DOCSLIB.ORG

SMTP-Sicherheit Mit DANE

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
SMTP-Sicherheit Mit DANE One Year of DANE Tales and Lessons learned sys4.de Why DANE? Issues with opportunistic TL > CA model > Downgrade Attack > MITM attack > Incomplete automation for certification rollover Br0ken CA Model Today > Any CA can issue certificates for any domain > CAs have been compromised in the past > CAs have issued wrong or unauthorized certificates > Declining Trust in CA root certificates (since Snowden) DANE > Can secure „on top% of the CA model > Can be used with „self-signed% certificates (without CA# Türktrust? Diginotar? Session downgrade Today > Client doesn't know server supports T'" > MITM Attacker may downgrade session to „non T'"% DANE > T'"A RR signals T'" support !„strong ")*+'D%# via D,"!"-C) > Client can detect Downgrade Attacks !a server that advertises T'S via D,". but does not perform a T'S handshake# Session downgrade MITM Attack Today > Attacker can intercept T'" secured communication with a matching certificate (Common Name# DANE > Identification via D,""EC detects false identity of attacker > /012 fingerprint is only valid for the original server Automation. NOT! Today > Certification Authority is warrantor > Manual verification > ,eed to monitor certificate rollover DANE > Trusted D,""-C Domain acts as the warrantor (CA# > Identifcation on the same media via a different service (D,"# > Automatic certificate rollover possible How DANE works… DANE/TLS > DA,E / T'" creates a !new) T'"A R( in D," > T'"A R( publishes certificate fingerprint > 4D," based Authentication of ,amed -ntities4 ((5C 6627# > Authenticate T'" enabled server using a trusted channel !D,""EC) TLSA RR .uery $ dig +dnssec TLSA _25._tcp.mail.sys4.de _25._tcp.mail.sys4.de. 3600 IN TLSA 3 0 1 ( 9273B4E9040C1B9EE7C946EFC0BA8AAF2C6E5F05A1B2 C960C41655E32B15CBE0 ) _25._tcp.mail.sys4.de. 3600 IN RRSIG TLSA 8 5 3600 ( 20141124104604 20141117195102 19786 sys4.de. afEJbtmKZVn995XiI2BFQwYKC1ZfcsIK/j2JA9C8oYSp pneBLVYuX8C0ZW9zTHCExtXS1kJrNf48sFRaOWwbZvPy 1vRiB+c46QRG0kwceDUjzZGtpG3Al2LKBVKw4bxMMOzu DeqECrf/n1W8XF6UQcrB0PdTY81Y6IZTUovYhak= ) TLSA resource record _25._tcp.mail.sys4.de. IN TLSA 3 0 1 9273B4E9040C1B... | | | | | | | | Port-- | | | | | | | Protocol- | | | | | | Host---------- | | | | | Resource type------------------ | | | | Certificate Usage ------------------ | | | Selector ----------------------------- | | Matching Type -------------------------- | Certificate Association Data ------------- What is it good for? Use $ases > HTTPS Connect service/server to a certificate > SMTP Connect service3server to a certificate > OpenPGP Associate 8ublic 9eys to email address > S/MIME Associate Certificates with Domain ,ames and email addresses *TTPS Browser Plugin $PEs can create issues ! 6 # 4 " " $ D," 8ro:y issues. C8- modem study over 15 common C8E devices sys< for Unitymedia Deutschland. August =1;< %TP Security via Opportunistic DANE TL > Initial (5C draft published =1;> ?iktor Dukhovni. 8atrick @en 9oetter (lector# > Currently in DA,- AB $Last Call% > 5irst implementations > 8ostfi: > *penSMT8d > -:im > In production Csys< since ;=3=1;> 23erified“ makes all the difference Today Jul 14 11:03:31 mail postfix/smtp[6477]: Trusted TLS connection established to mx-ha03.web.de [213.165.67.104]:25: TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits) DANE Jul 14 11:04:44 mail postfix/smtp[6409]: Verified TLS connection established to mail.sys4.de [194.126.158.139]:25: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) DANE o1er %TP Adoption Currently about 1D=11 email domains > posteo.de > mailbox.org > bund.de > +nitymedia (+PC Germany) > bayern.de > "AITC) > I-T5 Top 10 DANE TLDs Dde ;=; >2E Dinfo 0 =E Dnl 0 =E Duk 5 =E Dcz 2 >E Dch ;3 <E Deu ;0 0E Dcom >4 ;;E Dnet 67 ==E Dorg >0 ;;E ?iktor Dukhovni on IET5 DANE mailinglist, 14.;;D=1;< DANE OPEN0607EY > Store 8B83B8B public keys in D," > 'ocal part of mail address hashed !currently: ")A=06 shortened to =7 bytes# > (eplaces or augments 8B8 keyserver > Benefits over current 9eyserversG > 9ey removalH > 9eys authenticated by DN""EC domain ownership and web of trust DANE OPEN6067EY Mail client !;# reIuest for *8-,8B89-J record!s# D,"!SEC# !;# reIuest for *8-,8B89-J resolver record!s# authoritative Mail server D," DANE OPEN6067EY Mail client !># D,""EC validation D,"!SEC# !=# public 8BP key!s# resolver for recipient email address authoritative Mail server D," DANE OPEN6067EY Mail client !<# mail encrypted with public key D,"!SEC# resolver !0# encrypted email is sent authoritative Mail server D," DANE %IMEA > Authenticates email x512 certificates for S3MIME > "tores hash or certificate in D,""EC secured domain > Email localpart hashed (=7 byte of SHA=06# > email clients !M+A. mail user agent) validate :012 certificate3public-key in incoming email > email clients fetch :012 public key certificates from D," DANE ,MIME Alice @ob !;# Bob sends Alice email with S3MIM- cert attached D,"!SEC# resolver authoritative D," DANE ,MIME Alice @ob !=# reIuest for "MIM-A records D,"!SEC# resolver !=# reIuest for "MIMEA records authoritative Mail server D," DANE ,MIME Alice @ob D,"!SEC# resolver !0# "/MIME :012 !<# D,""EC cert (or hash) + AD validation !># S/MIME x012 cert (or hash) authoritative D," DANE ,MIME Alice @ob D,"!SEC# resolver !6# Alice encrypts !F# encrypted email email with Bob's sent public key authoritative D," s(illa > "MIMEA aware Milter > $"milla&s Sense of Snowden% > Transparent for users > In- and outbound encryption > To be released as Open Source when R5C becomes standard > Download at https:33github.com/sys43 Ne8t Steps DANE W6 > ra%&Certificates > M't'a( Aut)entication client side authentication via T'"A R( > Pay*ent Association +ecords 'ink account information3bitcoin wallet to a email adress Markets for DANE Who benefits from DANE? > $"ecurity services% providers > Email users with „defined“ security requirements > Online 8ayment. insurance. banks > Enterprises > "ubcontractor TLS in .de "TA(TT'" 00E 8lainte:t <0E 2,7 Mio. MX RR > 275.000 MTAs with 12.092 IPv6 \o/ MTAs DNS EC in .DE signed $. 'nsi,ned --. $"MT8. "TA(TT'". DA,- Aer spielt mit wemL%. 8eter 9och, D-,IC eB D-,IC M Technisches Meeting. 5rankfurt, =1;< 12 >1 DN SE$ growth in .de "#/// "//// $#/// $//// #/// / ;>31; ;>31= ;>31> ;>31< ;>310 ;>316 ;>31F ;>317 ;>312 ;>3;1 ;>3;; ;>3;= ;<31; ;<31= ;<31> ;<31< ;<310 ;<316 ;<31F ;<317 $"MT8. "TARTT'". DANE Aer spielt mit wemL%. 8eter Koch. DENIC eB DENIC – Technisches Meeting, Frankfurt, =1;< 12 >1 DN SE$ growth in .NL 8owerDNS D,""EC deployment graphG httpsG33:sDpowerdnsDcom/dnssec nl-graph3 DANE road-blocks? What people tell > D,S provider with incomplete or non existent D,""-C support > D,""-C is technology but not a use case > Aith D,""-C issues become mission critical > Missing D,""-C/DA,- monitoring and alarming > Missing know-how for automated certificate-management and D,""-C signing > Missing toolchain for automated management -egistrars > Major registrars do not offer D,""EC > Costs/risks of moving domains between registrars Coordination > :012 certs, PB8 keys in D," > D," is a loosely consistent database > don&t forget about the cachesH old cert removed from mail-server. T'"A record T'"A of old cert for old cert deleted from D," zone new cert created. new T'"A record published Oonetransfer K TT' of T'"A ((set DNSSEC is Mission Critical > D," is the „ugly duckling% of network management > D,""EC might require a new3better D," design > D,""EC reIuires „trusted peers% > Expired D,""EC signatures can make domain „vanish% (until the SIGs are renewed) DANE 3alidator Takeaway > DA,E is open standard > DA,E allows scalable and secure trust management > DA,E requires D,""EC as a „one time cost% > "oftware support is hereG Postfi:. Exim. OpenSMT8d. OpenPB89-J milter. smilla > Get knowledge and experience now! sys4.de https;,/sys4.de/download/dane:N$ $:en.pdf.
Load more

Recommended publications
  • CYRUS: BUILD YOUR TUTORIAL OWN EMAIL SERVER Don’T Trust Google? We’Ll Help You Navigate the Sea of JOHN LANE Acronyms to Build Your Own Mailserver
    TUTORIAL MAILSERVER CYRUS: BUILD YOUR TUTORIAL OWN EMAIL SERVER Don’t trust Google? We’ll help you navigate the sea of JOHN LANE acronyms to build your own mailserver. ou can’t beat the convenience and ease of use access their mail by connecting to the server using WHY DO THIS? offered by Gmail. But unfortunately, all that any IMAP-capable email client application. • Take control of your Yfree storage comes at a price: your privacy. You will need a, preferably new, server for this email provision. Spam, intrusive adverts and snooping from unnamed project and you’ll need root access to it. Our examples • Stop outside agencies government agencies are the inevitable downside of use Arch Linux, and we created a new virtual server. from scanning the using someone else’s service for free. So why not Begin by installing Cyrus (build the Arch User content of your emails. build your own email server including anti-spam, Repository package first – see the boxout below-right): • Get webmail without advertising. anti-virus and webmail? $ pacman -U ~build/cyrus-imapd/cyrus-imapd-2.4.17-5-x86_64. You can use your own server to retrieve messages pkg.tar.xz from other mailservers, such as those provided by The default configuration writes data to /var/imap internet service providers, or other services like those and user mailboxes to /var/spool/imap. You can from Google and Yahoo. But you don’t need to rely on change this if you prefer another location; we’ll others if you have your own server. If you have a configure our server to use /srv/mail/cyrus to domain name that you control, and if you can give your illustrate this.
    [Show full text]
  • Cyrus Mail Server 2 Table of Contents
    Univention Corporate Server Cyrus mail server 2 Table of Contents 1. Introduction ........................................................................................................................ 4 2. Installation ......................................................................................................................... 5 3. Management of the mail server data ....................................................................................... 6 3.1. Management of mail domains ..................................................................................... 6 3.2. Assignment of e-mail addresses to users ........................................................................ 6 3.3. Management of mailing lists ....................................................................................... 7 3.4. Management of mail groups ........................................................................................ 7 3.5. Management of shared IMAP folders ........................................................................... 8 3.6. Mail quota ............................................................................................................... 9 4. Spam detection and filtering ................................................................................................ 10 5. Identification of viruses and malware .................................................................................... 11 6. Identification of Spam sources with DNS-based Blackhole Lists (DNSBL) ...................................
    [Show full text]
  • Toward an Automated Vulnerability Comparison of Open Source IMAP Servers Chaos Golubitsky – Carnegie Mellon University
    Toward an Automated Vulnerability Comparison of Open Source IMAP Servers Chaos Golubitsky – Carnegie Mellon University ABSTRACT The attack surface concept provides a means of discussing the susceptibility of software to as-yet-unknown attacks. A system’s attack surface encompasses the methods the system makes available to an attacker, and the system resources which can be used to further an attack. A measurement of the size of the attack surface could be used to compare the security of multiple systems which perform the same function. The Internet Message Access Protocol (IMAP) has been in existence for over a decade. Relative to HTTP or SMTP, IMAP is a niche protocol, but IMAP servers are widely deployed nonetheless. There are three popular open source UNIX IMAP servers – UW-IMAP, Cyrus, and Courier-IMAP – and there has not been a formal security comparison between them. In this paper, I use attack surfaces to compare the relative security risks posed by these three products. I undertake this evaluation in service of two complementary goals: to provide an honest examination of the security postures and risks of the three servers, and to advance the study of attack surfaces by performing an automated attack surface measurement using a methodology based on counting entry and exit points in the code. Introduction Contributions and Roadmap System administrators frequently confront the The paper makes two major contributions. First, problem of selecting a software package to perform a I undertake an in-depth discussion of the relative secu- desired function. Many considerations affect this deci- rity postures of the three major open source IMAP sion, including functionality, ease of installation, soft- servers in use today.
    [Show full text]
  • Exim the Mail Transfer Agent.Pdf
    ,Title.10724 Page 1 Tuesday, October 9, 2001 9:25 AM Exim The Mail Transfer Agent ,Title.10724 Page 2 Tuesday, October 9, 2001 9:25 AM ,Title.10724 Page 3 Tuesday, October 9, 2001 9:25 AM Exim The Mail Transfer Agent Philip Hazel Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo ,Copyright.10561 Page 1 Tuesday, October 9, 2001 9:25 AM Exim: The Mail Transfer Agent by Philip Hazel Copyright © 2001 O’Reilly & Associates, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly & Associates, Inc., 101 Morris Street, Sebastopol, CA 95472. Editor: Andy Oram Production Editor: Mary Brady Cover Designer: Ellie Volckhausen Printing History: June 2001: First Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly & Associates, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly & Associates, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. The association between the image of an aye-aye and Exim is a trademark of O’Reilly & Associates, Inc. While every precaution has been taken in the preparation of this book, the publisher assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. Library of Congress Cataloging-in-Publication Data Hazel, Philip Exim: the mail transfer agent/by Philip Hazel p.cm. ISBN 0-596-00098-7 1. Exim (Computer program) 2.
    [Show full text]
  • Mailarchiva Enterprise Edition V1.9
    MailArchiva Enterprise Edition Administration Guide Willkommen Bienvenidos Welkom Bienvenue Welcome MailArchiva Enterprise Edition v1.9 INSTALLATION AND AMINISTRATION GUIDE For Windows / Linux MailArchiva Enterprise Edition Administration Guide 1 INDEX 1 INDEX ............................................................................................................. 2 2 IMPORTANT NOTICE ....................................................................................... 4 3 CONTACT INFORMATION ................................................................................. 4 TECHNICAL REQUIREMENTS .................................................................................. 5 4 OVERVIEW ...................................................................................................... 6 5 HIGH-LEVEL FEATURES ................................................................................... 7 6 ARCHITECTURE ............................................................................................... 9 7 INSTALLATION .............................................................................................. 10 7.1 EXCHANGE SERVER CONFIGURATION .................................................................... 11 7.2 SERVER INSTALLATION (ON WINDOWS ) ................................................................ 14 7.3 SERVER INSTALLATION (ON LINUX ) ..................................................................... 15 7.4 MICROSOFT EXCHANGE ...................................................................................
    [Show full text]
  • Understanding Email Sending in Nagios XI
    The Industry Standard In Infrastructure Monitoring Nagios XI Understanding Email Sending Purpose This document describes how Nagios XI sends emails and explains how to configure your email settings. Nagios XI uses email to send notifications as well as for sending reports. Target Audience This document is intended for use by Nagios Administrators who want to understand in detail how emails are sent by Nagios XI. Navigation Email settings in Nagios XI are located in Admin > System Config > Manage Email Settings. 1295 Bandana Blvd N, St. Paul, MN 55108 [email protected] US: 1-888-624-4671 INTL: 1-651-204-9102 www.nagios.com © 2017 Nagios Enterprises, LLC. All rights reserved. Nagios, the Nagios logo, and Nagios graphics are the servicemarks, trademarks, or registered trademarks owned by Nagios Enterprises. All other servicemarks and trademarks are the property of their respective owner. Page 1 / 7 Updated – September, 2018 The Industry Standard In Infrastructure Monitoring Nagios XI Understanding Email Sending Web Browser Behavior There are some behaviors of your web browser which you need to be aware of. A lot of different web browsers will auto-complete / auto-populate fields on a web page when it loads. This usually only occurs when it sees a common field that does not have a value, it may have a saved value for that "named field" and hence it will populate that field with that saved value. If you open the Manage Email Settings page in Nagios XI you might notice that the username and password fields are already populated. You know that you didn't put a value in here, especially when this is the first time you've visited this page on a fresh install of Nagios XI.
    [Show full text]
  • Efficient Spam Filtering System Based on Smart Cooperative Subjective and Objective Methods*
    Int. J. Communications, Network and System Sciences, 2013, 6, 88-99 http://dx.doi.org/10.4236/ijcns.2013.62011 Published Online February 2013 (http://www.scirp.org/journal/ijcns) Efficient Spam Filtering System Based on Smart * Cooperative Subjective and Objective Methods Samir A. Elsagheer Mohamed1,2 1College of Computer, Qassim University, Qassim, KSA 2Electrical Engineering Department, Faculty of Engineering, Aswan University, Aswan, Egypt Email: [email protected], [email protected] Received September 17, 2012; revised January 16, 2013; accepted January 25, 2013 ABSTRACT Most of the spam filtering techniques are based on objective methods such as the content filtering and DNS/reverse DNS checks. Recently, some cooperative subjective spam filtering techniques are proposed. Objective methods suffer from the false positive and false negative classification. Objective methods based on the content filtering are time con- suming and resource demanding. They are inaccurate and require continuous update to cope with newly invented spammer’s tricks. On the other side, the existing subjective proposals have some drawbacks like the attacks from mali- cious users that make them unreliable and the privacy. In this paper, we propose an efficient spam filtering system that is based on a smart cooperative subjective technique for content filtering in addition to the fastest and the most reliable non-content-based objective methods. The system combines several applications. The first is a web-based system that we have developed based on the proposed technique. A server application having extra features suitable for the enter- prises and closed work groups is a second part of the system. Another part is a set of standard web services that allow any existing email server or email client to interact with the system.
    [Show full text]
  • Postfix−Cyrus−Web−Cyradm−HOWTO
    Postfix−Cyrus−Web−cyradm−HOWTO Luc de Louw luc at delouw.ch Revision History Revision 1.2.0 2002−10−16 Revised by: ldl The first release of the 1.2 version. Revision 1.1.7 2002−10−15 Revised by: ldl Added Michael Muenz' hints for SMTP AUTH, corrected ca−cert related mistake, improved SGML code (more metadata), updated the software mentioned in the document. Revision 1.1.6 2002−06−14 Revised by: ldl Added sasl_mech_list: PLAIN to imapd.conf, added web−cyradm Mailinglist, added more to web−cyradm Revision 1.1.5 2002−06−11 Revised by: ldl Added new SQL query to initialize web−cyradm to have full data integrity in the MySQL Database, mysql−mydestination.cf reported to be operational as expected. Revision 1.1.4 2002−05−15 Revised by: ldl Added description what is needed in /etc/services Another fix for pam_mysql compile, updated software versions. Revision 1.1.3 2002−05−08 Revised by: ldl Added more description for web−cyradm, fix for wrong path of the saslauthdb−socket, Fix for wrong place of com_err.h, protection of the TLS/SSL private key. Revision 1.1.2 2002−04−29 Revised by: ldl Added description for Redhat users how to install the init scripts. Revision 1.1.1 2002−04−29 Revised by: ldl Fixed bug in configuring cyrus−IMAP (disabled unused kerberos authentication) Revision 1.1.0 2002−04−28 Revised by: ldl Initial support for building cyrus from source, dropped binary installation for Cyrus, because configuration has changed with Release 2.1.x Revision 1.0.2 2002−04−25 Revised by: ldl Added basic description for sieve and correct sender handling, minor fixes to db related stuff, Added mysql−lookup for »mydestination« , fixed bug for building postfix with mysql support.
    [Show full text]
  • Brave Gnu World
    LINUXCOVERCOMMUNITY USERSTORY SchlagwortSchlagwortBrave GNU sollte Worldsollte hier hier stehen stehen Schlagwort sollte hier stehen COVER STORY The Monthly GNU Column BRAVE GNU WORLD This column looks into projects and current affairs in the world of free software from the perspective of the GNU Project and the FSF. In this issue, I’ll focus on Comspari and the EU decision on software patents. BY GEORG C.F. GREVE n the past, the German government the Kroupware project in 2002. The pub- principles back to front. For example, has often caused a (positive) stir due lic tender by the BSI was aimed to pro- many other solutions are based on the Ito its activities with free software. duce a groupware solution that would principle that the server is the king of The Federal Ministry of the Economy support strong cryptography and inte- the hill and the users have to bow down (BMWi) sponsored Gnupg [1], for exam- grate seamlessly into a heterogeneous and worship it. The Kolab server does ple. Add to this a number of accompany- environment. things differently. The program makes ing activities, such as a report by the The government office gave a consor- the user king, and gives the user power Bavarian Accounts Office, the KBST let- tium comprising Erfrakon, Klarälvdalens to do things. The software simply helps ter, and the highly acclaimed migration Datakonsult [2], and Intevation [3] the coordinate things as a central intermedi- guide by the Federal Ministry of the Inte- task of developing the software. Inter- ary. rior (BMI). nally, the design and the software was Kolab 1 combined so-called partial referred to as Kolab 1.
    [Show full text]
  • Set up Mail Server Documentation 1.0
    Set Up Mail Server Documentation 1.0 Nosy 2014 01 23 Contents 1 1 1.1......................................................1 1.2......................................................2 2 11 3 13 3.1...................................................... 13 3.2...................................................... 13 3.3...................................................... 13 4 15 5 17 5.1...................................................... 17 5.2...................................................... 17 5.3...................................................... 17 5.4...................................................... 18 6 19 6.1...................................................... 19 6.2...................................................... 28 6.3...................................................... 32 6.4 Webmail................................................. 36 6.5...................................................... 37 6.6...................................................... 38 7 39 7.1...................................................... 39 7.2 SQL.................................................... 41 8 43 8.1...................................................... 43 8.2 strategy.................................................. 43 8.3...................................................... 44 8.4...................................................... 45 8.5...................................................... 45 8.6 Telnet................................................... 46 8.7 Can postfix receive?..........................................
    [Show full text]
  • ESET MAIL SECURITY Installation Manual and User Guide
    ESET MAIL SECURITY Installation Manual and User Guide (intended for product version 4.0 and higher) Linux, BSD and Solaris Contents 1. Introduction..................................................................3 1.1 Main .........................................................................................3functionality 1.2 Key features.........................................................................................3 of the system 2. Terminology..................................................................5 and abbreviations 3. System..................................................................6 requirements 4. Installation..................................................................7 5. Architecture..................................................................8 Overview 6. Integration..................................................................10 with Email Messaging System 6.1 Bi-directional.........................................................................................11 email message scanning in MTA 6.2 Scanning.........................................................................................11 of inbound email messages 6.3 Scanning.........................................................................................11 of outbound email messages 6.4 Scanning of email messages downloaded from POP3/IMAP.........................................................................................11 server 6.5 Alternative.........................................................................................12
    [Show full text]
  • Kaspersky Security for Mail Server
    KASPERSKY SECURITY FOR MAIL SERVER Kaspersky Security for Mail Server protects mail and groupware servers from malicious programs and spam. The product includes applications that protect mail traffi c for all popular servers, including Microsoft® Exchange, Lotus® Domino®, Sendmail, qmail, Postfi x, Exim and CommuniGate Pro. The solution can also be used to set up a dedicated mail gateway. PRODUCT HIGHLIGHTS* MAIL SERVER PROTECTION REDUCED TRAFFIC LOAD Anti-malware and anti-spam protection of mail traffi c Cloud-enabled, intelligent spam fi ltering signifi cantly for all popular mail systems. reduces traffi c load. SYSTEM RESOURCE OPTIMISATION ZETA SHIELD TECHNOLOGY A powerful antivirus engine, load balancing of server (Linux and Exchange servers) resources and scan exclusions all reduce the load Kaspersky ZETA (Zero-day Exploits and Targeted on your system. Attacks) Shield defends against advanced persistent threats (APTs) which take advantage of zero-hour KSN INTEGRATION FOR ANTISPAM vulnerabilities. Increases spam and malware detection rates thanks to integration with Kaspersky Lab’s cloud-based threat identifi cation engine (KSN). FEATURES • Integrated protection of mail servers from all types • Complete protection of Microsoft Exchange Server of malicious programs and compatibiliy with DAG (Database Availability • Effi cient protection against spam Group) • Real-time antivirus protection • Backup storage of data prior to disinfection • On-schedule scanning of emails and databases or deletion • Protection for Sendmail, qmail, Postfi x, Exim
    [Show full text]