I am creating email security policy as per email security policy guideline of my organization. while creating policy we needs to understand needs of organization, current workflow and exceptional cases like if any hacker sends attachment from genuine domain like from gmail then email will not be blocked as gmail ip source and domain status is genuine, in this case email can be scanned by attachment file type and message body contains. Social Media emails,advertisements emails, sign petition emails etc are strictly prohibited so policy needs to be created to blocked these sorts of junk emails.
Hence below are email security policy i have created on Barracuda Email Security Gateway and Advanced Threat Protection following theory,principle and recommendation from NIST Guidelines on Electronic Mail Security.
Attachment Filtering
Go to BLOCK/ACCEPT Menu > Click on Attachment Filtering - For inbound mail, add the attachment filename patterns you want to block, quarantine or specifically not take action with (off). For outbound mail, add the attachment filename patterns you want to block, quarantine, encrypt, redirect. I have filter windows executable files, windows script files, audio, video files at block list and Microsoft office package files at checking scan list.
Besides these i have also added some extension manually to block on inbound emails.
Content Filtering
IP FilterGo to BLOCK/ACCEPT Menu > Click on Attachment Filtering - For inbound mail, add the attachment filename patterns you want to block, quarantine or specifically not take action with (off). For outbound mail, add the attachment filename patterns you want to block, quarantine, encrypt, redirect. I have filter windows executable files, windows script files, audio, video files at block list and Microsoft office package files at checking scan list.
Besides these i have also added some extension manually to block on inbound emails.
Content Filtering
Go to BLOCK/ACCEPT > Click on Content Filtering - it controls the delivery of a message based on characteristics of the message's Subject, Header or Body. You can specify simple words or phrases when you create filters below, then choose where you want to apply those filters, both for inbound and outbound messages. I have added some vulgar words, harassment words, malware words,online monetary words and recently corona fake email has occur massive email threat attack so 'Corona' word is too added so if any inbound emails contains such words those emails will be blocked.
Go to BLOCK/ACCEPT > Click on IP Filters - Add any IP addresses or networks to here that you want to block, tag or quarantine. Use a net mask of 255.255.255.255 to add an individual IP address. Note that outbound messages are never tagged. I have blocked some IP address found during analyzing recent email threat attacks and blocked them.
Sender Filters
Go to BLOCK/ACCEPT > Click on Sender Filters - Add any domains, subdomains, and/or email senders from which you wish to block, tag or quarantine messages. Blocking a domain automatically blocks all subdomains. I have blocked some domain address found during analyzing recent email threat attacks and blocked them.
source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-45ver2.pdf
Comments
Post a Comment