Securing Your Email with Cisco IronPort C-Series Part II

COURSE OUTLINE:

Who should attend

  • Enterprise messaging managers and system administrators
  • Email system designers and architects
  • Network managers responsible for messaging implementation

Prerequisites

Attendees should possess the following background knowledge and skills:

  • Experience configuring Cisco IronPort email security appliances through participation in the IronPort Configuration Workshop or equivalent working experience.
  • Solid knowledge of TCP/IP fundamentals, including IP addressing and sub-netting, static IP routing, DNS, and a very basic knowledge of the TCP protocol.
  • Experience with Internet-based messaging, including SMTP, Internet message formats, and MIME message formatting and body parts.
  • Strong familiarity both with AsyncOS command line interface (CLI) and graphical user interface (GUI) configuration of devices.

Course Objectives

This one-day training course provides advanced information for successful configuration and operation of an Cisco IronPort email security appliance. By exploring in depth specific product features, mail administrators will receive in-depth training to meet specific needs with emphasis on:

  • Integrating with a directory server via LDAP
  • Debugging of LDAP integration issues
  • Using message filters to redirect and modify messages
  • Safe deployment and debugging of message filters
  • Domain Key Identified Mail
  • Sender Profile Framework verification

Extensive lab exercises provide attendees with critical hands-on experience working with advanced features of the Cisco IronPort email security appliance. Attendees gain working knowledge of how to use the Cisco IronPort appliance to successfully manage and troubleshoot email traffic entering and leaving the enterprise network. Attendees will also learn about advanced Internet email concepts and receive an overview of other product features that can be used for more customized configurations.

Course Content

This full day class is presented composed of the following lectures and hands-on lab activities:

Module 1: LDAP

This module focuses directly on common LDAP configurations and issues. A brief overview of the Lightweight Directory Access Protocol is provided to give those new to LDAP some familiarity, but the bulk of the module assumes a basic understanding of LDAP terms and concepts. Active Directory is emphasized in a number of case studies to highlight the various installation choices. These include addressing the use of the ESA against multiple directories in a heterogeneous enterprise.

Module 2: Message Filters (Advanced Policy)

This module focuses on advanced filter options with specific emphasis on creating, troubleshooting, simplification/streamlining and regular expressions. Helpful tips and tricks for both Message and Content filters are covered. Extensive hands-on exercises are designed to give the students practice working with the Command Line Interface (CLI), as well as practical experience troubleshooting and examining logs.

Module 3: Email Authentication

This module covers methods of authenticating email on the Cisco IronPort Appliance. A brief introduction of DKIM is provided and how it fits into the security aspects of mail, both for DKIM signing and Verification. Helpful examples are provided that shows how to install a DKIM certificate on an Cisco IronPort and create a signing profile. Then we introduce Sender Profile Framework and the various fields: HELO, FROM and PRA that are checked according to RFC 4407. Also, the meanings of the stamped SPF results are reviewed and we discuss the creation of filters to react to these results. These filters are designed to enforce SPF policies.