Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1498
Views
15
Helpful
2
Replies

List of best practice posts for 2020

marc.luescherFRE
Spotlight
Spotlight

‎12-31-2019 05:28 AM

Happy new year 2020 to the email security forum readers and contributors.

 

Since it has been a while for Cisco to publish a book about Ironport ESA/SMA administration i felt it would be appropriate to publish every month a smaller article about topics that matter to ESA/SMA administrators most.

 

For me to get an idea of topics of interest please reply with suggested topics.

 

Topics which come in my mind are :

 

a) Email authentication - Best Practices to ensure that PTR, SPF, DKIM and DMARC are setup correctly

b) Email data mining - What can you find out when uploading Email data into a SIEM which yu did not know before

c) ESA/SMA message filtering advanced - Filters you did not know where possible

d) ESA/SMA message debugging - Understand why some emails dont want to come in

 

-Marc

Labels:
2 Replies 2

Ken Stieers
VIP
VIP

‎12-31-2019 09:12 AM - edited ‎12-31-2019 09:18 AM

Those all feel a little advanced.  The only other advanced one that comes to mind that doesn't fall someplace in the 4 you mentioned is

e) Listener/Sender Group/Mail Flow Policy/Destination Controls set up & tuning.

 

A couple of less advanced topics:

Understanding the pipeline and policy engine.

Spoof types and how to address them

 

 

0 Helpful

Paul Thomas Cyblue
Level 1
Level 1
In response to Ken Stieers

‎01-02-2020 01:51 AM

Agree.
I think they are all relevant - easy / advanced is just in relation to prior knowledge and experiences.
Such as, after 15yrs of ESA admin, I just realized that the DNS TTL is ignored and set to 1800, only because I now had a problem of interest in that area.

Possibly to be inclusive, an article should have a section to re-iterate some basic theory, add basic practices, then a deep dive topic. Best practices ( I hate that term ) can only be such, after much consensus and based on a relatively narrow set of requirements.

a) Email Authentication should be broken into numerous smaller subjects guided towards the principle of DMARC Reject being in use.
Incoming detection / outgoing setup for each SPF/DKIM/DMARC
b) Email data mining - not just email, but CISCO ESA logs. e.g. do you measure and detect changes in avg processing time per message
c) Message Filtering - basics to advanced deep dive
d) Debugging - many topics around here - such as AS update delays, SBRS rejection, SMTP logs
e) ...various set & tuning.... leans towards data mining, what can be measured to define how components could be setup and tuned.

Mail Pipeline is key - not too many details at once - re-iterate basics and deep dive a topic.
Spoofing - yes. But should be topics on what (in general) we are trying to defend against and how this could possibly be done. I always tend to find some dodgy bug in bug search when looking at upgrading. Are admins putting in additional rules to cover these gaps.
0 Helpful
Customers Also Viewed These Support Documents