Transcript aka Junk mail & Virus Filtering at the Server level

E-mail Defense System
(a.k.a. Junk mail & Virus Filtering at the Server
level)
The problem today
• 15 million virus messages go across NU’s network
annually.
• University constituents & NUIT are very concerned
about the increase of junk mail & viruses, & the
effect on productivity.
• Webmail & handheld devices cannot benefit from
desktop e-mail client junk mail filtering tools.
What has NU been doing about this?
• Information about client side filtering has been
made available on the NUIT web site.
• Conversations with NU Legal have been in process
to ensure that server level filtering does not violate
the pursuit of academic freedom.
• NUIT has been monitoring the marketplace. It
wasn’t until recently that a clear leader emerged at
a price point that is acceptable to the University.
• NUIT has conferred with peer institutions to learn
from their experience.
How will this help with viruses?
• Stops an infected embedded message from getting
to the desktop (reduces problems we’ve recently
experienced with Eudora).
• Automatically downloads the latest enterprise level
virus definitions (versus current home grown
system).
What are the benefits?
• Productivity increases (less time spent going
through junk e-mail)
• Webmail becomes a more useful tool
• Less chance of a user hitting the 50MB quota on the
e-mail server
• Increased network security
How does it work?
Progress to date
• During the month of December, trial Sophos
PureMessage.
• Goals of the trial included:
- Configure PureMessage to identify fewer than 1% ‘false
positives’ and ‘false negatives’ based on the total
amount of e-mail received.
- Refine groups and policies and conduct a usability
assessment based on a survey sent to each member
of evaluation team.
- Monitor system performance with PureMessage
statistics and reports.
- Determine if PureMessage should be recommended
for purchase and implementation as the University’s
E-mail Defense System (EDS).
Initial set up
• Two groups: Faculty/staff & students
• E-mail sent by virus mass mailer = Rejected
• E-mail contains virus attachment = Message
quarantined, attachment rejected
• Faculty/staff probability rating 48-100% =
Quarantined
• Student probability rating 48-94% = Quarantined
95-100% = Rejected
• E-mail from northwestern.edu domain never
considered junk mail (exception = spoofed
addresses)
• Users receive daily digest of Quarantined mail
• Quarantine = 7 days (unless set otherwise)
• User web page to manage personal white/blacklists,
opt out of service, & refine personal settings
Results of trial
• 93% of trial participants felt product would be of
benefit to NU Community.
• 79% rated the product as “very easy” to use.
• 79% rated the effectiveness in identifying junk mail
as “very good”.
• Software has been purchased.
• Will deploy version 5.0 before end of May 2005.
EDS Deployment plan
• Use tool for virus filtering in March 2005.
• Phase 1: Further refine system set up parameters
with input from “key early adopters” (March 2005)
– Three groups:
• Faculty/Staff/Graduate students: 48%-100% probability
quarantined.
• Undergraduates: 48%-94% probability quarantined,
95%+ rejected.
• Alumni: 50%+ probability rejected, no quarantine.
– Quarantine kept 7 days (can increase to 120 days)
– Digest of junk sent to users overnight.
• Phase 2: Expand early adopters list to include
technical support staff throughout the University.
(April 2005)
EDS Deployment plan
• Implement campus wide education plan (including
how to easily opt out of the service and how to use
client side filters with server side filters). (March,
April, May 2005)
• Within a few weeks we will finalize a “full launch”
date that will be communicated campus wide.
Other initiatives
• Symantec AntiVirus 10 (with improved spyware
capabilities)
• Meeting Maker 8.5 (with Outlook plug-in)
• E-mail service improvement investigation
Questions?
[email protected]