Preview only show first 10 pages with watermark. For full document please download

Up O R

Rating
Date

November 2018
Size

1.4MB
Views

2,874
Categories

Computers & electronics Networking Gateways/controllers

Transcript

Virtual Appliance 8.0 Reviewer’s Guide February 2011 Trend Micro, Inc. 10101 N. De Anza Blvd. Cupertino, CA 95014 T 800.228.5651 / 408.257.1500 F 408.257.2003 www.trendmicro.com SOLUTION MANAGEMENT GROUP InterScan Messaging Security i Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide Contents Foreword......................................................................................................................................................................3 Quick Installation .......................................................................................................................................................4 New Features in IMSVA 8.0 ......................................................................................................................................9 Cloud Pre-Filter ........................................................................................................................................................ 9 Smart Protection Network....................................................................................................................................... 18 Web Reputation...................................................................................................................................................... 19 Appendix: Hardware Requirements .....................................................................................................................24 Copyright Trend Micro, Inc. 2011 i Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide Copyright© 2011 by Trend Micro Incorporated. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the prior written consent of Trend Micro Incorporated. Trend Micro, the t-ball logo, Control Manager, and InterScan are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. Information contained in this document is provided "as-is" and subject to change without notice. This report is for informational purposes only and is not part of the documentation supporting Trend Micro products. TREND MICRO MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, IN THIS REPORT. This document is a product of Trend Micro Solution Management Group. Copyright Trend Micro, Inc. 2011 ii Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide Foreword This guide is intended to assist an email administrator, with experience in managing and installing Internet Security Mail Gateways, with the deployment process of Trend Micro™ InterScan™ Messaging Security Virtual Appliance (IMSVA) and provide an overview of some of the key features that are new in this release. It is not intended as a standalone administration or installation guide. These are available separately and should be used for an in-depth analysis of any functionalities or features. The first section of the guide details the installation process for IMSVA, and the second picks some of the key features of this new release and explains them in a little more detail. Copyright Trend Micro Inc. 2011 3 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide Quick Installation This quick installation guide is for a virtualized deployment using VMware™ ESX server. It assumes a working knowledge of VMware and its operations. For detailed hardware requirements, please see Appendix: Hardware Requirements. Here are the steps involved in the quick installation: 1. Upload the ISO image to your VMware server and mount it as a virtual CD Rom drive within your virtualization software. 2. Create a new virtual machine with recommended setting as follows: F igure 1 Recommended Settings The CD/DVD device should be connected to the downloaded ISO image file from the Trend Micro download site. Its status should be ‘connected’ and ‘connected at power on’ in order to boot from the CD to perform the installation. Note 3. The memory and CPU’s should be tailored to suit the hardware that you are running the virtual machine on. IMSVA will take advantage of additional memory, CPU’s and disk storage to improve performance. The minimum recommended memory is 4GB (recommended 8GB), and the minimum recommended disk space is 120GB (recommended greater than 250GB for log and quarantine storage). Additional CPU’s will enhance performance up to a point. However, typically, mail gateway solutions require on fast IO access for performance, rather than CPU processing power. Power on the virtual machine. It should then boot into the IMSVA installation options. Run through the wizard and choose the settings that are applicable to your environment. Then, wait for the installation process to complete. Afterwards, the virtual machine will be booted again. Copyright Trend Micro Inc. 2011 4 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide 4. Upon the next boot up, the IMSVA should have been installed. The virtual machine console will now show you instructions on how to log into the system via the web management console. For a list of functionalities available from the console or via SSH, please consult the Administration Guide. 5. Open up a supported web browser and navigate to one of the IP addresses that you assigned to the IMSVA using an https:// connection and specifying port 8445 (i.e. https://:8445). IMSVA uses a self-signed SSL certificate, so depending on your web browser, you may need to accept the warning when prompted. 6. Log into the web console. The default username is ‘admin’, and the default password is ‘imsva8.0’. It is recommended that you change these to ensure security. 7. You will be presented with an initial configuration wizard, which will ask you to confirm various settings entered during the installation process and input other configuration parameters. F igure 2 Step 1 of the Configuration Wizard Copyright Trend Micro Inc. 2011 5 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide 8. The second step of the wizard asks you to confirm the deployment type. IMSVA supports having multiple servers with assigned roles to increase both capacity and availability. For each deployment with multiple machines, there will be a ‘parent’ that holds the policies and log information, and ‘children’ that add to the capacity or provide specialized functions, such as a dedicated end user quarantine. For detailed information on deployment types, please consult the Administration Guide. F igure 3 Step 2 of the Configuration Wizard Copyright Trend Micro Inc. 2011 6 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide 9. You will now be prompted to enter your mail domain details: F igure 4 Step 3 of the Configuration Wizard The ‘Relay Domains’ section should contain all of the email domains that you receive mail for. For example, if you have two email domains, ‘yourcompany.com’ and ‘yourcompany.net’, they should both be entered here. Under domain-based delivery, each of the relay domains defined should have an IP address entered to forward messages to. Typically, this would be the IP address of your mail server. 10. In step 4 of the wizard, you should define where system notifications are sent. These are used for notification when an error or event occurs on the IMSVA system, so an administrator’s email address or distribution list is used. 11. Step 5 defines where IMSVA should download virus and spam definitions. This can be left at the defaults. However, if a proxy server is required to access the Internet, it should be entered. Otherwise, IMSVA will not be able to download the latest definitions, and effectiveness will be greatly reduced. 12. The next step of the wizard, step 6, allows you to integrate your IMSVA with your local LDAP directory server, so you can use LDAP groups within your email security policy. This is required if you wish to use end user quarantine. For more details on configuring this, please consult the Administration Guide. 13. In step 7, you should define all of the email domains that you will be receiving mail from or sending mail to. IMSVA uses this information to determine which rules to apply to messages and the direction of messages – if it is inbound or outbound from your organization. If you have previously defined your LDAP settings, it is also possible to import groups of internal users during this section. Copyright Trend Micro Inc. 2011 7 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide 14. If you have an existing Trend Micro Control Manager™ (TMCM) in your organization, step 8 allows you to define the server in order to allow remote management, log uploads and configuration replication between IMSVA instances. 15. In step 9, you should enter your registration keys. If you do not have a registration key and wish to perform a free evaluation, you can get a trial key from http://forms.trendmicro.com/index.php?dom=us&productID=109. The wizard is now complete. You should double check your settings before finishing. IMSVA is now installed and operational, and you will be shown the main user interface. Should you wish to re-run the configuration wizard at any point, you can find it under Administration--> IMSVA Configuration Configuration Wizard. For detailed information on all of the functionalities, please consult the IMSVA Administration Guide. Copyright Trend Micro Inc. 2011 8 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide New Features in IMSVA 8.0 Now that IMSVA has been successfully deployed, the following section shows some of the key features within this release, explaining both their operation, benefit and configuration options. Cloud Pre-Filter Cloud Pre-Filter is a hybrid Software as a Service (SaaS) solution where inbound email messages are routed through Trend Micro’s data centers for scanning ‘in the cloud’ before they are delivered to IMSVA. By routing your inbound email messages via Cloud Pre-Filter, you can protect your domains against malicious email messages, spam and phishing messages, as well as threats such as directory harvest attacks. This reduces your bandwidth and resource requirements since high volumes of unwanted email are removed before it reaches your network Our customers on the average are having their inbound traffic reduced by at least 90% as spam and malware related emails are blocked in the cloud before they reach their networks. F igure 5 How Cloud Pre-Filter Works To enable the Cloud-Pre Filter service, select the Cloud Pre-Filter option from the IMSVA administrative console. Choose an account name and enter an administrative email address. This will be used for notifications such as service status updates. Finally, choose your primary geographic location from the drop down list. This will be used to choose a Cloud Pre-Filter data center closest to your location to ensure a high quality of service. Copyright Trend Micro Inc. 2011 9 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide F igure 6 Creating a Cloud Pre-Filter Account When create is pressed, the local IMSVA will create your Pre-Filter account for you. F igure 7 After Creating a Cloud Pre-Filter Account It is recommended that you export the key file after creation and store it safely along with your chosen Cloud PreFilter account name to ensure that you can quickly re-create your Pre-Filter settings should you need to. Copyright Trend Micro Inc. 2011 10 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide The next step is to create your domain. F igure 8 Creating a Domain Click ‘Add’, and enter your email domain and message delivery information. Copyright Trend Micro Inc. 2011 11 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide F igure 9 Entering Email Domain and Message Delivery Information For each of the domains you specify, the Cloud Pre-Filter needs to know where to forward messages to. This will be the Internet-accessible address for your IMSVA or firewall. Multiple entries are supported, and SMTP-standard priorities are used. A lower priority value will take precedence while two entries with the same priority will receive both emails (round robin delivery). Step 2 allows you to define approved and blocked senders. Approved senders will not have the spam filter applied to them. Blocked senders will not be allowed to send you messages. For each type, you can either define by email address ([email protected]), domain via a wildcard (*@domain.com) or via sending IP address. If you have already defined approved or blocked users, you can import these lists either directly from the IMSVA local policy or from a file and push these settings to the cloud. Copyright Trend Micro Inc. 2011 12 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide F igure 10 Specifying Sender Conditions Finally, you can choose the filters, actions and sensitivities to apply as your email messages pass through the Cloud Pre-Filter service. Copyright Trend Micro Inc. 2011 13 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide F igure 11 Selecting Filter F igure 12 Setting Anti-spam Filters to Quarantine It is recommended that you set the antispam filters to quarantine initially. This means that messages deemed to be spam will be stored locally in a special Cloud Pre-Filter quarantine area. For a short while, you can monitor this quarantine area, check that everything is working as expected with no loss of email and fine tune the action options to meet with your requirements afterwards. Copyright Trend Micro Inc. 2011 14 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide When you press finish, you will be returned to the main Cloud Pre-Filter screen, which should indicate that your account has been successfully created. F igure 13 Cloud Pre-Filter Policy List The final stage in activating Cloud Pre-Filter is to change your mail delivery records to route your email messages via Trend Micro’s data centers. Without completing this final step, emails will still be delivered to your servers locally. By clicking on one of your domains defined within the Cloud Pre-Filter Policy List, you can view and edit the settings. Copyright Trend Micro Inc. 2011 15 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide F igure 14 Changing Mail Delivery Records You should update your Mail Exchanger (MX) records within your DNS server or your DNS provider to deliver messages to the addresses defined within ‘Inbound Server Addresses’. These will be different depending on your geographic location and the choices you made during the installation process. The process for making these updates will differ depending on the particular DNS service in use, so please consult the documentation supplied by your DNS provider. It is recommended that you define your MX records to use the Trend Micro data center with a higher priority (so a lower number specified within the priority section of DNS) and to specify your existing MX records as a fall back with a lower priority (so a higher number within DNS). Remember that a lower number in DNS equals a higher priority. Depending on the configuration of your DNS records, any changes can take up to 72 hours to get broadcasted to the rest of the Internet. The normal pain points when using a combination of an in-the-cloud scanning service, combined with an on-premise security solution, are configuration, logging and mail tracking. You would have to log into two separate places to make any changes or track any message flows. There is one console for the cloud, and another one for the local system. IMSVA is unique in the sense that there is only a single console for configuration, reporting and logging. During the setup process, you have aleady seen the configuration options integrated into the local console. The message tracking and reporting tools are tightly integrated as well. If you perform mail tracking, information from the Cloud Pre-Filter service will be retrieved and combined with the local message tracking information, showing an end-to-end overview of the mail flow. Copyright Trend Micro Inc. 2011 16 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide F igure 15 Local Message Tracking Information Likewise, with reporting, information on the threats blocked both in the cloud and locally will be combined to provide you with a full overview rather than separate reports. Copyright Trend Micro Inc. 2011 17 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide Smart Protection Network Another key feature in this release of IMSVA is the integration with Trend Micro Smart Protection Network™ (SPN). The Smart Protection Network consists of many sources of threat information, such as Email Reputation, File Reputation, Web Reputation, analysis of known malware and information provided by Trend Micro’s customers on threats that have been blocked. Each of these sources of information is processed and correlated within Trend Micro’s data centers to provide the most up-to-date protection possible. Instead of relying on a pattern file for the latest protection, which must be periodically downloaded to each mail gateway, the threat information is hosted within the cloud and is queried as required by SPN. This saves bandwidth and ensures the best protection as the ‘cloud’ information is always up-to-date. There is no lag time between a new threat being identified and the mail gateway downloading the latest threat information. Another key benefit of the Smart Protection Network is that information from these multiple data sources can be correlated among each other. For example, a consumer with Trend Micro Titanium™ receives a link to a website via Instant Messenger, clicks on it and visits a new web site that hosts malware, which then attempts to infect his PC via a malicious file. The file will be downloaded and detected as malicious by the antivirus engine. Titanium will feed information, such as the URL that the malicious file was downloaded from, information about the file and the type of infection attempted, back into SPN. SPN will then start to correlate information between the threat feeds, Web Reputation and File Reputation will tag them as malicious. Meaning, any other SPN-enabled solution will instantly be able to get the latest protection with no pattern downloads. The next time a user clicks on the same malicious link, it will be blocked by SPN before the file is downloaded. For more information on Smart Protection Network, please visit: http://www.smartprotectionnetwork.com/. Copyright Trend Micro Inc. 2011 18 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide Web Reputation Web Reputation, a part of the Smart Protection Network, is a key weapon in the war against spam and phishing attacks. Web Reputation will analyze embedded url’s inside emails, which is useful for detecting malicious emails. Many spam messages have a link within them for the unsuspecting user to click on, which will normally take them to a malicious website, introducing malware into the network When the Web Reputation Service within IMSVA is enabled, all URL’s are analyzed, and their reputation is retrieved from Trend Micro’s Smart Protection Network. The advantages of this approach compared to traditional antispam and anti-malware technologies are two-fold. Firstly, no large database of known URL’s needs to be periodically downloaded to the virtual appliance. Instead, a lightweight query to the cloud ensures minimal usage of bandwidth and will always return the most up-to-date information. Secondly, using a traditional technology is very difficult to assess the website of the link in the email. It could be a valid site, a phishing site or a site designed to infect your machine. A traditional spam or antivirus engine has no way of telling. With Web Reputation, either the antivirus or the antispam engine can quickly query for the reputation of that link and get a response back. Using our previous example of a malicious link sent via IM, if this link was forwarded via email and processed by IMSVA, the link will be checked against SPN. The response will be that this is a known malicious site, so the site would be blocked. A traditional antispam and antivirus solution would let the message pass through (as the message itself is not spam and does not have any malicious content, just a link) and potentially expose end users to danger. Because of this weakness within traditional solutions, this kind of infection attempt is becoming very common among spammers and malware writers, so we strongly recommend you to enable Web Reputation in order to receive the best protection. To enable Web Reputation, select Policy List within the Policy section. Copyright Trend Micro Inc. 2011 19 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide F igure 16 Enabling Web Reputation Then, click on your antispam rule. The default is ‘Default spam rule’. You will now see an overview of the configuration settings for this spam rule. Copyright Trend Micro Inc. 2011 20 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide F igure 17 Overview of Configuration Settings for Spam Rule Edit the scanning conditions to show the various checks that will be applied within this rule. Copyright Trend Micro Inc. 2011 21 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide F igure 18 Editing Scanning Conditions Clicking on ‘Web Reputation Settings’ allows you to set the degrees for how messages are categorized. In most cases, the default settings are sufficient. Copyright Trend Micro Inc. 2011 22 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide F igure 19 Web Reputation Settings You can also add exceptions to the scanning list. For example, if a business partner becomes blocked due to a compromised website, and there is still a business requirement to receive links from them, you can enable and add exceptions to the list. Likewise, if a website has been incorrectly classified, you can request for it to be automatically re-categorized by visiting http://reclassify.wrs.trendmicro.com/. Copyright Trend Micro Inc. 2011 23 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide Appendix: Hardware Requirements The hardware requirements for installing IMSVA within a virtualized environment are as follows: Recommended System Requirements - VMware ESX/ESXi Server Version 3.5.0 or later VMware Host Containing Four Intel (TM) Xeon (TM) CPU’s 1.6 GHz or above Recommended IMSVA Virtual Machine Requirements - Four Virtual CPU’s 8 GB RAM 250 GB hard disk space or more (IMSVA automatically partitions the detected disk space as per recommended Linux practices.) Minimum System Requirements - VMware ESX/ESXi Server Version 3.5.0 or later VMware Host Containing Two Intel Xeon CPU’s 3 GHz Minimum IMSVA Virtual Machine Requirements - Two Virtual CPU’s 4 GB RAM At least 120 GB hard disk space (IMSVA automatically partitions the detected disk space as per recommended Linux practices.) Copyright Trend Micro Inc. 2011 24 Trend Micro InterScan Messaging Security Virtual Appliance 8.0 Reviewer’s Guide About Trend Micro Trend Micro Incorporated is a pioneer in secure content and threat management. Founded in 1988, Trend Micro provides individuals and organizations of all sizes with award-winning security software, hardware, and services. With headquarters in Tokyo and operations in more than 30 countries, Trend Micro solutions are sold through corporate and value-added resellers and service providers worldwide. For additional information and evaluation copies of Trend Micro products and services, visit our Web site at www.trendmicro.com. Copyright Trend Micro Inc. 2011 25

Up O R

Rating

Date

Size

Views

Categories

Share

Transcript

Forgot your password?.