Paper: Testing the Enterprise Security: Anti-Spam and Anti-Virus Solutions
Abstract: Enterprise Anti-Spam and Anti-Virus solutions are widely used to protect corporate e-mail servers against various external threats including spamming, viruses, spyware, and phishing attacks. Usually claiming a high rate of malicious message filtering (between 95-99%), it is hard to argue that its main purpose is realized. However, no comprehensive benchmarking on how such security solutions stand against internal attacks is currently available. Relying on various commercial and open-source technologies (Microsoft .NET, MySQL, PHP, Linux, Apache HTTP server, etc.), the majority of Anti-Spam and Anti-Virus enterprise solutions employ Web-based applications to allow remote configuration, administration and management of spam-quarantined e-mails. While Web-based applications are often found to be vulnerable to a wide variety of security vulnerabilities (including SQL Injection, Cross-Site Scripting, Denial of Service, Privilege Escalation, etc.), such enterprise security solution s make unfortunately no exception. This paper highlights the need of vendor-certified security testing for Anti-Spam and Anti- Virus enterprise solutions, in order to protect it against internal attacks. In a structured effort to benchmark and potentially improve various enterprise security products, the authors recent research done in collaboration with Data Communication Security Laboratory from University of Limerick, (Ireland) is presented. Various security vulnerabilities identified in high-profile enterprise Anti-Spam and Anti-Virus products commercialized by vendors such as Marshal8e6 [1], Barracuda Networks [2], and Symantec [3] are discussed, while the implications of vulnerabilities exploitation and the risks for the enterprise are analyzed. Author: Dr. Marian Ventuneac Paper download: http://www.testingexperience.com/testingexperience02_09.pdf
