Question

A consultant has recommended your organization look to increase its security profile in relation

to SMTP traffic. Management has asked you devise a firewall-specific strategy to address the

recommendation. What strategy would you recommend, and why?

Your answer should be approximately 200-250 words in length.

Answer 1

Solution:

1. SSL Inspection decrypts SSL-encrypted SMTP connections. For incoming connections, your mail server's SSL certificates are used.

2. The DNS blacklist database is queried via a DNS lookup using the sender's IP address. If the DNS reputation database is not available, the email is not modified. If the domain or IP address is blacklisted, the email's subject line is modified to start with[SPAM]and the following non-configurable MIME type headers are set:

   • X-Spam-Prev-Subject:Your email subject without the [SPAM] tag.

   • X-Spam-Flag: YES

   • X-Spam-Status: Yes

   • X-Spam-Level: ***

3. Email attachments are scanned by the virus scanner. If malware is found, the attachment is stripped from the email and replaced by a customizable text informing the user that the malicious attachment has been removed

Some of the steps to be taken are,

Step1. Import the mail server certificates

import the SSL certificates of your internal mail server(s). For more information, see How to Use and Manage Certificates with the Certificate Manager.

Step 2: Enable virus protection for mail traffic

1. Enable virus scanning and SSL Inspection in the firewall.

2. Go to FIREWALL > Settings.
3. In the Firewall Policy Settings section, enable TCP Streams Reassembly.
4. Make sure that Application Control is enabled.
5. In the Virus Protection section,
   1. Set Enable Virus Protection to yes
6. (Optional) Enable Advanced Threat Detection. For more information, see Advanced Threat Protection (ATP/ATD).
7. In the Mail Security section, enter the public IP address that your mail server domain's MX record resolves to in the Mail Server SSL Certificates section, select the mail server SSL certificate from the Certificate list, and click +.
8. Enter the FQDN of the DNS Blacklist Server. Default:b.barracudacentral.org

9. Click Save.

Step 3. Create a DNAT access rule for incoming SMTP traffic

Enable Application Control, SSL Interception, and Virus Protection in the access rule.

1. Go to FIREWALL > Firewall Rules.
2. Create an access rule with the following settings:
   • Action – Select DNAT.
   • Connection – Select No SNAT.
   • Source – Select Internet, and click +.
   • Network Services – Select SMTP, and click +.
   • Destination – Enter the public IP address that your mail server domain's MX record resolves to, and click +.
   • Redirect – Enter the IP address(es), or select a network object for your internal mail server(s), and click +.
3. Enable Application Control, SSL Inspection, Virus Protection, and Mail Blacklist Checks.
   
4. Click Save.