Network Computingwww.networkcomputing.com

		our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at www.networkcomputing.com /express/

Based on SMTP, WSS works with any mail server or SMTP gateway. It acts as an SMTP relay (it does not store mail, only forwards it) and handles all incoming and outgoing SMTP traffic. For most installations, you'll simply have to modify your domain MX record and make a few configuration changes on your e-mail server. When installing WSS on the same host as your mail server, you must make additional configuration changes, such as SMTP port numbers. In our University of Wisconsin Real-World Labs®, I tested a beta version of WSS and was pleasantly surprised by the security it provided via its comprehensive rule-based policies.

Secure Networking Filtering based on source and destination addresses and keywords in the subject and body text are two of WSS' more basic features. You can specify word lists and numeric thresholds to trigger other events, such as annotating, quarantining, deleting or archiving a message. In the lab, I created a rule that would tag any messages containing the words "Real World" with another message indicating a warning. Using this feature, you can increase content awareness (such as indicating the mail is from outside the company or a respected networking publication) and filter spam or mailing-list correspondence from end users. WSS enforces its policies on both user and domain levels by parsing the destination and source e-mail addresses, enabling complete domain and systemwide administration. Any policy can be enforced over an entire mail domain or a group of users. During testing, I indicated which mail domain or users were subject to each individual policy with a single click for each policy I configured.

Using its built-in LDAP support, WSS accesses public-key information and encrypts messages for end users. For further security, you can mandate that individual addresses send encrypted messages. WSS also supports peer-to-peer S/MIME encryption, so your company can securely communicate over the Internet between campus networks. However, if your users use PGP (Pretty Good Privacy) for encryption, WSS is out of the loop, since all public-key encryption on WSS is via S/MIME.

After configuring a mail server to relay information through the WSS SMTP relay, I created a test user account. With all SMTP traffic now flowing through the WSS system, all e-mail could be filtered and processed based on configurable policies. With the test mail account, I examined WSS' feature set by creating numerous policies and enforcing them on our test mail domain. Using a mail client, I sent a message containing a file attachment to the test user account. The test user received the mail message with the WSS "CLEAN STAMP" in the subject heading, indicating no viruses in the message or attachments. Had a virus been discovered, the attachment could have been stripped from the message or permitted for transmission.

WSS also is able to scan popular compression programs, including PKZIP, PKLITE, ARJ, LZEXE, LHA and MS Compress, for viruses. Most of the WSS security measures can stamp a message with additional information, and they are completely administrator-configurable.

WSS performance may become an issue for high-volume sites. Features such as virus scanning and content filtering consume large amounts of CPU time, thereby slowing network response. WSS is multiprocessor-aware and will take advantage of beefy multiprocessor machines. You can configure a peak time when WSS defers message delivery and eliminates half of the SMTP traffic. For installations with tremendous SMTP traffic and numerous mail servers, you can easily configure multiple SMTP servers and WSS systems for improved performance.

Gregory Yerxa can be reached at gyerxa@nwc.com.