Monday, July 17, 2017

300-210 1.3.a Describe the features and functionality of the ESA

The ESA's job is to secure incoming / outgoing email and to protect the network from the same.

Features:
  • Antivirus
    • Aligns with Sophos and McAfee to protect against viral threats
  • Antispam
    • Use of Senderbase Reputation Filters and Cisco Anti-spam integration to find / handle spam.
  • Outbreak filters
    • a protection against new virus, scam, and phishing attacks that can quarantine messages until updates can be applied.
  • Policy, Outbreak, and Virus Quarantines
    • Provides quarantine areas for suspicious messages to reside until they are reviewed by an administrator.
  • Spam Quarantine
    • both on-box and off-box; allows end users access to quarantined spam / suspected spam.
  • Email authentication
    • ESM supports the following email authentication:
      • Sender Policy Framework (SPF) - for incoming mail
      • Sender ID Framework (SIDF) - for incoming mail
      • DomainKeys Identified Mail (DKIM) - for incoming / outgoing mail
  • Cisco Email Encryption
    • Outgoing emails can be encrypted to various standards (HIPAA, GLBA, etc).  This is done using either a local key or hosted key service to encrypt.
  • Email Security Manager
    • A dashboard to configure / track various security services that can be performed on email traffic inbound / outbound policies to include:
      • Cisco Reputation Filters
      • Outbreak Filters
      • Anti-Spam
      • Anti-Virus
      • email content policies
  • On-box Quarantine areas
    • self explanatory
  • On-box message tracking
    • Allows the user to track the status of specific email messages that have passed through the ESA.
  • Mail flow monitoring
    • provides visibility into ALL inbound/outbound email
  • Access control
    • Allows filtering of inbound email by sender IP, IP range, or domain.
  • Message filtering
    • allows enforcement of security policy on all messages entering / leaving the network
      • filter rules identify based on:
        • message / attachment content
        • information about the network
        • message envelope
        • message headers
        • message body
      • filter actions allow messages to:
        • be dropped
        • be bounced
        • be archived
        • be blind carbon copied
        • be altered
        • generate notifications
  • Message encryption via secure SMTP over Transport Layer Security
    • straightforward
  • Virtual gateway
    • this allows the ESA to act as multiple email gateways within a single server.  This allows traffic from different sources / campaigns to be sent over different IP addresses.  
ESA is available via HTTP, HTTPS, and CLI.
ESA can be managed via the Security Management appliance if desired (best used in environments with several ESA servers)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)