list of IP addresses from which virtually no outgoing email is spam. Symantec manages the IP address list. Benefit Helps limit false positives. Language Features • Language Identification—Identifies the text of the message as belonging to one of 11 languages. Symantec Mail Security can then run only the filters that apply to the message’s language. Lets users adjust language preferences to deny or allow email based on language identification by Symantec. • Language-Specific Heuristics—Provides specially tuned heuristics based on one of 11 languages that target non-English spam. Supported languages include: − Chinese − Italian − Dutch − Japanese − English − Korean − French − Portuguese − German − Russian 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 6
  7. 7. − Spanish • Language Expertise—Technicians deployed across the globe analyze spam and create targeted filters in over 15 languages. Benefits • Enables the engine to run only the filters that apply to the message’s language, resulting in better performance. • Enables users to define the languages in which they want to receive messages. • Provides faster and more accurate detection and response times for network protection. Filtering Technologies and Signatures • Updated URL Filters—Identifies and filters a spammer’s intended URL, which is often disguised and leads to spam Web pages. This URL technology was invented by Brightmail, and is now in its fourth generation. • BrightSig2 Filters—Includes signature technology that eliminates randomization and HTML-based filter evasion techniques. • Header Filters—Uses tight, targeted, regular expression-based filters based on real- time attacks or derived based on commonalities or trends present in spam messages. • Body Hash Filters—Includes first-generation signature technology. • Attachment Signatures—Targets a specific MIME attachment, for example, a ZIP file that contains a virus. Benefits • Includes a filtering engine that uses over 20 different filtering technologies that together maximizes spam detections (95% effectiveness) and minimizes false positives (less than 1 false positive in one million messages). • Identifies and filters mail that enters the gateway accurately and effectively. Filter Updates and False Positive Resolution • 10-Minute Updates—Automatically downloads filters from Symantec to customer sites via secure HTTPS every 5–10 minutes. No need for server restart or administrator intervention. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 7
  8. 8. • 24-Hour-A-Day False Positive Resolution—Provides quick false positive resolution. False positives are analyzed and corrected by Symantec technicians within 24-hours. Benefits • Offers fast and convenient filter updates. • Provides fast false positives response. Global Operations Centers and Largest Honeypot Network • Global Operations Centers—Symantec has globally distributed spam analysis and operations centers in the United States, Ireland, Australia, and Taiwan. They provide 24x7 monitoring of spam attacks and filtering performance at customer sites. • Spam Detection Network—Includes the largest honeypot network (over 2 million decoy email addresses and domains). Contains submissions and statistics from over 300 million email inboxes. Benefit Consists of several centers working cooperatively on three continents, comprising a round-the-clock protection network that spans the globe. Spam Submission • Missed Spam Submission—Users can log into the Control Center, a Web-based interface, to submit missed spam to Symantec. If warranted, Symantec will adjust filters. • False Positive Submissions—Uses convenient submission tools, Symantec’s user community—300 million—can quickly inform Symantec as soon as possible in the event of a misidentified message. • Submission Responses—Based on the submissions, Symantec will adjust filters if warranted to improve filtering quality. Benefit Makes it easy for users to send missed spam and false positive spam to Symantec. Award-Winning Virus Protection Advanced, Automated Antivirus Technologies Scans and detects viruses by integrating Symantec’s award-winning antivirus technology. Antivirus protection includes automatic virus definition updates, flexible policies to handle messages with viruses, and specific defenses against mass-mailing worms and the associated spawned emails. Antivirus protection also includes: 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 8
  9. 9. • Rapid Response—Provides advanced automation and expert technologies for rapid virus detection. Rapid Release virus definitions are created when a new threat is discovered and help mitigate fast spreading virus outbreaks. • Antivirus Definitions Options—Lets users pick whether to use Rapid Response or Platinum antivirus signatures. • Automatic Updates—Includes antivirus signatures and definitions created by Symantec and updated at customer sites as soon as they are available. • Actions Choices—Lets administrators set policies to handle messages with viruses (i.e., clean and deliver the message, deliver the message normally, or delete the message). • Mass-Mailing Worm Auto-Deletion—Automatically removes not only the mass- mailing worm but also the associated spawned emails, which can number in the hundreds and serve no valuable purpose. • Variable Scanning Levels—Includes adjustable heuristics for more or less aggressive identification of viruses. • Adjustable Scanning Thresholds—Specifies maximum size and scanning depth levels to reduce exposure to zip bombs that tax processing. Benefits • Provides up-to-date virus protection. • Proactively protects users’ system from virus infections. • Provides fast response for new threats. Secure Platform Technologies Symantec Mail Security 8200 Series appliances are backed by secure platform of technologies, including hardened and optimized MTA and operating system software. They also feature the following advanced technologies against email fraud. • Sender Policy Framework (SPF)—Provides support for SPF. Organizations publish a list of their approved email servers in the DNS. Administrators can choose to close the SMTP connections for senders whose IP addresses don’t match the appropriate SPF record. • Anti-Fraud URLs—Includes Symantec’s proprietary URL technology, which seeks out spam URLs in messages. It includes specific filters against fraud URLs. This technology also removes the obfuscation and URL-relaying tactics that spammers can employ to conceal the target fraudulent URL. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 9
  10. 10. • Transport Layer Security (TLS)—The included MTA supports the ability for encrypted connections using TLS. Administrators can choose whether TLS is permitted and/or required for all the appliances in the network. • Hardened MTA—Ships with MTA pre-hardened against common vulnerabilities and attacks. • Hardened Operating System—Includes embedded operating system and other software pre-hardened against common vulnerabilities and attacks. Administrators can easily install software security updates. Benefit Mitigates the risk of having email servers directly exposed to the Internet. Convenient Email Content Control Content Compliance Helps administrators control sensitive email content and enforce content rules to conform to Information Technology (IT), Human Resources (HR), and regulatory policies. • Dictionary Filters—Enables administrators to define or import a pre-defined dictionary of prohibited words. This feature assists with HR and regulatory compliance-related issues. • Content Filter Editor—Allows administrators to create custom filters using a graphical interface. These global, server-level filters can be used to enforce company policies. Administrators can quickly activate and deactivate individual filters, display their activation status, and organize the order in which rules are run. • Annotations—Allows administrators to automatically add text to outbound email, such as a legal disclaimer or commercial information. • Archive—Automatically sends a copy of filtered message for a specified category (for example, spam) to a specific administrative account. This allows administrators to review the nature of messages targeting the organization. • Attachment Blocking—Enables administrators to scan for attachments with specific size or content attributes. Administrators can specify a maximum attachment size. They can also create filters to match against a specific MIME type, file name, or file extension. • Text File Import—Imports manually coded filters written in the Sieve language. Benefit • Makes it easy for organizations to control sensitive email content and enforce content rules to conform to IT, HR or regulatory requirements. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 10
  11. 11. • Provides a convenient graphical editor. Powerful System Management Gives administrators control and visibility into their organizations’ email security issues. • Web Based Administration—Lets administrators use a Web browser to view a real-time dashboard of consolidated filtering performance and centrally administer multiple Symantec Mail Security 8200 appliances. • Global Management—Allows administrators to configure, manage, and monitor multiple appliances (deployed in Scanner mode), from a central location using a Web browser. • Automated Filter Downloads and Statistics Transfer—Provides secure HTTPS polling from customer sites that initiates download of updated filters. The same process transmits statistics from customer sites to Symantec, allowing Symantec to gauge the performance and effectiveness of deployed filters. The process requires no administrator intervention and filtering is never stopped during the update process. • Software Updates—Allows administrators to easily apply the latest security and software updates. Symantec provides updates and security enhancements to the operating system, MTA, and supporting software when they become available. • Multiple Administrator Accounts—Lets organizations define multiple administrator accounts, allowing them to divide up administrative tasks. • Assignable Administrator Privileges—Allows administrator accounts to be configured with the desired level of management privileges for different components. Administrators can be assigned view or modify access to any or all of the following functions: − Reporting − Policies − Appliance settings − Administration − Quarantine • Automated Email Alerts—Sends alerts to administrators or other parties when the following conditions arise: − A component is not responding or working − Antispam filters are older than a specified time − Antivirus filters are older than a specified time 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 11
  12. 12. − Quarantine is low on disk space • Logs—Allows logging levels to be set on a 7-point sliding scale, and the settings can apply to individual filtering computers or to all. Administrators can also designate the maximum size and retention period for entries in the log database and save logs to a text file for further review. • Status View—Lets administrators view quarantine information, configured scanners in the network, and basic system status from one central location. • Command Line Interface—Allows administrators to manage certain tasks using a command line interface. Using the command line interface, the administrator can shut down the appliance, reboot appliance, and perform a variety of system management tasks. Administrators can also use the command line interface to check for, download and install software updates. Benefit Reduces administration burden and provides flexibility to meet the organizations’ unique needs. Flexible Mail Policies and Administration Includes the following flexible email management features, designed to support different levels of administrator involvement. • Group Policies—Lets administrators specify user groups, identified by email addresses, domain names, or LDAP groups and customize mail filtering for each group. For example, an organization might choose to quarantine spam and suspected spam for review by the legal department but delete spam for the human resources department. • LDAP Synchronization—Allows Symantec Mail Security 8200 Series appliances to perform one-way LDAP synchronization from existing directory stores, eliminating the need for dual entry of user information. The supported source directories include Windows 2000 Active Directory, Windows 2003 Active Directory, iPlanet/Sun Messaging Server 5.1, and Microsoft Exchange 5.5. The LDAP Synchronization service also supports the import of organization data in LDIF files format, in case directory owners want to restrict direct access to the directory. • Flexible Actions—Administrators can assign a variety of actions to policies, based on the message verdict. Depending on the criteria, actions include the following: − Deliver message − Quarantine message normally − Deliver message to − Delete message recipient's spam folder 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 12
  13. 13. − Forward message − Send notification − Archive message − Strip attachments − Bounce message − Treat as blocked sender − Modify subject − Treat as allowed sender − Add a header − Treat as spam − Strip a header − Treat as suspected − Add annotation − Treat as a virus − Treat as a mass-mailing worm • Adjustable Spam Threshold—Allows configurable definition of suspected spam for more aggressive filtering. Use policies to set up a unique action for messages identified as suspected spam. • Multiple Filtering Categories—Lets messages be classified as one of the following: − Spam − Suspected spam (matching the adjustable spam scoring range specified) − Email from blocked senders − Emails infected with viruses − Mass-mailing worms − Unscannable emails (could not be scanned due to size restrictions or other variables) − Custom-filtered emails (matching content filters created by administrator) • Administrator Web-Based Quarantine—Allows administrators to log in and review spam messages that Symantec Mail Security has quarantined for all users in their organization. Administrators can access quarantine database and configure settings from the Control Center. • User Quarantine Digest—Sends a periodic email summary to users, listing the newly quarantined spam messages. Includes links for users to immediately release messages to their inbox or log in to their personal quarantines. • One-Click Release of Quarantined Messages—Lets recipients of spam quarantine digest, click links to immediately release or view caught spam messages—without having to log in. • Alias Expansion—Allows quarantine to automatically resolve all aliases and delivers messages to the appropriate quarantine account for the underlying email address. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 13
  14. 14. • Misidentified Message Submission—Automatically sends messages identified by administrator and users as missed spam or false positives to Symantec for analysis. • Administrator Notification for Submissions—Allows administrators to receive a copy of all misidentified messages sent by users to Symantec. • Spam Expunging and Size Thresholds—Provides configurable retention period for spam messages. Includes thresholds to control the quarantine database size and the messages number limit on a global and per-user basis. • Quarantine Message Search—Lets users and administrators search messages in quarantine using multiple criteria, including: − To headers − From headers − Message body − Subject headers − Message ID headers − Time range • Customizable Notification Template—Includes customizable delivery frequency, message content, and content type (HTML, text, or both). Administrators can specify whether digest includes embedded view message and release message links to enable users to access messages without logging in. • Consolidated Reporting—Lets administrators view consolidated filtering performance statistics for all Symantec Mail Security 8200 Series appliances operating as Brightmail scanners. • Multiple Preset Reports—Provides comprehensive real-time reporting of filtering performance and email attacks with over 20 preset reports. • Report Export—Exports report data for use in reporting or spreadsheet software for further analysis. • Report Scheduling—Schedules reports for generation and email delivery. Benefit Lets administrators manage mail security in a way that makes sense for their organizations. Customizable User Tools Lets users log into a special section of the Control Center and select appropriate settings. The customizable user features include: 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 14
  15. 15. • Blocked Senders List—Using their email client, users can specify addresses that will always be blocked. The entries are in addition to organization-wide block lists defined by administrators. • Allowed Senders List—Users can designate senders who are allowed to bypass antispam filtering. Includes convenient auto-population of trusted senders from the Microsoft Outlook address book. • Allowed Languages—Users can either specify languages in which they want to receive email or in which they don’t want to receive email. Users can choose from 11 supported languages. • Submissions—Users can submit missed spam or false positives to Symantec for analysis. • End-User Quarantine—Using an Internet browser, users can log into their personal quarantine at any time and view their quarantined messages. Benefit Empowers a user to manage and customize their filtering. System Requirements Appliance Symantec Mail Security 8200 Series appliance is a self-contained system with preloaded software components and does not have minimum system requirements. Management Console Component Details Browser Management of the appliance is via a secure Web connection using one of the following browsers: • Microsoft Internet Explorer 5.5 • Microsoft Internet Explorer 6.0 • Netscape 7.1 Number of users Symantec Mail Security 8240 • Min: 100 • Max: 1,000 Symantec Mail Security 8260 • Min: 1,000 • Max: 10,000 and above LDAP Necessary if customers want to have LDAP-based group policies or alias expansion. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 15
  16. 16. Mail Server Box The MTA included with Symantec Mail Security 8200 Series relays mail to existing email servers. It does not provide final mail delivery functions or client access to mail via POP. Technical Specifications The following table indicates the technical specifications for each Symantec Mail Security 8200 Series appliance model. Description 8240 8260 Chassis/Dimension Form factor Half-Depth Rack- Half-Depth Rack-Mountable; Dimensions Mountable; 1U 1U 1.68" x 16.7" x 21.5" 1.69" X 19" X 30" Storage 2x40 GB SATA 2x73 GB SCSI RAID RAID 1 RAID 1 Connectivity Ethernet 2 X 100/1000 2 X 100/1000 Performance Messages per hour 100K messages/second 250K-500K Availability Features Dual Power supply No Yes Dual Fans No Yes Licensing Symantec Mail Security 8200 Series Symantec Mail Security 8200 Series appliances are licensed on a per-user/per-year subscription model. Customers purchase a subscription based on the number of employees they want to protect. Symantec Mail Security 8200 Series appliances use Symantec’s Enterprise Licensing System (ELS) to control product activation and content updates via downloads from the BLOC. Product activation includes a trialware key for 30-day activation or a license key for full product activation, which will never expire. In addition, content updates via BLOC download will be time-limited based on the license agreement signed by the customer. Following expiry of the license (and a corresponding grace period), no additional product updates will be delivered. Demonstration Units Evaluation Units for the Channel 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 16
  17. 17. Symantec provides Channel demo units (appliances) at a discount to resellers to enable them to demo the Symantec Mail Security 8200 Series appliances. A Channel demo license is provided at a discount, which is good for one year. Resale licenses are also provided. Deliverables When customers purchase Symantec Mail Security 8200 appliance, they receive: • The Appliance • Printed Quick Start Card • Implementation Guide • Deployment Planning Guide License File Customers must obtain license file(s) to permanently enable their appliances and to register for support. The appliance will operate for up to 30 days without a license file, allowing customers enough time to contact Symantec. Technical Support The following Maintenance options are available. Symantec bundles one year of Gold Maintenance with the Symantec Mail Security 8200 Series appliance. Maintenance Renewals are available for subsequent years. Premium Global Telephone Support Gold Platinum Platinum Platinum2 Local Business Hours     Extended Hours     (24 x 7 x 365) Number of Support Unlimited Unlimited Unlimited Unlimited Incidents Number Designated Callers 2 2 5 Custom Additional Designated Optional Optional Optional Optional Caller(s) Additional Language(s) Optional Optional Optional Optional Same day onsite hardware     repair 2 Global Platinum is a custom option. Symantec account representatives assist customers in tailoring a global program to suit their needs. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 17
  18. 18. Telephone Support Gold Platinum Premium Global Platinum Platinum E-Services 24 x 7 Standard Support     Web Site Platinum Web Site/     Knowledge Base Proactive e-mail/wireless Optional    security bulletins Warranty Services Three year hardware warranty for next business     day on-site repair (available in most areas) Advanced hardware replacement (available in     areas that aren’t eligible for on site repair) Technical Account Mgmt Technical Account Manager    Optional (TAM) Global Technical Account    Optional Manager (GTAM) Maintenance Software Upgrade Insurance     Glossary Term Description Action A behavior performed against message of a given category, based on a policy defined by the administrator. For example, an administrator can specify that the “Delete” action be taken on messages identified as spam for all users in the organization. Alerts Used to refer to system level messages produced by Symantec Mail Security 8200 Series appliances. For example: “Quarantine is low on disk space.” Allowed Senders Trusted senders, as specified by the administrator or users. Messages from allowed senders are automatically sent to user inboxes, bypassing all filtering (except antivirus 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 18
  19. 19. Term Description filtering, if enabled). Annotate (Action) Refers to the action of automatically adding text to outbound email. One application of this action is to add a legal disclaimer or commercial information. Antispam Filters The name for the defenses provided by Symantec for stopping spam. Antivirus Definitions The name for the virus definitions created and deployed by Symantec Security Response when a new threat is discovered. Attachment Filters A content compliance feature that allows administrators to improve security breeches and preserve network resources by preventing specified email attachments (e.g., vbl scripts or ZIP files) from entering the organization. Attachment Signatures Antispam filters created by Symantec that target specific MIME attachments, for example, a pornographic image used in a specific spam attack or ZIP file that accompanies a virus campaign. BLOC (Brightmail The BLOC consists of several centers working cooperatively Logistics and on three continents, comprising a round-the-clock protection Operations Centers) network that spans the globe. These antispam operations centers are responsible for all of the real-time tuning and adjustments that underlie Symantec’s filters. Blocked Senders A sender identified as blocked, either by email address or originating IP address, on the Blocked Senders List, on one of the Sender Reputation Service lists or on a third party blocked senders list. Symantec Mail Security 8200 Series can configure how messages from blocked senders are handled. Command Line Allows the administrator to: shut down the appliance, reboot Interface appliance, clear configuration data, change the administrative password, display the version information of all installed components, display a list of users logged into the appliance, perform DNS lookups of hostnames and IP addresses against the configured name servers, trace the route to the specified host, ping a specified host, query network statistics, look at IO statistics, display MTA statistics, control the local DNS cache, display OS statistics. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 19
  20. 20. Term Description Content Compliance Allows administrators to create supplementary filters to enforce an organization’s email content policy. For example, administrators can filter messages based on defined dictionaries of unacceptable words and phrases in email messages. Other Content Compliance features include Attachment Filters and Content Filters. Content Filtering Allows administrators to quickly write custom filters that flag specific message characteristics such as words, phrases, or attachment types. Content filters are written by the administrator using the Control Center. Content Filters Supplemental filters created by administrators tailored specifically to the needs of their organization. Each content filter consists of a set of criteria that determine what messages will be filtered. Administrators can set specific actions to be taken on messages that match content filters. Content Filter Criteria Scans words and phrases in the message body that match against specific dictionaries and checking whether specified content appears in subject lines, from addresses, to/cc/bcc addresses, message headers, envelope from address, envelope to address, envelope HELO domain, and envelope peers headers. The filters can also check whether or not messages contain specific attachments. They can also identify messages that meet a specific message size criterion. Control Center Web-based configuration and administration interface. Using the Control Center, administrators can configure and monitor Symantec Mail Security 8200 Series appliances. Delete (Action) Refers to the action of removing or discarding filtered mail from the email stream. A best practice for spam filtering is to delete a certain percentage mail identified as spam, taking advantage of the Symantec’s 99.9999% accuracy rate for spam filtering. Deliver Normally Refers to the action of sending a filtered message through (Action) for ultimate delivery to the end-user’s inbox. This action is useful for testing purposes, as reports and statistics reflecting spam volume can still be generated. Dictionary Filters Enables administrators to define or import a pre-defined dictionary of prohibited words. Directory Harvest The mass emailing to a specific domain with an enormous 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 20
  21. 21. Term Description Attacks number of generated recipient addresses in the effort to determine valid email addresses from the specific domain. False Positive A piece of legitimate email that is mistaken for spam and classified as spam by the filtering technologies in Symantec Mail Security 8200 Series appliances. Filters Symantec Mail Security 8200 Series appliances use both filters provided by Symantec and filters developed by customers. Antispam filters and antivirus filters are sent from the BLOC. Filtering Engine Part of a Scanner, the Filtering Engine includes the MTA, as well as the different antispam and antivirus filtering technologies. Group Policies Allows administrators to specify groups of users, identified by email addresses, domain names, or LDAP groups, and to customize message filtering for each group. Header First part of an email message, containing information such as the address of the recipient, the address of the sender, message type, routing, and time sent. Heuristics A proactive filtering technique that looks for common spam and virus characteristics. For example, heuristic antispam filters analyze the header, body, and envelope information for incoming messages, checking for the presence of distinct spam characteristics and computing an overall score. If the score exceeds threshold, message is considered spam. ISP Internet Service Provider Language Identification Refers to the ability of the filtering engine to identifying the (Language ID) language of a message if it’s written in one of 11 languages. This enables the engine to run only the filters that apply to the message’s language, resulting in better performance. It also enables users to define the languages in which they want to receive messages. LDAP Lightweight Directory Access Protocol, a network protocol for storing, communicating, and validating user address and identification information. LDAP gives users a single tool to comb through data to find a particular piece of information, such as a user name, email address, security certificate, or other information. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 21
  22. 22. Term Description LDAP Synchronization Refers to the ability to perform change-based 1- way LDAP synchronization from existing directory stores. This feature allows administrators to easily access existing LDAP data. LDIF LDAP Data Interchange Format, an Internet Engineering Task Mark-Up Message Refers to the action of appending or prepending to the (Action) subject line or header of a filtered message. For example, an administrator can specify that the text [Possible-spam] be appended to the subject line of messages identified as suspected spam. Mass-Mailing Worm A worm that propagates itself to other systems via email, often by using the address book of an email client program. MIME Multipurpose Internet Mail Extension, a file-type definition standard that enables different mail programs to understand and interpret non-textual file types (such as .doc, .jpg, and .wav) in the same way. MTA Mail Transfer Agent, a generic term for programs such as sendmail, qmail, or postfix that send and receive mail between servers. Notification (Action) Refers to generated notifications that apply to messages (for example, end-user quarantine notifications). Open Proxy List A dynamic database containing IP addresses of identity- masking relays, including proxy servers with open or insecure ports. Because open proxy servers allow spammers to conceal their identities and off-load the cost of emailing to other parties, spammers will continually misuse a vulnerable server until it is brought offline or secured. Probe Network An extensive array of over 2 million decoy email addresses and domains, also known as spamtraps or honeypots. When extended with junk mail submissions from customers, the Probe Network is statistically representative of over 300 million email inboxes. This global network of email accounts attracts and collects large quantities of spam—tens of millions of spam messages pass through the Probe Network every day. As messages come into the BLOC, automated processes and expert technicians go into action, analyzing incoming spam and developing effective countermeasures. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 22
  23. 23. Term Description Quarantine Provides administrators and/or users direct Web-based access to spam messages that have been sidelined into the Quarantine database for them. Users can check for misidentified messages, resend messages to their inbox, and delete or search messages. An administrator account provides access to all quarantined messages. Relay MTA A mail server primarily used to transfer email between other mail servers. The integrated MTA in the Symantec Mail Security 8200 Series appliances operates as a relay MTA. Reputation Filters General name for the lists created by created via the Sender Reputation Service (formerly Brightmail Reputation Service). Safe List Part of the Sender Reputation Services, and is composed of a list of IP addresses from which virtually no outgoing email is spam. Scanner The part of the Symantec Mail Security 8200 Series appliances that perform email filtering. Appliances can be configured for Scanner-only functions. A Scanner includes the filtering engine and the MTA. Send to Archive For a specified category of messages (for example, spam), automatically sends a copy of the filtered message to a specific administrative account. This feature allows administrators to review the nature of messages targeting the organization. Sender Reputation Provides comprehensive reputation tracking that enhances Service the protection and prevention capabilities of Symantec Mail Security 8200 Series appliances. Symantec manages three lists as part of the Sender Reputation Service. Each of these lists operates automatically and filters messages using the same technology as other filters deployed by Symantec. The Sender Reputation Service includes Open Proxy List, Safe List and Suspect List. Signatures Symantec’s signature technology is the catalyst for Symantec’s industry-leading accuracy rate. In general, spam signatures work by distilling a specific spam attack down to a unique string of bits or a signature. This essential fingerprint of a spam attack can be used to identify variants of the attack. Accuracy is preserved because signatures are based on actual spam. Example: BrightSig2. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 23
  24. 24. Term Description SMTP (Simple Mail A server-to-server mail transfer protocol used by many mail Transfer Protocol) systems, such as Sendmail. It is based on TCP/IP. Spam Unwanted, unsolicited commercial bulk email. Symantec uses the term spam to identify messages that are determined to be spam, according to its filters. Spam Scoring Symantec Mail Security 8200 appliances assign a spam score to each message that expresses the likelihood that the message is actually spam. See also Suspected Spam. SPF Sender Policy Framework (SPF) is an antispam approach in which the Internet domain of an e-mail sender can be authenticated for that sender, thereby discouraging spam mailers, who routinely disguise the origin of their e-mail, a practice known as e-mail spoofing. SPF and other anti- spoofing initiatives, such as Domain Keys, work by making it easier for a mail server to determine when a message came from a domain other than the one claimed. Symantec Mail Security 8200 Series appliances support the SPF standard. Strip Attachment Refers to the action of blocking and removing certain types (Action) of email attachments that are specified by the administrator. Suspect List Part of the Sender Reputation Services, and is composed of a list of IP addresses from which virtually all of the outgoing email is spam. Suspected Spam Administrators can use the Control Center to define a separate category of messages, called suspected spam, based upon spam scoring. Administrators can specify different actions for spam messages and suspected spam messages. Sender Reputation Provides comprehensive reputation tracking that enhances Service the power of the filtering engine. Symantec manages three lists as part of the Sender Reputation Service. Each of these lists operates automatically and filters messages using the same technology as Brightmail’s other filters. TLS Transport Layer Security, a standard for encryption over email. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 24
  25. 25. Term Description Traffic Shaping The Symantec Mail Security 8200 Series feature manages the quality of service that each email sender is given, based on how likely it is that they are sending spam. Legitimate senders get excellent quality of service and their mail flows quickly, while spammers are given very poor quality of service and their connection rate is slowed. URL Filters Identifies and filters a spammer’s intended URL, which is often disguised and leads to spam Web pages. URL filters are managed and disseminated by the BLOC. Virus A program or code that replicates; that is, infects another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself to that medium. Worm Self-replicating virus that does not alter files but resides in active memory and duplicates itself. Most worms are spread as attachments to emails. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 25
  26. 26. Symantec, the Symantec Logo, LiveUpdate are U.S. registered trademarks of Symantec Corporation. Symantec Security Response is trademark of Symantec Corporation. Other brands and products are trademarks of their respective holder/s. Copyright © 2004 Symantec Corporation. All rights reserved. 01/13/05 Symantec Mail Security 8200 Series Appliance Quickstart: 26

×