Session and content encryption
Encryption is a large part of a secure messaging environment because it scrambles data to keep information private. Messages sent in clear text format are susceptible to hackers who use -sniffing" techniques to steal proprietary data.
A secure messaging system should employ both session encryption that protects the Internet connection as well as content encryption that protects data on the desktop. In session encryption, Secure Socket Layer (SSL) protocol can be used to protect GUI-based end user and administrator sessions. However, few email clients exist that can use it to protect administrative protocols. Secure Shell (SSH) protocol offers the necessary protection for these critical passwords outside the firewall.
Consequently, a secure Internet messaging deployment should support both SSL and SSH encryption protocols to provide maximum encryption security.
Content encryption and decryption occur at the user desktop to protect the content of messages. A secure Internet email system should support content encryption protocols such as Pretty Good Privacy (PGP); Simple Mail Transfer Protocol (SMTP) and the STARTTLS extension to protect messages in transit; as well as and the emerging standard, secure multipurpose Internet mail extension (S/MIME). All three allow the sender and recipient to access encrypted messages and minimise the ability of hackers to read messages traveling over the Internet.
Virus and Spam Protection
Viruses and spam are the most widespread problems causing headaches for system administrators. Many viruses have the capability to bring down entire networks. To rebuild them, administrators must painstakingly reinstall the hard drive and operating system and restore all of the data from backup files. Many viruses also contain -Trojan horse" programs that remain dormant until a specified time when they infect the system.
Much of the time and effort administrators devote to virus threats is spent in trying to catch them before they spread throughout the system. According to a survey recently conducted by the Coalition for Networked Information (CNI), information technology personnel spend up to 11 hours per week locating virus-containing email. A secure Internet messaging system should be able to reduce the time staff spends on tediously searching for viruses. It should have a powerful virus search engine with the capability to locate viruses at the server level before they enter end-user systems and create problems. Additionally, the messaging system should come equipped with custom scripts so that administrators can locate messages that fit certain profiles believed to contain viruses.
Spam can be equally damaging because it consumes disk space, ties up mail queues and, in the case of -denial of service" attacks, debilitates an entire system by bombarding it with hundreds of messages per second. CNI's survey found administrators spend an average of eight hours per week monitoring email systems for spam.
One of the advantages of a purpose-built messaging system is that it incorporates the ability to block emails from specified domains which are known to stage attacks. Also -denial of service" attacks are prevented by the system's transfer agent. As a result, large amounts of incoming messages will not incapacitate the messaging system. Furthermore, a messaging system that utilises a single copy message store can minimise the impact of spam attacks by ensuring messages going to more than one user are only written onto the disk once, saving valuable disk space.
