How it Works
Trend Micro
Loading...
InterScan M Series
Administrator's Manual
480 pgs8.43 Mb0

Trend Micro InterScan M Series Administrator's Manual

InterScanTMGateway Security Appliance M-Series
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files, release notes (if any), and the latest version of the Deployment Guide, which are available from Trend Micro's Web site at:
http://www.trendmicro.com/download/documentation/
Trend Micro, the Trend Micro t-ball logo, IntelliTrap, InterScan, ScanMail, MacroTrap, and TrendLabs are trademarks, registered trademarks, or servicemarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.
Copyright© 2006-2007 Trend Micro Incorporated. All rights reserved. Document Part No. SAEM13165/70423 Release Date: May 2007 Protected by U.S. Patent No. 5,623,600 and pending patents.
The Trend Micro InterScan Gateway Security Appliance M-Series Administrator’s Guide is intended to provide detailed information about how to use and configure the features of the hardware device. Read it before using the software.
Additional information about how to use specific features within the software is available in the online help file and the online Knowledge Base at the Trend Micro Web site.
Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any other Trend Micro documents, please contact us at
docs@trendmicro.com. Your feedback is always welcome. Please evaluate this documentation
on the following site:
http://www.trendmicro.com/download/documentation/rating.asp
Contents
iii
Contents
About This Manual
About This Administrator’s Guide .................................................... xvi
Document Conventions .................................................................... xviii
Chapter 1: Introducing Trend Micro InterScan Gateway Security
Appliance
What Is InterScan Gateway Security Appliance? .............................. 1-2
Important Features and Benefits ........................................................1-3
How InterScan Gateway Security Appliance Works ......................... 1-5
Antivirus ........................................................................................ 1-6
Anti-Spyware ................................................................................. 1-6
Anti-Spam ......................................................................................1-7
Anti-Phishing ................................................................................. 1-7
Anti-Pharming ...............................................................................1-7
Content and URL Filtering ............................................................1-8
Outbreak Defense ............................................. .............................1-8
Web Reputation ............................................................................. 1-9
The Appliance Hardware .................................................................1-10
The Front Panel ............................................................................1-10
LCD Module ................................................................................1-11
LED Indicators ........................................................... ..................1-12
The Back Panel ............................................................................1-12
Port Indicators .......................................................................... .... 1-14
Preconfiguring and Deploying the Appliance ..................................1-15
Connecting to the Network ..............................................................1-16
Testing the Appliance Connectivity .................................................1-17
Activating the Appliance ................................................................. 1-17
Chapter 2: Deployment Options
Overview ............................................................................................2-2
Deployment Topologies ..................................................................... 2-4
Deploying in a Single Network Segment ......................................2-4
Deploying in a Network with Multiple Segments .........................2-5
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
iv
Basic Deployment ..............................................................................2-8
Advanced Deployment Scenarios .......................................................2-9
Operation Modes ............................................................................2-9
Deployment in a DMZ Environment ...........................................2-12
Failover Deployment ....................................................................2-14
Deployment Recommendations ........................................................2-17
Deployment Issues ............................................................................2-18
Preconfiguring the Appliance ...........................................................2-18
Assigning an IP Address ..............................................................2-19
Connecting to the Network ..........................................................2-19
Testing the Appliance Connectivity .......................... ...................2-20
Activating the Appliance ..............................................................2-20
Chapter 3: How InterScan Gateway Security Appliance Works
The Range and Types of Internet Threats .......................................... 3-2
How InterScan Gateway Security Appliance Protects You ...............3-3
The Primary Functional Components ............................................3-4
Chapter 4: Getting Started with InterScan Gateway Security
Appliance
Preliminary Tasks ...............................................................................4-2
Accessing the Web Console ............................... ................................4-3
The Summary Screen ......................................................................... 4-4
Information Above the Panels ........................................................4-4
Outbreak Prevention Service ..........................................................4-5
Damage Cleanup Service ...............................................................4-5
Component Version .......................................................................4-5
Antivirus ......................................................................................... 4-8
Anti-Spyware .................................................................................4-8
IntelliTrap ....................................................................................... 4-9
Anti-Spam: Content Scanning ........................................................4-9
Anti-Spam: Email Reputation Services .......................................4-10
Web Reputation: SMTP/POP3 .....................................................4-10
Web Reputation: HTTP ................................................................4-10
Others ...........................................................................................4-11
Additional Screen Actions ...........................................................4-11
Navigating the Web Console ............................................................4-12
Contents
v
The Online Help System ..................................................................4-14
Chapter 5: SMTP Services
SMTP Services ...................................................................................5-2
Enabling Scanning of SMTP Traffic .............................................5-3
Selecting an Alternative Service Port ............................................5-3
Configuring SMTP Virus Scanning ..................................................5-4
SMTP Scanning - Target ...............................................................5-5
SMTP Scanning - Action ............................................................... 5-7
SMTP Scanning - Notification ......................................................5-9
Configuring SMTP Anti-Spyware ..................................................5-11
SMTP Anti-Spyware - Action ..................................................... 5-14
SMTP Anti-Spyware - Notification .............................................5-15
Configuring SMTP IntelliTrap .........................................................5-16
SMTP IntelliTrap - Target ........................................................... 5-16
SMTP IntelliTrap - Action ...........................................................5-17
SMTP IntelliTrap - Notification ..................................................5-18
Configuring SMTP Web Reputation ................................................5-19
SMTP Web Reputation - Target ..................................................5-19
SMTP Web Reputation - Action ..................................................5-20
SMTP Web Reputation - Notification ......................................... 5-21
Configuring SMTP Anti-Spam: Email Reputation ..........................5-22
SMTP Anti-Spam: Email Reputation - Target ............................ 5-23
SMTP Anti-Spam: Email Reputation - Action ............................5-25
Configuring SMTP Anti-Spam: Content Scanning .........................5-26
SMTP Anti-Spam: Content Scanning - Target ............................ 5-27
SMTP Anti-Spam: Content Scanning - Action ...........................5-29
Configuring SMTP Anti-Phishing ................................................... 5-30
SMTP Anti-Phishing - Target ...................................................... 5-31
SMTP Anti-Phishing - Action .....................................................5-32
SMTP Anti-Phishing - Notification .............................................5-33
Configuring SMTP Content Filtering .............................................. 5-34
SMTP Content Filtering - Target ................................................. 5-35
SMTP Content Filtering - Action ................................................ 5-37
SMTP Content Filtering - Notification ........................................5-38
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
vi
Chapter 6: HTTP Services
HTTP Services ....................................................................................6-1
Enabling Scanning of HTTP Traffic ..............................................6-2
Selecting an Alternative Service Port ............................................6-2
Configuring the Global Access Lists .............................................6-3
Configuring HTTP Virus Scanning ....................................................6-5
HTTP Scanning - Target ................................................................6-6
HTTP Scanning - Action .............................................................. 6-12
HTTP Scanning - Notification .....................................................6-13
Configuring HTTP Anti-Spyware ....................................................6-14
HTTP Anti-Spyware - Target .......................................................6-15
HTTP Anti-Spyware - Action ......................................................6-17
HTTP Anti-Spyware - Notification ..............................................6-18
Configuring IntelliTrap for HTTP ....................................................6-19
HTTP IntelliTrap - Target ............................................................6-19
HTTP IntelliTrap - Action ...........................................................6-20
HTTP IntelliTrap - Notification ...................................................6-21
Configuring HTTP Anti-Pharming ...................................................6-22
HTTP Anti-Pharming - Target .....................................................6-22
HTTP Anti-Pharming - Action .....................................................6-23
HTTP Anti-Pharming - Notification ............................................6-24
Configuring HTTP Anti-Phishing ....................................................6-25
HTTP Anti-Phishing - Target .......................................................6-25
HTTP Anti-Phishing - Action ......................................................6-26
HTTP Anti-Phishing - Notification ..............................................6-27
Configuring HTTP URL Filtering ....................................................6-28
HTTP URL Filtering - Rules ........................................................6-28
HTTP URL Filtering - Approved Clients List .............................6-29
HTTP URL Filtering - Settings ....................................................6-31
HTTP URL Filtering - Notification .............................................6-33
Configuring HTTP File Blocking .....................................................6-34
HTTP File Blocking - Target .......................................................6-35
HTTP File Blocking - Notification ..............................................6-36
Configuring HTTP Web Reputation ................................................6-36
HTTP Web Reputation - Target ...................................................6-37
HTTP Web Reputation - Notification .......................................... 6-38
Contents
vii
Chapter 7: FTP Services
FTP Services ......................................................................................7-2
Enabling Scanning of FTP Traffic .................................................7-2
Selecting an Alternative Service Port ............................................7-3
Configuring FTP Virus Scanning ......................................................7-4
FTP Scanning - Target .............................. .....................................7-4
FTP Scanning - Action ..................................................................7-6
FTP Scanning - Notification ..........................................................7-7
Configuring FTP Anti-Spyware .........................................................7-8
FTP Anti-Spyware - Target ...........................................................7-9
FTP Anti-Spyware - Action ......................................................... 7-11
FTP Anti-Spyware - Notification ................................................7-12
Configuring FTP File Blocking .......................................................7-13
FTP File Blocking - Target .......................................................... 7-13
FTP File Blocking - Notification .................................................7-14
Chapter 8: POP3 Services
POP3 Services ........................ ............................ ............................ .... 8-2
Enabling Scanning of POP3 Traffic .............................................. 8-2
Selecting an Alternative Service Port ............................................8-3
Configuring POP3 Virus Scanning .......................... ..........................8-4
POP3 Scanning - Target ................................................................8-4
POP3 Scanning - Action ................................................................ 8-6
POP3 Scanning - Notification ....................................................... 8-8
Configuring POP3 Anti-Spyware ....................................................8-10
POP3 Anti-Spyware - Target ............................ ...........................8-10
POP3 Anti-Spyware - Action ........................ ..............................8-12
POP3 Anti-Spyware - Notification ..............................................8-13
Configuring POP3 IntelliTrap ..........................................................8-15
POP3 IntelliTrap - Target .............................. ..............................8-15
POP3 IntelliTrap - Action .................................................. ..........8-16
POP3 IntelliTrap - Notification ...................................................8-17
Configuring POP3 Web Reputation .................................................8-18
POP3 Web Reputation - Target ...................................................8-18
POP3 Web Reputation - Action ................................................. ..8-19
POP3 Web Reputation - Notification ..........................................8-20
Configuring POP3 Anti-Spam .........................................................8-21
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
viii
POP3 Anti-Spam - Target ............................................................8-22
POP3 Anti-Spam - Action ............................................... .............8-23
Configuring POP3 Anti-Phishing .....................................................8-24
POP3 Anti-Phishing - Target .......................................................8-24
POP3 Anti-Phishing - Action .......................................................8-25
POP3 Anti-Phishing - Notification ..............................................8-26
Configuring POP3 Content Filtering ................................................8-27
POP3 Content Filtering - Target ..................................................8-28
POP3 Content Filtering - Action ..................................................8-30
POP3 Content Filtering - Notification .........................................8-31
Chapter 9: Outbreak Defense
The Outbreak Defense Services .........................................................9-2
Current Status ..................................................... ............................ ... .9-3
Configuring Internal Outbreak ...........................................................9-5
Configuring Damage Cleanup ............................................................9-6
Potential Threat ..............................................................................9-7
Configuring Settings ...........................................................................9-7
Outbreak Defense - Settings ...........................................................9-8
Outbreak Defense - Notification ....................................................9-9
Chapter 10: Quarantines
Quarantines Screen .................................. ... ......................................10-2
Resending a Quarantined Email Message ...................................... ..10-3
Adding an Inline Notification to Re-Sent Messages ........................10-3
Querying the Quarantine Folder .......................................................10-5
Performing Query Maintenance .......................................................10-9
Manual ........................................................................................10-10
Automatic ...................................................................................10-11
Chapter 11: Updating InterScan Gateway Security Appliance
Components
Update ...............................................................................................11-2
Updating Manually ...........................................................................11-3
Configuring Scheduled Updates .......................................................11-4
Configuring an Update Source .........................................................11-6
Contents
ix
Chapter 12: Analyzing Your Protection
Using Logs
Logs ..................................................................................................12-2
Querying Logs ..................................................................................12-3
Configuring Log Settings ................................................................. 12-5
Configuring Log Maintenance ......................................................... 12-6
Manual ......................................................................................... 12-7
Automatic .................................................................................... 12-8
Chapter 13: Administrative Functions
Administration .................................................................................13-2
Access Control ..................................... ............................................13-3
Configuration Backup ......................................................................13-4
Control Manager Settings ................................................................13-6
Registering InterScan Gateway Security Appliance to Control
Manager ................................................................................ 13-7
Disk SMART Test ...........................................................................13-9
Firmware Update ........................................ ....................................13-10
IP Address Settings ........................................................................13-11
Managing IP Address Settings ...................................................13-12
Static Routes ..............................................................................13-13
Notification Settings ......................................................................13-17
Settings ......................................................................................13-18
Events ........................................................................................13-19
Operation Mode ............................................................................. 13-20
Password ........................................................................................ 13-21
Product License ..............................................................................13-22
Proxy Settings ..................................................................... ...........13-26
SNMP Settings ...............................................................................13-27
System Time ..................................................................................13-28
Reboot from Web Console .............................................................13-31
World Virus Tracking ....................................................................13-33
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
x
Chapter 14: Technical Support, Troubleshooting, and FAQs
Contacting Technical Support ..........................................................14-2
Readme.txt ........................................................................................ 14-3
Troubleshooting ................................................................................14-4
Frequently Asked Questions (FAQ) .................................................14-7
Recovering a Password .....................................................................14-8
Virus Pattern File ..............................................................................14-9
Spam Engine and Pattern File ........................................................14-10
Hot Fixes, Patches, and Service Packs ...........................................14-10
Licenses ..........................................................................................14-11
Renewing Maintenance ..................................................................14-12
EICAR Test Virus .................. ........................................................14-13
Best Practices ..................................................................................14-14
Handling Compressed Files ......................................................14-14
Handling Large Files ..................................................................14-16
Sending Trend Micro Suspected Internet Threats ......................14-18
Chapter 15: Updating the InterScan Gateway Security Appliance
Firmware
Identifying the Procedures to Follow ...............................................15-2
Updating the Device Image Through the Web Console ...................15-3
Updating the Device Image Using the AFFU ..................................15-4
Preparing InterScan Gateway Security Appliance for the Device
Image Update ........................................................................15-4
Uploading the New Device Image .............................................15-14
Completing the Process After the Device Image Is Uploaded ...15-29
Reverting to the Previous Version of the Program File .............15-30
BMC and BIOS Firmware Updates Using the Appliance Firmware Flash
Utility ......................................................................................15-32
Updating the Appliance BMC Firmware ...................................15-32
Updating the InterScan Gateway Security Appliance BIOS Firmware
15-40
Appendix A: Terminology
BOT ...................................................................................................A-2
Grayware ...........................................................................................A-2
Macro Viruses .................................................... ............................ ...A-2
Contents
xi
Mass-Mailing Attacks ....................................................................... A-3
Network Viruses ............................................................ ...................A-3
Pharming ........................................................................................... A-3
Phishing ............................................................................................. A-4
Spam .................................................................................................. A-4
Spyware ............................................................................................. A-4
Trojans .............................................................................................. A-4
Viruses .............................................................................................. A-5
Worms ............................................................................................... A-5
Appendix B: Introducing Trend Micro Control Manager™
Control Manager Basic Features ........................................................B-2
Understanding Trend Micro Management Communication Protocol B-3
Reduced Network Loading and Package Size ...............................B-3
NAT and Firewall Traversal Support ............................................B-4
HTTPS Support .............................................................................B-5
One-Way and Two-Way Communication Support .......................B-5
Single Sign-on (SSO) Support .......................................................B-6
Cluster Node Support ....................................................................B-6
Control Manager Agent Heartbeat .....................................................B-7
Using the Schedule Bar .................................................................B-8
Determining the Right Heartbeat Setting ......................................B-8
Registering InterScan Gateway Security Appliance M-Series to Control
Manager ......................................................................................B-9
Managing InterScan Gateway Security Appliances From Control
Manager ....................................................................................B-11
Understanding Produ c t Directory ................................................B-11
Accessing a InterScan Gateway Security Appliance M-Series Default
Folder ....................................................................................B-12
Configure InterScan Gateway Security Appliances and Managed
Products ................................................................................B-15
Issue Tasks to InterScan Gateway Security Appliances and Managed
Products ................................................................................B-16
Query and View InterScan Gateway Security Appliance M-Series and
Managed Product Logs ..................................................... ....B-17
Understanding Director y Manag e r ...................................................B-20
Using the Directory Manager Options .........................................B-21
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
xii
Create Folders .............................................................................B-22
Understanding Temp .......................................................................B-24
Using Temp ................................... ............................ ..................B-24
Download and Deploy New Components From Control Manager . B-28
Understanding Update Manager .................................................B-28
Understanding Manual Downloads .............................................B-29
Configure Scheduled Download Exceptions ..............................B-37
Understanding Scheduled Downloads .................... ....................B-37
Using Reports ................................................................................. .B-45
Understanding Report Templates ................................................B-46
Understanding Report Profiles ....................................................B-47
Generate On-demand Scheduled Reports ...................................B-54
Appendix C: Technology Reference
Deferred Scan ........................................................ ............................C-2
Diskless Mode ...................................................................................C-2
False Positives ...................................................................................C-3
LAN Bypass ......................................................................................C-3
Link State Failover ............................................. ...............................C-4
Enabling or Disabling LAN Bypass and Link State Failover ...........C-5
Scan Engine Technology ................................................................. C-10
IntelliScan ...................................................................................C-10
IntelliTrap ....................................................................................C-10
MacroTrap ...................................................................................C-11
WormTrap ................................................................................... C-11
Supported DCS Clients ....................................................................C-11
Feature Execution Order ..................................................................C-12
SMTP Feature Execution Order ..................................................C-12
POP3 Feature Execution Order ...................................................C-12
HTTP Feature Execution Order ..................................................C-12
FTP Feature Execution Order .....................................................C-12
Contents
xiii
Appendix D: Removing the Hard Disk Appendix E: System Checklist Appendix F: File Formats Supported
Compression Types ............................................................................F-2
Blockable File Formats ......................................................................F-4
Malware Naming Formats .................................................................F-6
Appendix G: Specifications and Environment
Hardware Specifications ................................................ ................... G-2
Dimensions and Weight ....................... ............................................. G-2
Power Requirements and Environment ............................................. G-3
Index
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
xiv
xv
Introduction
About This Manual
Welcome to the Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide. This book contains information about the tasks involved in
configuring, administering, and maintaining the Trend Micro InterScan Gateway Security Appliance. Use it in conjunction with the Trend Micro™ InterScan™ Gateway Security Appliance M-Series Deployment Guide, which provides up-front details about initial planning, preconfiguring, and deploying the appliance.
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
xvi
Audience
This book is intended for network administrators who want to configure, administer, and maintain InterScan Gateway Security Appliance. The manual assumes a working knowledge of security systems and devices, as well as network administration.
About This Administrator’s Guide
The InterScan™ Gateway Security Appliance M-Series Administrator’s Guide discusses the following topics:
Chapters
Chapter 1, Introducing Trend Micro InterScan Gateway Security Appliance Chapter 2, Deployment Options Chapter 3, How InterScan Gateway Security Appliance Works Chapter 4, Getting Started with InterScan Gateway Security Appliance Chapter 5, SMTP Services Chapter 6, HTTP Services Chapter 7, FTP Services Chapter 8, POP3 Services Chapter 9, Outbreak Defense Chapter 10, Quarantines Chapter 11, Updating InterScan Gateway Security Appliance Components Chapter 12, Analyzing Your Protection Using Logs Chapter 13, Administrative Functions Chapter 14, Technical Support, Troubleshooting, and FAQs Chapter 15, Updating the InterScan Gateway Security Appliance Firmware
xvii
Appendixes
Appendix A, Terminology Appendix B, Introducing Trend Micro Contro l Manager™ Appendix C, Technology Reference Appendix D, Removing the Hard Disk Appendix E, System Checklist Appendix F, File Formats Supported Appendix G, Specifications and Environment
Index
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
xviii
Document Conventions
To help you locate and interpret information easily, the InterScan Gateway Security Appliance M-Series Administrator’s Guide uses the following conventions:
TABLE 1. Conventions used in the Trend Micro InterScan Gateway Security
Appliance M-Series documentation
CONVENTION DESCRIPTION
Abbreviations, and names of certain commands and keys on the keyboard
Bold
Menus and menu commands, command buttons,
tabs, options, and ScanMail tasks Italics References to other documentation Monospace Examples, sample command lines, program code,
Web URL, file name, and program output
Note:
Configuration notes
Tip:
Recommendations
WARNING!
Reminders about actions or configurations to avoid
INT
InterScan Gateway Security Appliance interface con-
nected to the protected network
EXT
InterScan Gateway Security Appliance interface con-
nected to the external or public network (usually the
Internet)
1-1
Chapter 1
Introducing Trend Micro InterScan Gateway Security Appliance
This chapter introduces InterScan Gateway Security Appliance and provides an overview of its technology, capabilities, and hardware connections.
This chapter includes the following topics:
What Is InterScan Gateway Security Appliance? on page 1-2
Important Features and Benefits on page 1-3
How InterScan Gateway Security Appliance Works on page 1-5
The Appliance Hardware on page 1-10
Preconfiguring and Deploying the Appliance on page 1-15
Connecting to the Network on page 1-16
Testing the Appliance Connectivity on page 1-17
Activating the Appliance on page 1-17
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
1-2
What Is InterScan Gateway Security Appliance?
Trend Micro™ InterScan™ Gateway Security Appliance is an all-in-one security appliance that blocks threats automatically, right at the Internet gateway. The appliance provides a critical layer of security against such threats as viruses, spyware, spam, phishing, pharming, botnet attacks, harmful URLs, and inappropriate content, while complementing desktop solutions. Because it sits between your firewall and network, the appliance augments existing firewall and VPN solutions to stop outbreaks early. Moreover, because the security features of the appliance are configured to work right out of the box, the appliance starts protectin g your network from the moment the appliance is connected.
The appliance comes preconfigured with software, making it easy to deploy. Administrators can manage the appliance quickly an d easily from a single Web-based console. The appliance also saves time and money by:
Providing the tools to assist you to more effectively achieve regulatory compliance
Preserving network resource availability and reducing spam so your employees can be more productive
Integrating multiple products into one solution
Using Damage Cleanup Services to dramatically reduce administrative effort, cost, and downtime caused by spyware and viruses
Using IntelliTrap heuristic detection and Outbreak Prevention Services to provide increased defense against emerging threats
Introducing Trend Micro InterScan Gateway Security Appliance
1-3
Important Features and Benefits
TABLE 1-1. Important Features and Benefits
Features Description
All-in-one defense
Antivirus, anti-spam, anti-spyware/grayware, anti-phish-
ing, anti-pharming, IntelliTrap™ (Bot threats), content fil­tering, Outbreak Prevention Services (OPS), URL blocking, and URL filtering
IntelliTrap detects malicious code such as bots in com-
pressed files. Virus writers often attempt to circumvent virus filtering by using different file compression schemes. IntelliTrap is a real-time, rule-based pat­tern-recognition scan-engine technology that detects and removes known viruses in files compressed up to 20 lay­ers deep using any of 16 popular compression types.
Automatic threat protec­tion
Outbreak Defense — An integral part of Trend Micro's Enter­prise Protection Strategy (EPS), which enables Trend Micro devices to proactively defend against threats in their insur­gency before traditional pattern files are available.
Gateway protection Protection from malware right at the Internet gateway Flexible configuration
Specify files to scan.
Specify the action to take on infected files/messages.
Specify file types to block in HTTP and FTP traffic.
Specify messages and files to filter in SMTP and POP3
traffic based on message size, text in message header and body, attachment name, and true file type.
Specify the types of notifications to send or display and
who to send notifications to when InterScan Gateway Security Appliance detects a threat.
Centralized management
A Web-based console, accessible from a local or remote
computer, that enforces companywide Internet security policies
Web browser support for Microsoft Internet Explorer 6.x
and Mozilla Firefox 1.x
Automated maintenance You can automate maintenance tasks, such as updating
InterScan Gateway Security Appliance components and maintaining log files, to save time.
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
1-4
SMTP, POP3, FTP and HTTP scanning capabili­ties
SMTP and POP3 scanning support: antivirus, IntelliTrap,
spyware/grayware detection, anti-spam (including Email Reputation Services and Content Scanning for SMTP), anti-phishing, content filtering, and blocking of messages that contain malicious URLs (Web Reputation). SMTP and POP3 scanning also provides notification messages to the administrator and users upon detection of phishing any other malicious messages.
FTP scanning support: antivirus and spyware/grayware
detection, and file blocking
HTTP scanning support: antivirus, IntelliTrap, spy-
ware/grayware detection, file blocking, blocking of pharming and phishing URLs, and blocking of URLs that are identified as a Web threat (Web Reputation).
Anti-Spam - Content Scanning
Allows the administrator to do the following:
Set the spam threshold to high, medium, or low.
Specify approved and blocked senders.
Define certain categories of mail as spam.
Anti-Spam - Email Repu­tation Services (ERS)
ERS blocks spam by validating the source IP addresses of incoming mail against databases of known spam sources — the Standard Reputation database (previously called Real-Time Blackhole List or RBL+) and the Dynamic Repu­tation database (previously called Quick IP List or QIL).
URL filtering for HTTP
Allows the administrator to define and configure URL fil-
tering policies for work time and leisure time
Allows the administrator to define global lists of blocked
and approved URLs
Local cache support to reduce network traffic
Notifies users if URL filtering disallows the URL that they
want to access
File blocking for HTTP and FTP
Allows the administrator to block selected file types
Provides a notification to users when a file type is
blocked
TABLE 1-1. Important Features and Benefits (Continued)
Introducing Trend Micro InterScan Gateway Security Appliance
1-5
How InterScan Gateway Security Appliance Works
InterScan Gateway Security Appliance sits between your firewall and your network, acting as a multiprotocol security gateway between the Internet and your busi ness. With security features for SMTP, POP3, HTTP, and FTP, InterScan Gateway Security Appliance acts as a one-stop solution for all your security needs.
FIGURE 1-1. How InterScan Gateway Security Appliance Works
InterScan Gateway Security Appliance blocks viruses, spyware, spam, phishing, botnet attacks, harmful URLs, and inappropriate content before they enter your network.
InterScan Gateway Security Appliance stops threats at the gateway, using a variety of innovative technologies, including:
Blocks multiple Internet threats Complements existing firewall and VPN Decreases spam, email storage, and the cost of regulatory compliance Cleans up viruses and spyware at the desktop Controls users’ Web access with scheduling and policies, and blocks access to
URLs that are a Web threat or likely to be a Web threat.
Internet threats
Firewall
InterScan Gateway Security Appliance
Mail server
File servers
Admini­strator PC
PCs and servers
Desktop PC
Firewall
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
1-6
Antivirus
The antivirus security in InterScan Gateway Security Appliance guards every network entry point—from the Internet gateway and network perimeter to email and file servers, desktops, and mobile devices.
Delivers proven virus protection. Uses patterns, heuristics, and other innovative technologies to block viruses, worms, and Trojans.
Stops file-based viruses, malware, worms, and botnets. Runs inline network scans to detect and block worms and botnets.
Contains outbreaks. Isolates infected network segments—before threats can spread.
Blocks malicious mobile code. Screens Web pages for malware hidden in applets, ActiveX controls, JavaScript, and VBscript.
Automates damage cleanup. Removes malware and spyware from memory of clients and servers including guest devices.
Detects zero-day threats in real time. IntelliTrap heuristic detection and Outbreak Prevention Services increase defenses against emerging threats.
Anti-Spyware
The anti-spyware feature in InterScan Gateway Security Appliance blocks incoming spyware and stops spyware from sending out user data that it has collected. Innovative technology also prevents users from browsing Web sites that install tracking software. If such a site has already installed spyware, end users can automatically clean the infected system by clicking a URL.
Stops spyware at multiple layers. Delivers end-to-end spyware protection— from the Web gatewa y to client/server networks.
Automates cleanup. Removes spyware, unwanted grayware, and remnants from both the server and desktop active memory.
Prevents “drive by” downloads (downloads of malware through exploitation of a Web browser, e-mail client or operating system bug, without any user intervention whatsoever). Screens Web pages for malicious mobile code and blocks “drive by” spyware installations.
Blocks URLs known for spyware. Prevents users from browsing Web sites known to harbor malicious spyware.
Introducing Trend Micro InterScan Gateway Security Appliance
1-7
Anti-Spam
InterScan Gateway Security Appliance stops spam from consuming network resources and wasting employees’ valuable time. The key to its effective protection is the use of adaptable technology that evolves as spamming techniques change and become more sophisticated.
Blocks spam at the outermost network layer. Stops spam at the IP-connection layer before it can enter your network and burden IT resources.
Detects known spam sources. Validates IP addresses against the largest reputation database of known spammers.
Stops spam in real time. Uses dynamic reputation analysis to detect spam, zombies, and botnets in real time.
Filters messaging traffic. Blocks spam at the Internet gateway before it can get to your mail servers and impact performance.
Improves spam detection. Combines machine learning, pattern recognition, heuristics, blocked sender lists and approved sender lists for better detection.
Enables customizing. Gives the flexibility to customize policy and spam tolerance levels.
Anti-Phishing
The anti-phishing security function in InterScan Gateway Security Appliance offers a comprehensive approach to stop identity theft and protect confidential corporate information.
Filters messaging traffic. Stops fraudulent, phishing-related email at the messaging gateway and mail servers.
Prevents theft. Protects credit card and bank account numbers, user names, and passwords, and so on.
Anti-Pharming
The anti-pharming security function in InterScan Gateway Security Appliance works within the HTTP protocol to block access to known pharming Web sites.
When enabled, this feature places a warning message in the user’s browser upon attempted access of a known pharming site.
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
1-8
Optionally, you can send customized email notification to the administrator when such an event occurs.
Content and URL Filtering
The URL filtering security function in InterScan Gateway Security Appliance enables companies to manage employee Internet use and block offensive or non-work-related Web sites. By rest rict ing content, employers can improve network performance, reduce legal liability, and increase employee productivity.
Manages employee Internet use. Enables IT to set Web-use policies for the company, groups, or individuals.
Offers flexible filtering options. Filters by category, time, day, bandwidth, key words, file name, true file type, and so on.
Filters Web content. Blocks inappropria te con tent from entering your network and prevents sensitive data from going out.
Categorizes Web sites in real time. Employs dynamic rating technology to categorize Web sites while users browse.
Outbreak Defense
In the event of an Internet outbreak of viruses or malware, the Outbreak Defense function in InterScan Gateway Security Appliance works to protect networks before the outbreak has reached them—but also repairs malware damage to clients’ computers if the outbreak has already affected them.
Provides defense against outbreaks. When an outbreak occurs anywhere in the world, TrendLabs rapidly responds by developing an Outbreak Prevention Policy (OPP).
Provides automated policy delivery. Trend Micro ActiveUpdate servers automatically deploy the OPP to InterScan Gateway Security Appliance.
Provides strategic protective advice. The OPP contains a list of actions for InterScan Gateway Security Appliance administrators to take to reduce the threat to clients.
Provides damage management. Damage Cleanup Services and Damage Cleanup Tools clean any client computers that malware has attacked.
Introducing Trend Micro InterScan Gateway Security Appliance
1-9
Moves from prevention to cure. The OPP remains in effect until TrendLabs develops a more complete solution to the threat.
Web Reputation
Web Reputation is a new feature in InterScan Gateway Security appliance that enhances protection against malicious Web sites. Web Reputation leverages Trend Micro’s extensive Web security database to check the reputation of URLs that users are attempting to access or that are embedded in mail messages. In InterScan Gateway Security Appliance, Web Reputation is applied to three primary network services – HTTP, SMTP, and POP3.
HTTP W eb Reputation evaluates the potential security risk of any requested URL by querying the Trend Micro Web security database at the time of each HTTP request. Depending on the security level that has been set, it can block access to Web sites that are known or suspected to be a Web threat on the reputation database. HTTP Web Reputation provides both email notification to the administrator and inline notification to the user for Web Reputation detections.
SMTP Web Reputation evaluates the potential security risk of any URL embedded in messages by querying the Trend Micro Web security database. Depending on the action that has been set, it can insert a notification stamp to the message containing the URL and deliver the message, or delete the message immediately. SMTP Web Reputation provides email notifications to both the administrator and message recipient, as well as an inline notification stamp in the message that contains the URL.
POP3 Web Reputati on is similar to SMTP Web Reputation, but it only provi des the Delete action for messages that contain known or suspected malicious URLs.
Reputation Score
A URL's "reputation score" determines whether it is a Web threat or not. Trend Micro calculates the score using proprietary metrics.
Trend Micro considers a URL "a Web threat", "very likely to be a Web threat", or "likely to be a Web threat" if its score falls within the range set for one of these categories.
Trend Micro considers a URL safe to access if its score exceeds a defined threshold.
Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide
1-10
Security Levels
There are three security levels that determine whether InterScan Gateway Security Appliance will allow or block access to a URL.
High: Block more malicious Web sites, but risk more false positives.
Medium: (default) The standard setting.
Low: Block fewer malicious Web sites, but risk fewer false positives.
The Appliance Hardware
The Front Panel
The front panel of the InterScan Gateway Security Appliance contains two (2) thumb screws and a removable bezel for holding it in a fixed position in a rack cabinet. Use these screws only in conjunction with the rail mounting kit. (See Trend Micro InterScan Gateway Security Appliance M-Series Deployment Guide for details on mounting the device.) These screws alone will not support the weight of the device. At the center of the bezel is the Liquid Crystal Display (LCD) Module.
FIGURE 1-2. Front Panel
Thumb screw
LCD module
Thumb screw
Removable bezel
Loading...
+ 450 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use