Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1432
Views
0
Helpful
2
Replies

IronPort M660 SPAM quarantine available to public internet?

Jason Meyer
Level 1
Level 1

‎07-03-2012 08:23 AM

We have been using a M660 for a SPAM quarantine for about a year now but currently only have it available on our internal network.  We are getting ready to add some more users to it and will need to make it available on the public Internet so that users outside of our network can view/release messages. 

My question is, (don't laugh), is this a hardened appliance?  It is setup to do LDAP authorization to our internal Active Directory, which works great, but my concern is once we publish it to the public Internet that every hacker under the sun will start hitting it and could cause internal users to get locked out of their accounts, which we do after 5 bad attempts.

Any thoughts on this?  What are other shops doing to protect their internal users from getting locked out?  Anyone putting them behind threat protection appliances that will lock out an IP if it fails to authenticate after x amount of attempts?

Jason

Labels:
0 Helpful
2 Replies 2

Bob Fayne
Level 1
Level 1

‎07-05-2012 08:08 AM

Jason,

"Hardened appliance" can mean a lot of things, but in the sense that all unneccesary ports are closed and you have specific control of the rest, yes it is hardened.

Making a "local quarantine" available to non-local users seems like a bit of an oxymoron. Perhaps some sort of VPN solution might work for you.

If you allow login attempts from anywhere and lock accounts after 5 bad guesses then you will likely run into some amount of bad actors getting accounts locked out. Some IP filtering might limit that but it would be tough to eliminate it completely since some lockouts will be actual users.

Most of the setups that would involve users not on a local network are ISPs and they almost always just deliver to a spam/junk folder rather than an actual quarantine. A junk folder really is a type of quarantine, just not "on box."

0 Helpful

Jason Meyer
Level 1
Level 1
In response to Bob Fayne

‎07-05-2012 11:44 AM

Thanks for the input Bob, makes sense.

Roughly 90% of the users are local.   It's just those 10% that are not that I need to worry about.   Also, I wanted users to be able to release e-mails from the quarantine while on the road or from their mobile devices.

I also want to keep as much of this e-mail out of our e-mail system as possible. 

Not sure how we will proceed just yet.  Thanks again.

      

Anyone putting their spam quarantine on the public internet?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents