DMARC. How. is Saving . The New Authentication Standard Putting an End to Abuse

Size: px
Start display at page:

Download "DMARC. How. is Saving Email. The New Authentication Standard Putting an End to Email Abuse"


1 Messaging Masters Series How DMARC is Saving The New Authentication Standard Putting an End to Abuse by Alec Peterson, CTO, Message Systems, and Mike Hillyer, Senior Director, Global Solution Consulting, Message Systems

2 What s this all about, anyway? If you re a high-volume sender of , you already understand the importance of security and deliverability to your initiatives, or you probably wouldn t be reading this. But how much do you know about the sophistication of today s messaging abuse and their risks to your business? With the pace at which new threats evolve, and new measures are devised to counter these threats, it can be hard to keep up. This look at the current state of threats and the DMARC specification the emerging industry standard for authentication will get you up to speed on everything you need to know about protecting our messaging streams, including: The complex and destructive nature of modern attacks. How the world s leading receivers and senders are battling back with DMARC. Why all senders need to adopt DMARC, and how easy it is to implement. Important business benefits achieved by DMARC adoption. 2

3 Digital messaging hinges on trust. Technology may be what powers our growing network of digital communications, but what actually makes it work as a viable medium for information exchange is trust. We need to believe that the name in the From line of an is the true sender, and that the content of the message is legitimate. Without that trust, not only is the authenticity of the message in question, but so is the validity of the entire ecosystem. And that leads to some dire consequences for the ability of businesses to communicate electronically. Consumers will be unwilling to engage in commerce or share information online. Interaction between companies and the vendors they rely on will become too risky because of compromised messaging security. 3

4 Security: Combating New Threats Authentication Unfortunately, from the moment became widely used for marketing communications, opportunistic scammers have tried to exploit it to seize financial data and personal information. industry developers have responded to these ongoing threats by introducing a variety of authentication standards designed to protect brands and their customers. The standards include efforts such as Domain Keys, Identified Internet Mail, Sender ID, ADSP and other methodologies, but for the purposes of the present discussion, we ll focus on the specifications central to DMARC: DKIM: DomainKeys Identified Mail SPF: Sender Policy Framework, AFRF: Authentication Failure Reporting Format Author Domain Signing Practices (ADSP) While it hasn t been widely adopted, ADSP is a forerunner to DMARC in that it provides a framework for senders to publish message handling instructions for non-compliant . From ADSP enables domain owners to publish a policy telling compliant receivers to reject messages that fail to verify with DKIM. While ADSP never achieved widespread adoption, it was put into production by a number of senders and receivers at different times. SOURCE: DMARC Overview, used under creative commons license, CC By 3.0. Read on for more detailed descriptions of each. 4

5 [ Security: Combating New Threats ] DKIM DomainKeys Identified Mail (DKIM), specified in Internet-Draft, is a mechanism that allows verification of the source and contents of messages. Using DKIM, sending domains can include a cryptographic signature in outgoing messages. A message s signature may be verified by any (or all) MTAs (mail servers) during transit and by the Mail User Agent (MUA) upon delivery. A verified signature indicates the message was sent by the sending domain and the message was not altered in transit. A signature that fails verification indicates the message may have been altered during transit or that the sender is fraudulently using the sending domain name. Unsigned messages contain no guarantee about the sending domain or integrity of the message contents. Service providers may use the success or failure of DKIM signature verification, or the lack of a DKIM signature, to determine subsequent handling of incoming messages. Possible actions include dropping invalid messages without impact to the final recipient or exposing the results of DKIM verification, or the lack of a signature, directly to the recipient. Additionally, service providers may use signature verification as the basis for persistent reputation profiles to support anti-spam policy systems or to share with other service providers. It should also be noted that nothing in the DKIM standard requires any alignment between the actual signing domain and the domain in the FROM header. The Mathematician Who Shook Google The latest DKIM standards call for encryption keys of at least 1024 bits. Until recently, many leading senders were still using the far less secure 512-bit or 768-bit encryption. How the transition to the stronger keys came about is an interesting story. A university mathematician named Zach Harris was able to crack the weak 512-bit encryption keys used by Google, and he then benignly impersonated Google founders Sergey Brin and Larry Page via to alert the search giant to the vulnerability. He got the Internet industry s attention in a big way. Read more on the Message Systems blog or at the Return Path blog. 5

6 [ Security: Combating New Threats ] SPF Sender Policy Framework (SPF), defined in RFC 4408, is the second emerging standard for sender-based authentication under the DMARC umbrella. SPF provides a framework for administrators, through DNS TXT records, to specify authorized senders for the domains they control. The Sender Policy Framework allows admins to assign a unique SPF record in the DNS to each domain from which s are sent. This methodology provides a means for receivers to determine whether the sending MTA (mail server) is authorized (or not authorized) to send messages for the domain that the message is from. It should also be pointed out that the domain being validated is the MAIL FROM or return path domain. Specifically, SPFv1 performs validation on the domain found in the envelope sender (sometimes defined as the MAIL FROM header). SPFv2 (also known as Sender ID) supports MAIL FROM validation, but adds the concept of Purported Responsible Address (PRA), which defines an algorithm for selecting among a set of RFC2822 headers. The domain for validation is extracted from the appropriate header as defined by the PRA header selection algorithm. 6

7 [ Security: Combating New Threats ] Sender ID What s the Difference Between SPF and Sender ID? There is much confusion around SPF and Sender ID. As noted above, the terms SPFv1 and SPFv2 are commonly used to describe the two specifications, but there are critical differences between them, and they are not interchangeable. A detailed description of the various differences can be found on the Open SPF website. Briefly, Sender ID was a protocol advanced by Microsoft that was never widely embraced, though still in use among some senders. The technical distinctions are outlined below. What is SPF? SPF (defined in RFC 4408) validates the HELO domain and the MAIL FROM address given as part of the SMTP protocol (RFC 2821 the envelope layer). The MAIL FROM address is usually displayed as Return-Path if you select the Show all headers option in your client. Domain owners publish records via DNS that describe their policy for which machines are authorized to use their domain in the HELO and MAIL FROM addresses, which are part of the SMTP protocol. What is Sender ID? Sender ID (defined in RFC 4406) is a Microsoft protocol derived from SPF (hence the identical syntax), which validates one of the message s address header fields defined by RFC Which one it validates is selected according to an algorithm called PRA (Purported Responsible Address, RFC 4407). The algorithm aims to select the header field with the address responsible for sending the message. Since it was derived from SPF, Sender ID can also validate the MAIL FROM. But it defines the new PRA identity to validate, and defines new sender policy record tags that specify whether a policy covers MAIL FROM (called MFROM by Sender ID), PRA, or both. SOURCE: Sender Policy Framework - SPF vs Sender ID, dual-licensed under the GNU GPL v2 and the Creative Commons CC BY-SA

8 [ Security: Combating New Threats ] AFRF and Abuse Reporting Feedback Loop Reporting has been an important concept in abuse and spam prevention for many years now. Basically, it provides a common way for inbox providers to report back to senders when individual users mark incoming messages as spam. The Abuse Report Format (ARF) (see: RFC 5965) has long been the standard, and the Authentication Failure Reporting Format (AFRF) distinction is simply a new report sub-type extension that allows for relaying of forensic details regarding an authentication failure within the DMARC framework. Authentication Failure Reporting Format (AFRF) Supports reporting of SPF and/or DKIM failures For SPF, reports the client IP address and the SPF record(s) that were retrieved, producing a fail result For DKIM, reports the canonicalized header and body that produced a failed signature, allowing forensic analysis by the signer to detect why the failure occurred Also supports ADSP reporting of messages that weren t signed but should have been This will be used by DMARC sites for reporting per-message failure details. An aggregate reporting format is suggested within an appendix of the DMARC specification. SOURCE: DMARC Overview, used under creative commons license, CC By

9 [ Security: Combating New Threats ] DMARC The Whole DMARC: Greater Than the Sum of Its Parts Although each of these specifications provides assurance about the sender s identity, each alone has vulnerabilities or limitations around handling and control that hindered widespread adoption. The DKIM standard has been largely embraced for its robustness, but it still left an opportunity for a comprehensive safeguard that would give senders the control to define delivery policies, while enabling receivers to a) determine whether incoming messages align with those policies, and b) act on those findings to report back to the sender on message disposition. In short, combining DKIM with SPF and the more detailed AFRF reporting standards represents the most comprehensive and most promising approach to preventing abuse that the Internet industry has ever mounted =

10 [ Security: Combating New Threats ] DMARC In Action In practice, DMARC is designed to fit into an organization s existing inbound authentication process. The way it works is to help receivers determine if the purported message aligns with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle the non-aligned messages. For example, assuming that a receiver deploys SPF and DKIM, plus its own spam filters, the flow may look something like this: Author Composes and Sends Sending Mail Server Inserts DKIM Header Sent to Receiver IP Blocklists, Reputation, Rate Limits, etc. SENDER RECEIVER Validate and Apply Sender DMARC Policy Standard Validation Tests Retrieve Verified DKIM Domains Retrieve Envelope From via SPF Apply Appropriate DMARC Policy Anti-Spam Filters, etc. Standard Processing Passed Quarantine Update the periodic Aggregate Report to be sent to Sender Failure Report Sent to Sender SOURCE: DMARC Overview, used under creative commons license, CC By

11 [ Security: Combating New Threats ] The Arrival of DMARC Great Progress Frustrated by the ongoing threats and limitations of the previous mechanisms, 15 organizations that included the world s largest service providers, financial institutions, and message security companies banded together in 2012 to create DMARC the Domain-based Message Authentication, Reporting and Conformance group. The coalition included Internet titans like Google, Microsoft and Yahoo!, as well as intelligence pioneer Return Path and financial services providers including PayPal, Fidelity and the Bank of America. Their goal was to establish a universally accepted authentication standard that allowed for senders and receivers to share information about how messages are processed, to allow for continuous improvement. PayPal had actually tested a similar system back in 2007, in partnership with Yahoo! and Gmail, which achieved a significant reduction in the number of threats masquerading as legitimate PayPal messages. By the time DMARC launched five years later, many of the largest-volume senders were eager to adopt it, including Amazon, LinkedIn, Facebook, ebay, Groupon and Netflix. First Year Out of the Gate With its collaborative approach and compelling benefits for both senders and receivers, it didn t take long for DMARC to catch on. In just its first year, DMARC has become the universal authentication standard for the world s leading providers and message senders. * These are just a few of the impressive achievements so far: 1.9 billion mailboxes protected 80% of U.S. consumer mailboxes, and 60% worldwide Over 325 million messages blocked by December 2012 Supported by Microsoft, Google, Yahoo!, AOL, Comcast, and international ISPs * In First Year, DMARC Protects 60 Percent of Global Consumer Mailboxes February 6,

12 State of the Republic The Long-Rumored Demise of DMARC came about at an interesting time in the evolution of the Internet right as mobile devices like smartphones and tablets have grown to eclipse desktop PCs as the primary access gateway for online life. With more messaging interactions happening in mobile-oriented message streams like SMS/MMS, IM chat and Push notifications, so began another round of chatter in 2012 that is on its way to obsolescence. We keep hearing that, as businesses and consumers are migrating to these new channels, social media and mobile applications will soon replace as the dominant method of messaging. And no doubt, the growth in in-app push notification messages in recent years has been astronomical. Yet the numbers for are still orders of magnitude greater than app-based messaging and growing steadily. Technology research firm The Radicati Group published a report * on the status of the market in October 2012, with a few key projections that show is still on the rise. traffic in 2012 Over 2.1 billion users worldwide 144 billion s exchanged daily Global revenues topped $8 billion Projected traffic in 2016 Expected to reach 2.7 billion users More than 192 billion daily s Revenue forecasts likely to surpass $12 billion * Statistics Report, , The Radicati Group. Apr 22nd,

13 [ State of the Republic ] Healthy Growth Evolving Expectations drives business and business drives The majority of traffic originates as automated corporate messages such as alerts, notifications and marketing communications. While we know that consumer messaging behaviors are indeed changing, businesses still depend heavily on due to its relatively low cost and well-established infrastructure. That s why security is so critical to the ongoing marketing and risk-mitigation efforts of retailers and other enterprises. In fact, according to the Radicati Group report, business use of will continue growing at an average rate of 13% through And despite the reality that a small negative growth rate is expected for consumer s over that same period, the mobile devices and apps touted as killers still use as a primary notification method and communication channel. , and security, will continue to be central to global business for the foreseeable future. Customer communication behaviors are changing While s central place in business and consumer messaging isn t in doubt, this does not mean the overall messaging environment is not in flux it is. In fact, consumer expectations of how companies engage with them have changed dramatically due to the proliferation of wireless technology and mobile devices *. More and more consumers today want and expect personalized, relevant communications that reach them wherever they are, via the most expedient messaging channel. In many ways, they want the interaction to emulate the way they communicate with friends. But in order for brands to meet this expectation and take advantage of the opportunity, consumers must be willing to share their data and preferences which makes the digital messaging linchpin of trust all the more vital. And that willingness is widespread. In a recent consumer survey, 69% of respondents said they were willing to give up personal data in exchange for more customized service. * Message Systems Report: Marketing Channel and Engagement Benchmark Survey. Oct Customer Experience in the Digital Age. David Kirkpatrick, Marketing Sherpa, April 30th,

14 [ State of the Republic ] In the Crosshairs Spearphishing These factors together a fast-evolving communications environment, consumers becoming more comfortable sharing data with businesses create fertile ground for scams and cybercrime. And a company s messaging stream is often the first place cybercriminals strike. Not only is the channel an inherently vulnerable access point, it also tends to be rich with personal data and more importantly these days provides easy access to more valuable targets. Once this perimeter has been breached, threats are frequently able to proceed unchecked even with robust network security in place. Not coincidentally, cybercriminals are keeping up with consumer expectations for digital communication just as well as marketers. As the demand for highly targeted, personalized messaging increases, so do the schemes that exploit these same tactics. Today s biggest threats aren t the broad, indiscriminate attacks that flood ISPs with crudely spoofed . Now, the real danger comes from the sophisticated spearphishing scams aimed at specific individuals and organizations, which subvert the ecosystem from the inside. Delivered with hacktivist sensibilities, these attacks are also known as advanced persistent threats (APTs) because they move between service providers, enterprises, and consumers through a combination of identity theft, spoofing, and malware *. Criminals are going farther and farther up the ladder in compromising the trust supply chain. They re attacking one company, service provider, ad network or certificate authority just as a way to attack another entity farther down the ladder of trust and ultimately exploit thousands or millions of unsuspecting users. Craig Spiezle, Executive Director, Online Trust Alliance * white Paper: Safeguarding Messaging Streams for Enterprises and Service Providers Technology Principles for Architecting a Secure Messaging Environment 14

15 [ State of the Republic ] Persistent Response What makes APTs particularly sinister is that the goals are often far more ambitious than the simple theft of data assets; they tend to focus on hijacking the identity and reputation of a company, or completely taking over its systems. That way, malicious s can be disseminated directly from the compromised senders using their own trusted brand names, authenticated domains, and IPs to masquerade as legitimate communications and improve the odds of avoiding detection. And yet, while APTs are far more sophisticated and insidious than the earlier generation of attacks, they still use messaging streams as the entry point. The integration of messaging streams with data sources and operating systems means that today s multi-faceted attacks need only compromise one access point to infiltrate the others. As a result, risk can no longer be defined by functional areas alone. Spearphishing and other APTs are too intelligent and highly targeted, not mere brute force assaults that can be thwarted by strengthening the network perimeter. Therefore, the security response must become as persistent as the threats, and all players in the ecosystem need to work together, exchanging information and protecting one another. Because if one pillar falls prey to an APT, then all are at much greater risk. That s where DMARC comes in. 15

16 A New Standard DMARC extends authentication and enhances control It was in this fast-changing information security environment that the founders of DMARC began planning a new standard for authentication. And there s a lot more to DMARC than just authentication. In fact, DMARC doesn t even provide a new form of authentication; it allows senders to choose between existing forms of SPF and DKIM authentication, either one or both. The key technical benefits it offers are enhanced control and visibility with regard to message processing. In addition to indicating which of the two authentication protocols is protecting their messages, senders also get to tell receivers how to handle messages if neither method can be validated. They can request that rejected s be bounced or marked as junk whereas, in the past, ISPs had to make this call on their own. Senders were not given any input or visibility into the way messages were being processed, thus making it extremely difficult for them to optimize security mechanisms or deliverability rates. Mutually Beneficial Feedback Loop With DMARC, senders share their handling preferences and receivers respond with daily results reporting so all parties know which messages passed and failed authentication. This mutually beneficial feedback loop takes most of the guesswork out of message processing and threat assessment, reducing risk and increasing trust on all sides including, most importantly, the consumers at the end of the messaging stream. The widespread adoption of DMARC as a universal standard by receivers is primarily what has made these benefits possible. As more and more members of the community of senders follow suit in the months and years ahead, so will the promise of an abuse-free messaging ecosystem progress. DMARC Highlights Uses existing path-based SPF or signature-based DKIM authentication Senders choosing DKIM must use the robust 1024-bit encryption standard Senders share message handling preferences with receivers Receivers provide visibility into message processing via daily reports 16

17 [ A New Standard ] Deliverability and Business Benefits Authentication has been an important factor in deliverability for several years, but now it s an absolute requirement for ensuring reliable inbox delivery. All the major inbox providers have expanded their authentication policies in recent years due to the rise in phishing and APTs. The good news is that DMARC makes it easier than ever to stay in compliance with these more stringent requirements because nearly all major receivers are now on board with the same methodology. Deciding which messages to authenticate, and how to do so, used to be a much more complicated process especially for multi-tenant environments that require greater flexibility in authentication policies. But the visibility and control achieved through DMARC go a long way toward alleviating this burden for service providers and enterprises with numerous internal clients. The long-term gains for a brand s bottom-line are substantial, and the ease of implementation ensures a quick return on investment. The Standard The most current standard for DMARC that is under consideration by the Internet Engineering Task Force was drafted under the editorship of Facebook engineer Murray Kucherwary. This document sets the following high level requirement for DMARC: Minimize false positives. Provide robust authentication reporting. Allow senders to assert policy for consumption by receivers. Reduce the amount of successfully delivered phish. Work at Internet scale. Minimize complexity. Business benefits of DMARC Higher deliverability rates Enhanced user trust in legitimacy Stronger brand reputation and loyalty 17

18 [ A New Standard ] The Road Ahead DMARC is still in its relative infancy, having celebrated its first anniversary early in The visibility and control it provides over messaging streams will continue to develop even further as the standard matures. New products and services that leverage DMARC reporting capabilities are already on the horizon and, as motivated members of the ecosystem push for options specific to their unique needs, authentication policies will soon evolve beyond the basic set available today. We re also likely to see additional visibility into the authenticity of messages for endusers, something akin to existing infrastructures around Extended Validation Certificates and SSL certificates. The key takeaway for senders is to put the foundation in place for your business now, and then you ll be ready for enhanced authentication capabilities as soon as new innovations are introduced

19 Implementation Four Essential Steps For senders, implementing DMARC will be an ongoing process. As more receivers adopt the standard, the reports flowing back to senders will become more detailed with richer data. These steadily improving data streams will thereby enable senders to modify and optimize their sending streams over time. That s the longterm view. To initiate a DMARC program, senders must first take these four basic steps: Implement DKIM Implement SPF Create and publish a DMARC policy or resource record Implement reporting and analysis Publishing DKIM Records DKIM requires that you generate private and public encryption keys (1024-bit random numbers), and that you publish the public key selector record to your DNS. Several free DKIM key generators are available online. If your domain were and your selector was s768 the public record will look similar to the following: Name Value t=y;o=~; k=rsa; p=migfma0gcsqgsib3dqe <snip> 3pmCktutYJNilQIDAQAB 19

20 [ Implementation ] Implement DKIM Sending Servers Set up: The domain owner (typically the team running the systems within a company or service provider) generates a public/private key pair to use for signing all outgoing messages (multiple key pairs are allowed). The public key is published in DNS, and the private key is made available to their DKIM-enabled outbound servers. This is step in the diagram. Signing: When each is sent by an authorized enduser within the domain, the DKIM-enabled system automatically uses the stored private key to generate a digital signature of the message. This signature is included in a DKIM-Signature header and prepended to the . The is then sent on to the recipient s mail server. This is step in the diagram. Sending Mail Server DNS Receiving Mail Server Mailbox Receiving Servers 1. Preparation: The DKIM-enabled receiving system extracts and parses the message s DKIM-Signature header. The signing domain asserted by the header is used to fetch the signer s public key from DNS. This is step in the diagram. 2. Verification: The signer s public key is then used by the receiving mail system to verify that the signature contained in the DKIM-Signature header was generated by the sending domain s private key. This proves that the was truly sent by, and with the permission of, the claimed sending domain. It also provides that all the headers signed by the sending domain and the message body were not altered during transit. 3. Delivery: The receiving system uses the outcome of signature verification along with other local policies and tests to determine the disposition of the message. If local policy does not prohibit delivery, the message is passed to the user s inbox. Optionally, the recipient may be informed of the results of the signature verification. This is step in the diagram. 20

21 [ Implementation ] Implement SPF SPF consists of two basic components: Sender side: senders publish DNS records that describe their policies. Receiver side: receivers use a parsing engine that looks up the published policies for inbound mail and takes actions based on it. the parts of an SPF record v=spf1 SPF version 1 mx include:aspmx.googl .com -all The incoming mail servers (MXes) of the domain are authorized to also send mail for The machine is authorized, too Everything considered legitimate by is legitimate for, too All other machines are not authorized SOURCE: 21

22 [ Implementation ] Publish a DMARC Policy DMARC policies are published in a sender s Domain Name Server (DNS) as text (TXT) resource records (RR) and announce what an receiver should do with nonaligned mail it receives. Consider an example DMARC TXT RR for the domain that reads: v=dmarc1;p=reject;pct=100;rua=mailto: In this example, the sender requests that the receiver rejects all non-aligned messages outright and send a report, in a specified aggregate format, about the rejections to a specified address. If the sender was testing its configuration, it could replace reject with quarantine which would tell the receiver they shouldn t necessarily reject the message, but consider quarantining it. DMARC records follow the extensible tag-value syntax for DNS-based key records defined in DKIM. The chart below illustrates some of the available tags. Tag Name Purpose Sample v Protocol version v=dmarc1 pct Percentage of messages subjected to filtering pct=20 ruf Reporting URI for forensic reports rua Reporting URI of aggregate reports p Policy for organizational domain p=quarantine sp Policy for subdomain of the OD sp=reject adklm Alignment mode for DKIM adklm=s aspf Alignment mode for SPF aspf=r NOTE: The examples in this chart are illustrative only and should not be relied upon in lieu of the specification. Please refer to the specification page for the most up-to-date and accurate version. SOURCE: DMARC Overview, used under creative commons license, CC By

Email Authentication Policy and Deployment Strategy for Financial Services Firms

Email Authentication Policy and Deployment Strategy for Financial Services Firms Email Authentication Policy and Deployment Strategy for Financial Services Firms A PUBLICATION OF THE BITS SECURITY PROGRAM February 2013 BITS/The Financial Services Roundtable 1001 Pennsylvania Avenue

More information

Cyber-Security Essentials

Cyber-Security Essentials Cyber-Security Essentials for State and Local Government Best Practices in Policy and Governance Operational Best Practices Planning for the Worst Case Produced by with content expertise provided by For

More information


LEADBUYING 101 PRESENTED BY LEADBUYING 101 PRESENTED BY 1 2 INTRODUCTION The act of buying leads is a fairly easy task. A few quick phone calls could easily result in hundreds of leads being delivered to you on a daily basis. However,

More information

Selecting an Email Marketing Platform

Selecting an Email Marketing Platform the ultimate buyer s guide to Selecting an Email Marketing Platform The most comprehensive, practical, and objective guide to choosing the email service provider that best meets the needs of your business.

More information

Privacy and Tracking in a Post-Cookie World

Privacy and Tracking in a Post-Cookie World Privacy and Tracking in a Post-Cookie World A whitepaper defining stakeholder guiding principles and evaluating approaches for alternative models of state management, data transparency and privacy controls

More information

Convergence of Social, Mobile and Cloud: 7 Steps to Ensure Success

Convergence of Social, Mobile and Cloud: 7 Steps to Ensure Success Convergence of Social, Mobile and Cloud: 7 Steps to Ensure Success June, 2013 Contents Executive Overview...4 Business Innovation & Transformation...5 Roadmap for Social, Mobile and Cloud Solutions...7

More information

MATTERS SECURITY. Security Considerations for Mobile Point-of-Sale Acceptance

MATTERS SECURITY. Security Considerations for Mobile Point-of-Sale Acceptance SECURITY MATTERS Insights on Advancing Security and Fraud Management for Payment Cards Security Considerations for Mobile Point-of-Sale Acceptance Smartphones and tablets are providing users with an ever-expanding

More information

How to Decide to Use the Internet to Deliver Government Programs and Services

How to Decide to Use the Internet to Deliver Government Programs and Services How to Decide to Use the Internet to Deliver Government Programs and Services 1 Internet Delivery Decisions A Government Program Manager s Guide How to Decide to Use the Internet to Deliver Government

More information

An Introduction to Symantec Email Security and Availability for Microsoft Exchange

An Introduction to Symantec Email Security and Availability for Microsoft Exchange An Introduction to Symantec Email Security and Availability for Microsoft Exchange A Comprehensive Approach to Effectively Managing Email Environments Overview of email security, availability, and resilience

More information

The Critical Security Controls for Effective Cyber Defense. Version 5.0

The Critical Security Controls for Effective Cyber Defense. Version 5.0 The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...

More information

Product Overview for Windows Small Business Server 2011. December 2010

Product Overview for Windows Small Business Server 2011. December 2010 Product Overview for Windows Small Business Server 2011 December 2010 Abstract Microsoft offers Windows Small Business Servers as a business solution for small businesses by providing a simplified setup,

More information

Software-as-a-Service (SaaS) and Physical Security Management for Federal Systems. Adapting to the forces of HSPD 12, Convergence, and FISMA

Software-as-a-Service (SaaS) and Physical Security Management for Federal Systems. Adapting to the forces of HSPD 12, Convergence, and FISMA Software-as-a-Service (SaaS) and Physical Security Management for Federal Systems Adapting to the forces of HSPD 12, Convergence, and FISMA April 18, 2008 1 Abstract Working to meet the requirements of

More information

SAFE: A Security Blueprint for Enterprise Networks

SAFE: A Security Blueprint for Enterprise Networks WHITE PAPER SAFE: A Security Blueprint for Enterprise Networks Authors Sean Convery (CCIE #4232) and Bernie Trudel (CCIE #1884) are the authors of this White Paper. Sean is the lead architect for the reference

More information

Customer Relationship.. Management..

Customer Relationship.. Management.. White paper Customer Relationship.. Management.. Improving customer interactions with this powerful technology Executive Summary As we move further into an era when the manipulation and assessment of data

More information

Global Cyber Executive Briefing

Global Cyber Executive Briefing Global Cyber Executive Briefing Lessons from the front lines Read more Global Cyber Sectors Executive Briefing Lessons from the front lines In a world increasingly driven by digital technologies and information,

More information

Securing Microsoft s Cloud Infrastructure

Securing Microsoft s Cloud Infrastructure Securing Microsoft s Cloud Infrastructure This paper introduces the reader to the Online Services Security and Compliance team, a part of the Global Foundation Services division who manages security for

More information

QUARTERLY Panda Security 2008 REPORT PandaLabs (JULY - SEPTEMBER 2008) QUARTERLY REPORT PANDALABS (JULY-SEPTEMBER 2008) Index Introduction 3 Executive summary 4 Third Quarter Figures 5 Distribution of

More information

These materials are the copyright of John Wiley & Sons, Inc. and any dissemination, distribution, or unauthorized use is strictly prohibited.

These materials are the copyright of John Wiley & Sons, Inc. and any dissemination, distribution, or unauthorized use is strictly prohibited. Enterprise Mobility 2nd Edition by Carolyn Fitton, Tom Badgett, and Corey Sandler Enterprise Mobility For Dummies, 2nd Edition Published by: John Wiley & Sons Canada, Ltd. 6045 Freemont Blvd. Mississauga,

More information

Ensuring a Thriving Cloud market: Why interoperability matters for business and government

Ensuring a Thriving Cloud market: Why interoperability matters for business and government Ensuring a Thriving Cloud market: Why interoperability matters for business and government An Executive Summary Businesses, public administrations and individuals are eagerly embracing cloud computing

More information


GEO- ANALYTICS ADDING VALUE TO BIG DATA QUICK INSIGHTS. $245 USD / free to TM Forum members. 2014 2014 GEO- $245 USD / free to TM Forum members ANALYTICS QUICK INSIGHTS ADDING VALUE TO BIG DATA Sponsored by: Report prepared for Kathleen Mitchell of TM Forum. No unauthorised sharing.

More information

The Definitive IP PBX Guide

The Definitive IP PBX Guide The Definitive IP PBX Guide Understand what an IP PBX or Hosted VoIP solution can do for your organization and discover the issues that warrant consideration during your decision making process. This comprehensive

More information

Suggestions to Help Companies with the Fight Against Targeted Attacks

Suggestions to Help Companies with the Fight Against Targeted Attacks A Trend Micro Research Paper Suggestions to Help Companies with the Fight Against Targeted Attacks Jim Gogolinski Forward-Looking Threat Research Team Contents Introduction...3 Targeted Attacks...4 Defining

More information

Handling Inactive Data Efficiently

Handling Inactive Data Efficiently Issue 4 Handling Inactive Data Efficiently 1 Editor s Note 3 Does this mean long term backup? NOTE FROM THE EDITOR S DESK: 4 Key benefits of archiving the data? 5 Does archiving file servers help? 6 Managing

More information

Top Online Banking Threats. to Financial Service Providers in 2010

Top Online Banking Threats. to Financial Service Providers in 2010 Top Online Banking Threats to Financial Service Providers in 2010 Table of Contents Introduction... 3 No Silver Bullet... 4 Authentication... 4 The Trade Off... 4 Top Threats to Financial Services... 5

More information


BUILDING A BUSINESS CASE Page 29 Friday, January 30, 2004 10:34 AM CHAPTER 2 BUILDING A BUSINESS CASE FOR VOIP To leap or to hide Trust evidence to decide; Faith makes risky guide. James Coggins Taking Charge of Your

More information

The Four T s of Effective Email Campaigns

The Four T s of Effective Email Campaigns [ Improve the ROI of your email marketing campaigns ] The Four T s of Effective Email Campaigns An e-book by Pardot The Four T s of Effective Email Campaigns Most marketing strategies these days are based

More information

Cisco: Addressing the Full Attack Continuum

Cisco: Addressing the Full Attack Continuum 1 Cisco: Addressing the Full Attack Continuum A New Security Model for Before, During, and After an Attack 2 3 9 12 Issue 1 Welcome Addressing the Full Attack Continuum: A New Security Model for Before,

More information

Cyber Security Planning Guide

Cyber Security Planning Guide Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise

More information

Windows 7 Reviewer s Guide. A First Look at Windows 7 DRAFT

Windows 7 Reviewer s Guide. A First Look at Windows 7 DRAFT m Windows 7 Reviewer s Guide A First Look at Windows 7 DRAFT 2 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication.

More information

Module 9: IS operational and security issues

Module 9: IS operational and security issues file:///f /Courses/2010-11/CGA/MS2/06course/m09intro.htm Module 9: IS operational and security issues Overview Firms that make extensive use of information systems must contend with a number of ongoing

More information