Information Technology Reference
In-Depth Information
Figure 9.4 shows three anti-spam configurations. Configuration 1 provides
an in-band verification of e-mail validity similar to a digital signature; the wrong
signature results in bit bucket discard. Configuration 2 provides an out-of-band
protocol that independently verifies e-mail validity; timeout with no independent
validation results in a bit bucket discard. Configuration 3 provides public key infra-
structure (PKI)-like subscription service to provide third-party validation of e-
mail; no validation, guess where.
Whatever the method, the goal is for the mail recipient to receive verification
of a valid e-mail. By default, any e-mail that is not valid goes to a holding area for
review or to the bit bucket. Today's commercial products may or may not follow
any of these configurations. Figure 9.4 shows viable abstract configurations and a
starting point for commercial product research and evaluation. Architecture starts
with the ideal business objective and then searches for products for tactical realiza-
tion of that business objective. Architecture does not start with product capabilities
and then modify business objectives to fit product restrictions.
Spam is a clever marketing campaign that minimizes the cost of reaching a mass
audience; however, spam is significantly different from telemarketers or mass USPS
campaigns. Traditional marketing costs the marketer where spam costs the recipient.
Cost minimization on the part of the advertiser is one thing; however, transferring
cost to an unsoliciting audience is criminal. The IA architect's objective is to minimize
spam, minimize the organizational cost of handing spam, as well as ensuring protec-
tion from the malware that often accompanies spam. The cost of spam to employers is
huge in having to process unsolicited e-mail and having this e-mail interfere with busi-
ness communications and employee productivity. A recent University of Maryland
study finds costs to companies at ~$22 billion per year to handle spam. Even if the
spam is a relatively innocuous advertisement, there is still lost productivity in employ-
ees reading, responding, and discarding the e-mail, and the costs to distinguish the
innocuous spam from the harmful are still considerable. Viruses and other malware
regularly accompany spam. Restricting spam by extension restricts accompanying
malware. Moreover, the savings in productivity time and e-mail technical resources
will go a long way in providing hard ROI numbers for anti-spam investments.
Phishing is a particularly intrusive and deceptive form of spam; give a man a phish,
he annoys you during dinner, teach a man to phish, and he annoys you for a lifetime.
Beyond an annoyance, phishing is a direct criminal act with the fraudulent intent
of parting the victim from hard-earned money. Anti-phishing mechanisms protect
organizational interests (inadvertent disclosure of private organizational information)
as well as employee interests (inadvertent disclosure of personal information).
9.7 Firewalls
Firewalls filter network traffic. A firewall may be a packet filter or a proxy firewall.
Packet filters operate on a set of rules that start from the premise that anything not
Search WWH ::




Custom Search