CipherTrusts IronMail 2

By Francis Chu  |  Posted 2002-05-06 Print this article Print

.5 Proves Its Mettle"> Enterprises looking for a way to provide secure e-mail communications while keeping e-mail servers free of viruses, spam and hacks should consider Version 2.5 of CipherTrust Inc.s IronMail 210 e-mail gateway appliance.

In eWeek Labs tests, the IronMail upgrade consistently blocked attacks and stopped viruses from penetrating the network. We believe Version 2.5 would ably address the security needs of large e-mail systems when a dedicated appliance is the best option; organizations such as government agencies or financial companies would reap the greatest benefits from IronMails e-mail infrastructure protection.

However, IronMail is pricey, starting at $29,500. In addition, because it secures ports only for e-mail transmissions, general- purpose systems such as Symantec Corp.s Gateway Security Appliance are a better choice for companies that are looking for security gateways to also protect other services, such as Web or FTP servers.

The 2U (3.5-inch) IronMail 210, which shipped in March, has dual processors, hot-swappable hard drives with RAID support, hardware SSL (Secure Sockets Layer) acceleration, and redundant power supplies and fans. IronMail detects viruses using the optional Sophos Americas anti-virus scanning plug-in (priced on a per-user basis).

With Web mail support and optional virus scanning, the box can easily cost more than $40,000 for larger sites. (The configuration we tested, including Web mail and anti-virus options, would cost $34,500 plus anti-virus licensing fees.) IronMail 210 supports clustered failover with a second system for high-availability deployments, although this would double the systems cost.

For sites with smaller budgets, CipherTrusts IronMail 110 has a single processor, no SSL acceleration card, and no redundant power supplies or fans, for a base price of $15,500.

Firewall proxies and e-mail server plug-ins (such as Marshal Software Ltd.s MailMarshal) are less expensive but do not offer the extensive protection that IronMail provides. IronMail not only functions as a firewall for e-mail systems but also provides intrusion detection, e-mail encryption, anti-virus, anti-spam and content filtering capabilities. The appliance monitors all e-mail traffic and acts as a mail proxy supporting SMTP, Post Office Protocol and IMAP. It also supports integration with LDAP directories for mail relay and routing.

IronMail supports Microsoft Corp.s Exchange 2000, Lotus Notes, Novell Inc.s GroupWise and other Sendmail servers. Version 2.5s software runs on top of a hardened FreeBSD operating system and includes new features such as support for Microsoft Outlook Web mail—an increasingly popular way to transmit corporate mail.

IronMails Mail-VPN feature enforces e-mail transmissions using SSL/TLS (Transport Layer Security) encryption. We could designate TLS-enforced domains so that IronMail would always transmit SSL-encrypted e-mail to these sites. If the receiving server didnt support TLS, IronMail wouldnt deliver the message, ensuring mail confidentiality.

Having built-in SSL acceleration also allows IronMail to offload SSL processing from e-mail servers, freeing up CPU cycles for other messaging tasks.

IronMails Mail-IDS feature allows the appliance to detect and stop DoS (denial-of-service) attacks in addition to its standard signature-based attack recognition and alerting capabilities. Mail-IDS also provides anomaly detection to look for patterns of suspicious e-mail activity.

With anomaly detection enabled, we could set granular rules to detect suspicious events. The rules report events based on the trigger frequency in a given period of time. If the number of events in a given amount of time exceeds the specified maximum, an alert will be generated. This allows IT managers not only to detect a malicious virus propagating itself but to also discover any inappropriate behavior by internal users.

The Web UI (user interface) has a Dashboard page that provides administrators with a birds-eye view of IronMails main system status. Using the Dashboard, we quickly got a summary of pertinent information, including server status, queued e-mail load, IDS alerts and policy violations.

We installed IronMail on a Windows 2000 domain test bed with an Exchange 2000 server and several Windows 2000 Professional clients configured for Outlook Web mail. We were impressed with IronMails easy installation, which was made especially simple by the interactive configuration wizard for first-time setup. After we set IronMails networking parameters and policies, we configured our Outlook clients to retrieve e-mail from the IronMail appliance instead of the Exchange server.

We used hacker tools such as Nessus and Nmap to pound the IronMail appliance with probes and attacks—all of which IronMail stopped. We also used one of the Outlook clients to send a dummy virus called Eicar to other systems on the test network. IronMail quickly identified the Eicar virus, deleted the e-mail from the message queue and sent out alerts. In addition, we could configure IronMail to clean or rename virus extensions or drop infected e-mail.

We also used a DoS attack tool to test how IronMail responds to DoS attacks. Even when the appliance was being hammered with the DoS flood, we didnt lose e-mail service.

Technical Analyst Francis Chu can be reached at


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel