TrendMicro ERS - Email Reputation Services
ERS is the first line of defense in mail system that allow stopping SPAM before it can flood your network, overload mail gateway security, and burden system resources.
The ERS family includes TrendMicro ERS Standard and Advanced. The Advanced combines the services of Standard Reputation database with dynamic real-time anti-spam technology.
ERS Standard is DNS query-based service. When an incomming mail message is received from an unknown host, ERS query the standard reputation database server. If the host is listed in the standard reputation database, you chooses the appropriate action to be taken with that email.
ERS Advanced is a dynamic real-time solution that identifies and stops sources of SPAM while they are in the process of sending millions of messages. The TrendMicro team continuoulsy monitorsnetwork end traffic patterns and immediately updates the reputationdatabase as new SPAM sources emerge, often within minutes of the first sign of trouble. ERS Advanced is a DNS query-based service like ERS Standard, but they use a distinct database who have distinct entries and there is no overlap if the IP address.
How ERS Work
The actual implementation of ERS involves up to two DNS look-ups per IP address. The Standard ERS query are the first one. Any positive answer from this database should result in your mail server returning a '550' error, or rejection of the requested connection.
For the Advanced ERS, if the first query to standard ARE database does not return a positive answer then a second query is made to the dynamic reputation database. A positive answer from this database should result in your mail server returning a '450' error, or temporary failure of the requested connection. Listing is this database are occasionally legitimate mail servers that have compriomised hosts behind them that are temporarily sending SPAM. If the connection request is from a legitimate mail server it will re-queue and try again later, causing a delay in mail delivery until the listing expires but not blocking the mail.
ISA 2006 Web Publishing News
Secure Web Publishing
ISA 2006 includes a number of improvements in providing secure remote access to Web servers and services on the corporate network. Some of these include:
- New SharePoint Portal Server Publishing Wizard
- Improved Outlook Web Access (OWA), Outlook Mobile Access (OMA), Exchange ActiveSync (EAS) and Outlook 2003+ RPC/HTTP Web Publishing Wizard
Increased options for two factor authentication, including SecureID and RADIUS One-time passwords
- New Kerberos constrained delegation enables remote users with laptops and Windows mobile-enable devices to use secure user certificates to authenticate to the ISA firewall
- New LDAP authentication allows ISA 2006 to be placed in a high security DMZ and leverage Active Directory users/groups
- Web farm load balancing. This new feature enables you to publish a collection of Web servers that perform the same function or contain the same content and have the ISA 2006 firewall automatically load balance the connections. ISA Server is about to do this without requiring NLB or an hardware load balancer, with great increases the simplicity of deployment and greatly reduces the cost by removing the hardware load balancer
Single License VRRP
With the Single License VRRP feature introduced in the IPSO 4.2, you can create an inexpensive high availability configuration using a single CheckPoint Firewall license.
This a low-cost solution because you only need to purchase one firewall license.
Limitations
You should be aware of the following constraints before you implement this configuration :
- You cannot include more than two platform in the VRRP group.
- You must use an active-passive configuration. You cannot use an active-active setup.
- You must configure monitored-circuit VRRP.
- You cannot use firewall synchronisation, so the existing connections are not maintained in the event of a failover.
- When failover occurs, a relatively long time elapses between the failure on the original master and service beginning on the new master.
- Once a failover has occured, failback does not happen in the same way as with other VRRP configurations. With single VRRP, failback occurs only if you fix the problem that caused the failover from the original master the reboot the new master.
- You must use NOKIA Network Voyager to configure singme license VRRP: there is no IPSO CLI command for the feature.
