Best IT Blog

Sample Excel – Exchange Upgrade Project Plan

Comments Off on Sample Excel – Exchange Upgrade Project Plan

Email Management Considerations

Posted in eMail (66) by Guest on the October 13th, 2014


Email has become a vital piece of corporate infrastructure although it often receives less attention than systems running other core business functions. Recent virus attacks have highlighted how reliant companies are on their email service.

Email is particularly vulnerable to any IT infrastructure failures in addition to specific challenges such as spam, virus attack and other security issues. As a key component for both external and internal communications, any service issues affecting email immediately impacts on a company’s ability to function.

Email volumes will continue to grow exponentially, spam will become an increasingly large issue and virus writers will become more cunning. This means that in order to continue to provide a high level of email service, the corporate IT department is going to have to allocate more and more specialist resources to running its email system. And this is at a time when the pressures of the economy are such that many businesses need to focus more on their core areas of expertise and competence.

This dilemma can be addressed by utilizing on an outside supplier to provide and manage email services. However, the challenge for companies will be to manage the balance between their internal resources and the services they have outsourced. This re-emphasizes the need to find reliable partners with the necessary expertise and who will deliver agreed service levels.

What is clear is that corporate email systems need specialist skills and are going to require more, not less resources as the reliance on email continues to grow.

Considerations for Email Management

In-house Managed Email Managed Email Service. Pros and cons of running an email system in-house vs. using an external managed service provider.


 Control over tools, content and updates

 Prioritize based on business drivers

 Grow internal skill and knowledge

 Easier integration with other systems


 Access to specialized skills

 More reliable and flexible service

 Predictable lower costs

 Focus on core business


 Finite resources with email skills

 No penalty based SLA

 Downtime caused through lack of focus

 Constant re-training needed to stay current

 Threat to knowledge base from staff turnover


 Negative perceptions within IT department

 Administrative overhead of communication

 Loss of in-house competence


Key Issues Relating to Email Management

Control of Viruses

Of all the issues relating to running an email system, dealing with the threat of virus attack is very high up on every organization’s priority list. We find that there is almost universal adoption of some sort of anti-virus process or product within the business community. The impact of virus attack on a company can be disastrous. Firstly there is the disruption to ongoing business while the impact of the virus attack is dealt with (user downtime, cleaning user PCs and so on), then there is the impact on business partners to whom the virus may have passed. This has in the past been measured in terms of minor embarrassment ranging to major lost contracts and long-term damage to a company brand. The commercial estimates relating to the damage done by viruses vary greatly. However all agree that virus damage and the ensuing clean up is costing British businesses billions of pounds each year.

All agree that protecting an organization against becoming the victim of a virus attack and in turn preventing the organization from propagating the virus attack is now a business critical function. Viruses are mainly distributed through email. Some are attachments to emails; others are included in the body of the email itself. Additionally viruses can be passed by accessing or downloading from websites, but this method is a relatively minor consideration compared to email transmission.

The solutions that organizations have implemented fall broadly into the following categories:

Total Outsourcing

By having an external organization take on responsibility for scanning all inbound and outbound email, a company is able to be comfortable in the knowledge that a professional is acting on their behalf. A specialist organization is working round the clock to ensure that viruses are kept at bay. Companies that have subscribed to this approach report an excellent level of service, with near 100% protection from viruses. However this does come with two downsides. Firstly, the cost of this service – typically around $1 per user per month. Secondly, the incidence of “false positives” – a false positive is where an email is wrongly diagnosed as having a virus attached or embedded. This becomes a problem if the email in question is of a critical nature and the process for dealing with the “false positive” results in a lengthy delay in delivering the message to the recipient.

A final consideration in this approach is that it does not prevent a virus from propagating around an organization should it manage to penetrate the outer defenses. It is this consideration that leads many companies to continue to run anti-virus protection on individual PCs and servers even though they are paying another organization to protect them.

In summary, this approach is well received by those using it. It is very effective at preventing viruses from penetrating into an organization but does not provide any protection should a virus be introduced by other means such as a user’s private webmail account. This therefore cannot be regarded as the complete solution for protecting a company from virus attack.


Excellent at trapping viruses, uses multiple different engines – constantly updated against the latest viruses and provided as a managed service so no dependency on company IT staff.


Does not protect against a virus propagating around a company once penetrated. In-house Server Based Virus Protection

This is by far the most common approach to protecting companies against virus attack. The anti-virus software is installed on all email servers and scans the emails passing through the server, quarantining any that it identifies as containing a virus.

As this approach is in-house, its success depends on the vigilance, capability and availability of the company’s IT department staff. Applying latest updates against new viruses is an hourly function and although automated, requires checking regularly. Server based virus prevention is also limited to one product (running multiple anti-virus products on the same server can make them both identify each other as a virus, due to the way they function!), which leads to a selection process where technical requirements may lose out to commercial considerations. Furthermore, different anti-virus vendors may be more successful than others in combating different viruses, so having more than one product running would provide enhanced protection.


Prevents spread of viruses within an organization as well as providing protection from inbound and outbound viruses.

Cons: Limited to one vendor’s approach. Reliant on the IT department to monitor, manage and apply updates constantly. Adds overhead to IT staff in dealing with quarantined messages. This approach allows viruses to penetrate a company’s network before being trapped. Increasingly complex viruses may exploit this vulnerability.

Client PC Based Protection

Client based virus protection is generally regarded as an adjunct to another approach or for mobile workers.


Protects the client PC.


Dependant on the user to setup and manage updates.

Only protects the client PC.

Does not protect servers or other network infrastructure.



Protecting an organization from the threat of viruses is paramount. Email communication is now business critical in most companies and being without it for any length of time starts to cost the company competitiveness, money and employee productivity. The business case for providing virus protection does not need proving. However, the level of protection that a company deems cost effective needs reviewing.

Whilst the majority of organizations are using server based virus protection, their reliance on one vendor and busy internal IT staff to run the service offers opportunities for breach by new viruses and the potential that new types of virus can do damage prior to being identified by the email server.

An approach that hands primary protection to a specialist who will trap and remove viruses prior to them ever arriving at your network is definitely the way of the future. Such an organization will be acting for many companies and so will have specialist knowledge that it is impossible to justify developing within a company’s IT department. However, reliance on a third party provider has limitations around preventing the internal spread of a virus that is introduced through other means (infected CD-ROM, Internet download, etc), so retaining server and client PC based virus protection is also recommended as a backup measure.


Comments Off on Email Management Considerations

Sample – Simple Electronic Mail Policy

Posted in eMail (66),Policies - Standards (600) by Guest on the January 22nd, 2014

User Responsibilities

These guidelines are intended to help you make the best use of the electronic mail facilities at your disposal. You should understand the following.

1) The Company provides electronic mail to staff to enable them to communicate effectively and efficiently with other members of staff, other companies and partner organisations.

When using the Company’s electronic mail facilities you should comply with the following guidelines. 


1) Do check your electronic mail daily to see if you have any messages.

2) Do include a meaningful subject line in your message.

3) Do check the address line before sending a message and check you are sending it to the right person.

4) Do delete electronic mail messages when they are no longer required.

5) Do respect the legal protections to data and software provided by copyright and licenses.

6) Do take care not to express views which could be regarded as defamatory or libellous.  


1) Do not print electronic mail messages unless absolutely necessary.

2) Do not expect an immediate reply, the recipient might not be at their computer or could be too busy to reply straight away.

3) Do not forward electronic mail messages sent to you personally to others, particularly newsgroups or mailing lists, without the permission of the originator.

4) Do not use electronic mail for personal reasons.

5) Do not send excessively large electronic mail messages or attachments.

6) Do not send unnecessary messages such as festive greetings or other non-work items by electronic mail, particularly to several people.

7) Do not participate in chain or pyramid messages or similar schemes.

8) Do not represent yourself as another person.

9) Do not use electronic mail to send or forward material that could be construed as confidential, political, obscene, threatening, offensive or libellous.  

Please note the following

All electronic mail activity is monitored and logged.

All electronic mail coming into or leaving the Company is scanned for viruses.

All the content of electronic mail is scanned for offensive material. 

If you are in any doubt about an issue affecting the use of electronic mail you should consult the I.T. Services Manager. 

Any breach of the Company’s Electronic Mail Policy may lead to disciplinary action.


Comments Off on Sample – Simple Electronic Mail Policy

Sample – Grouped URL / Email Filtering Products

Posted in Compliances (1300),eMail (66),Security (1500) by Guest on the March 28th, 2013

Grouped URL / Email Filtering Products

URL / Email Filtering Products

Symantec / BrightMail
Barracuda Networks


Comments Off on Sample – Grouped URL / Email Filtering Products

Sample – Grouped Email Malware Products

Posted in Compliances (1300),eMail (66),Security (1500) by Guest on the March 27th, 2013

Grouped Email Malware Products 


Trend Micro
Pelican Sec


Comments Off on Sample – Grouped Email Malware Products

Sample eMail Disclaimers

Posted in Compliances (1300),eMail (66),Security (1500) by Guest on the December 1st, 2012


Notice: The information contained in this email and in any attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.  If you have received this email in error, please notify us immediately by replying to the message and delete the email from your computer. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited.  The recipient should check this email and any attachments for the presence of viruses.  Sender accepts no liability for any damages caused by any virus transmitted by this email.  Please note that this e-mail is and any response to it will be unencrypted and, therefore, potentially insecure. 

CONFIDENTIAL INFORMATION: The information contained in this email message is confidential, and is intended only for the use of the individuals or entity named above who have been specifically authorized to receive it. If the receiver is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication or its attachments (if any) is strictly prohibited. If you have received this communication in error, please notify me immediately. Any personal comments made do not reflect the views of “Your Corp”. 

IMPORTANT! Any attachments that may contain confidential information. If you receive this information by email or in soft copy, please delete the email and its attachments immediately after review and use. All hard copy documents which contain such confidential information must be shredded immediately after review and use. Failure to properly dispose the information as requested could result in noncompliance with federal law.


Another Sample


All information transmitted hereby is intended only for the use of the addressee(s) named above and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of confidential and privileged information is prohibited. If the reader of this message is not the intended recipient(s) or the employee or agent responsible for delivering the message to the intended recipient(s), you may not distribute or copy the confidential and privileged portion of this communication to another. Anyone who receives confidential and privileged information in error should notify us immediately by telephone and mail the original message to us at the above address and destroy all copies. To the extent any portion of this communication contains public information, no such restrictions apply to that information.

Another example

This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful.


Comments Off on Sample eMail Disclaimers

Sample Word – Security Sendmail Standard

Posted in eMail (66),Policies - Standards (600),Security (1500) by Guest on the October 25th, 2012
Comments Off on Sample Word – Security Sendmail Standard

Sample – Secure Sendmail Security Standard Considerations

Posted in eMail (66),Policies - Standards (600) by Guest on the October 18th, 2012


This standard applies to all Corporate data, including Corporate customer data, whether located at a Corporate facility or a third party facility, and whether handled by Corporate employees, or Corporate contractors, vendors, third party service providers, or their staff or agents.  This standard also applies to all wholly owned and partially owned subsidiaries. 

The guidance in this standard shall be considered the minimum acceptable requirements for the use of Sendmail. This standard sets forth expectations across the entire organization.  Additional guidance and control measures may apply to certain areas of Corporate.  This standard shall not be construed to limit application of more stringent requirements where justified by business needs or assessed risks. 

Sendmail Standard

Corporate’s business functions rely upon the integrity, confidentiality, and availability of its computer systems and the information assets stored within them.  

Responsibilities and procedures for the management, operation and security of all information processing facilities must be established.  This Policy supports the stated objectives.

It is the policy of Corporate to provide safe, secure electronic messaging systems to its employees, contingent workforce, and other properly authorized persons, for the purpose of enabling and supporting the conduct of business.  Use of electronic messaging systems shall be in conformance with relevant Corporate policies, and shall not, whether by intent or mistake, increase the risks to Corporate information assets or business functions. 

Roles & Responsibilities

The End User is responsible for the creation of electronic messages, usage of the related messaging services in a manner consistent with this Policy, and when such activity is within their span of control, the retention and disposal of electronic messages sent and received.

The IT Custodian is responsible for defining and implementing security measures and controls to ensure the system(s)/application(s) are managed and operated in a secure and effective manner.

The Information Security Organization will assist End Users and IT Custodians in assessing, defining, implementing, managing and monitoring appropriate controls and security measures.

The Information Security Organization will audit and review the adequacy of controls and security measures in place to measure and enforce conformance to this policy. 



.  Etc…


Comments Off on Sample – Secure Sendmail Security Standard Considerations

BlackBerry Basic Architecture

Posted in eMail (66) by Guest on the September 14th, 2012

The purpose of the BlackBerry Enterprise Server is to centralize management and control of the BlackBerry solution within an organization. The BlackBerry Enterprise Server performs the following functions for each user: 

  1. Monitors the user’s mailbox for new email.
  2. Applies user-definable filters to new messages to determine if and how the message will be relayed to the user’s BlackBerry Wireless Handheld.
  3. Compresses and encrypts new messages and pushes them to the BlackBerry Wireless Handheld via the Internet and wireless network.
  4. Receives, via the Internet, messages composed on the BlackBerry Wireless Handheld, then decrypts and decompresses the messages and places them in the user’s Outbox for the corporate 

Microsoft® Exchange Server to deliver

The BlackBerry Enterprise Server provides a secure, two-way link between the user’s Microsoft Exchange account and the user’s BlackBerry Wireless Handheld. Consider the BlackBerry Enterprise Server as a conduit rather than a mail server or message repository – all message storage is still left to the Microsoft Exchange Server. By maintaining a link to the messages in the user’s Microsoft Exchange mailbox, the BlackBerry Enterprise Server provides several advanced features: 

  1. When forwarding a message from the handheld, the BlackBerry software forwards the complete original message from the user’s Microsoft Exchange account, including all attachments that are appended to the message. Although attachments cannot be viewed on the handheld, they can still be forwarded to other email addresses.
  2. When receiving a message from the handheld, the first 2K of a message are pushed to the handheld. The user is able to request more of the message to be delivered in 2K blocks up to a maximum of 32K. 

When “replying with text” from the handheld, the BlackBerry software will append the entire original message to the reply, not just the 2K that was sent to the handheld. 

The BlackBerry Enterprise Server is a Windows® NT service that can monitor many users at once over a single administrative connection to the Microsoft Exchange Server. The BlackBerry Enterprise Server uses a direct TCP/IP connection to the wireless network. Achieving this direct connection requires a one-time configuration of the company firewall and results in a considerable speed advantage. Figure 1 provides an overview of the system architecture. At the heart of this wireless email solution is the BlackBerry Enterprise Server:

  1. The BlackBerry Enterprise Server is administered through extensions to the standard Microsoft Exchange Administrator
  2. The configuration information is placed in the data store of an Administration account
  3. That must be set up for the BlackBerry Enterprise Server. This account must have privileges to read and write to the message stores of the users it serves.


Comments Off on BlackBerry Basic Architecture

BlackBerry Enterprise Server Components

Posted in eMail (66) by Guest on the September 13th, 2012

BlackBerry Dispatcher

The BlackBerry Dispatcher handles traffic to the BlackBerry Infrastructure. It compresses/decompresses and encrypts/decrypts wireless data. The BlackBerry Dispatcher handles all internal Service Routing Protocol (SRP) connections from the BlackBerry Messaging Agent and also manages communication from the BlackBerry MDS Connection Service, the BlackBerry Synchronization Service, the BlackBerry Policy Service, and the BlackBerry Collaboration Service to the BlackBerry Infrastructure. These components connect to the BlackBerry Dispatcher through specific ports and communicate with the BlackBerry Infrastructure through the BlackBerry Router using a unique SRP identifier that the BlackBerry Dispatcher establishes. 

BlackBerry Messaging Agent

The BlackBerry Messaging Agent handles BlackBerry Synchronization Service traffic, including contacts, tasks, memos, message settings, and message filters. The BlackBerry Messaging Agent also has a mechanism for wireless calendar initialization before wireless calendar synchronization is enabled. This mechanism is used to initially synchronize the BlackBerry device and the Microsoft Exchange message store, enabling wireless synchronization to occur. Each BlackBerry Messaging Agent owns a unique internal SRP identifier that connects to the BlackBerry Dispatcher. 

The BlackBerry Messaging Agent also handles all Microsoft Exchange-related traffic using Messaging Application Programming Interface (MAPI) and Collaboration Data Objects (CDO).  


The BlackBerry Messaging Agent uses thread pools that have a MAPI session to the Microsoft Exchange Server. New thread pools are created when an existing thread pool exceeds the 50-mailbox maximum or the BlackBerry Enterprise Server connects to another Microsoft Exchange Server. This thread pool system minimizes the number of MAPI sessions to the Microsoft Exchange Server, which provides added product stability. 


The BlackBerry Messaging Agent uses CDO sessions for wireless calendar activity. A CDO session is established for a user when a calendar-related request is made. If no activity occurs within five minutes, the session ends. 

BlackBerry Router

The BlackBerry Router acts as a gateway to the BlackBerry Infrastructure and user computers. It determines whether data should be transmitted wirelessly or routed through a network connection. When a BlackBerry device is connected to a computer, the BlackBerry Router routes data to the BlackBerry device and bypasses the wireless network. 

BlackBerry Controller

The BlackBerry Controller starts the BlackBerry Messaging Agents and monitors their health. If the BlackBerry Controller detects nonresponsive threads or if a BlackBerry Messaging Agent stops responding, the BlackBerry Controller restarts the BlackBerry Messaging Agent. 

The BlackBerry Controller assigns BlackBerry user accounts to BlackBerry Messaging Agents based on the following criteria:

  • Microsoft Exchange Server on which the user accounts reside (groups user accounts together or, if most user accounts reside on the same Microsoft Exchange Server, distributes the user accounts evenly)
  • Amount of user accounts that currently reside on each BlackBerry Messaging Agent (up to 500 users) 

The BlackBerry Controller also monitors all BlackBerry processes and restarts them if they are not in a running state. 

BlackBerry MDS Services

In BlackBerry Enterprise Server Version 4.x, RIM introduced a new component called the BlackBerry MDS Services. The BlackBerry MDS Services also require the BlackBerry MDS Connection Service to send data to BlackBerry devices. 

The BlackBerry MDS Services are responsible for managing interactions and requests between BlackBerry devices and enterprise applications. The BlackBerry MDS Services include the following services:

  • BlackBerry MDS Management Service: deals with policies, such as those that specify which applications users can download, the services available to applications, and so on
  • BlackBerry MDS Provisioning Service: controls and manages which applications users can download to BlackBerry devices
  • BlackBerry MDS Data Optimization Service: transforms data for efficient wireless transmission and use on BlackBerry devices
  • BlackBerry MDS Connection Service: provides TCP/IP and HTTP-based connectivity between BlackBerry MDS Studio Java™ Applications and enterprise applications and between BlackBerry MDS Browser Applications and enterprise applications
  • BlackBerry MDS Application Integration Service: supports the integration and transmission of data between BlackBerry MDS Studio on the BlackBerry device and web services applications
  • BlackBerry MDS Studio Application Repository: manages published BlackBerry MDS Studio Applications centrally 

The current version of this document includes benchmarking information for the BlackBerry MDS Connection Service. The document does not include benchmarking information for the BlackBerry MDS Services. 

BlackBerry MDS Connection Service

The BlackBerry MDS Connection Service enables push-based access to enterprise data and applications. Capitalizing on the BlackBerry Enterprise Server architecture, the BlackBerry MDS Connection Service provides a safe connection between the BlackBerry device and corporate application servers. Through this connection, users can access corporate data from enterprise applications. The data travels between the BlackBerry device and the BlackBerry Enterprise Server using the same path as the BlackBerry Collaboration Service, so no extra connections or firewall openings are required. 

The BlackBerry MDS Connection Service also communicates with the BlackBerry Dispatcher. It permits persistent socket connections from the BlackBerry device to the corporate application server.

You can configure the BlackBerry MDS Connection Service to run on a computer that is remote from the BlackBerry Enterprise Server computer.  

BlackBerry Attachment Service

The BlackBerry Attachment Service enables users to open and view message attachments on their BlackBerry devices. Attachment content is formatted and delivered to the BlackBerry device using the Universal Content Stream (UCS) format. When a user requests to view an attachment on the BlackBerry device, the BlackBerry Messaging Agent sends the request information to the BlackBerry Attachment Service, and the BlackBerry Attachment Service performs the conversion of the attachment content to UCS format. The BlackBerry Enterprise Server compresses and encrypts the attachment data and then sends the formatted attachment to the BlackBerry device. 

The BlackBerry Attachment Service also enables users to view Microsoft PowerPoint® presentations in a slide format. 

BlackBerry Synchronization Service

The BlackBerry Synchronization Service synchronizes contacts, tasks, and memos between the email application on a user’s computer and the user’s BlackBerry device using Microsoft Exchange through the BlackBerry Messaging Agent. The BlackBerry Synchronization Service also synchronizes message settings and message filters. The wireless protocol also synchronizes a variety of database configurations, backs up databases on the BlackBerry device, and synchronizes items when necessary.

Initialization of the BlackBerry Synchronization Service is triggered when items on the BlackBerry device and the BlackBerry Configuration Database are not synchronized. This initialization can be triggered by activating a BlackBerry device wirelessly or moving user accounts. The initialization mechanism is also used to initially synchronize the BlackBerry device and message store, enabling wireless synchronization to occur.

Because the initialization feature is not considered to maintain a steady state load on the BlackBerry Enterprise Server, its impact on the BlackBerry Enterprise Server performance is not included in this document. There are load conditions that the initialization places on the system that you should consider when initialization occurs. 

BlackBerry Policy Service

The BlackBerry Policy Service pushes IT policies and IT administrative commands to BlackBerry devices wirelessly. It is also responsible for creating and pushing service books to BlackBerry devices that are being activated wirelessly and for sending third-party applications to BlackBerry devices wirelessly.

Because the BlackBerry Policy Service is not considered to maintain a steady state load on the BlackBerry Enterprise Server, its impact on the BlackBerry Enterprise Server performance is not included in this document.


Comments Off on BlackBerry Enterprise Server Components

Sample Word – Email Encryption Information Security Standard

Posted in eMail (66),Policies - Standards (600) by Guest on the May 29th, 2012
Comments Off on Sample Word – Email Encryption Information Security Standard

Sample – PGP Encryption Proof of Concept or Pilot considerations

Posted in eMail (66),Information Rights Management (100),Security (1500) by Guest on the May 9th, 2012

Implementing PGP for evaluation Criteria:

Specific objective:

1) Understanding of business needs

2) Software deployment phase dates

3) Find out about other competitors (if any)

4) Why they like or dislike them

5) Do they have a solid security policy to follow?

6) Do they have budget and enough people to do the Pilot?

7) How soon they are willing to move to enterprise solution?

8) What do you need  to do to make their process faster?

9) Find out what is the perfect Solution for them. This list should be use for closing the sale and moving forward.

10)  What is stopping them from deploying the product ? 


Provide clearly defined goals and objectives for a successful PGP Proof of Concept or Pilot:

  1. Define Key Organizational Contacts 
  2. Technical Management
  3. Business Management
  4. Information Technology 

Define Pilot Length and Support Expectations:

  1. Pilot should be targeted for One Month
  2. Weekly technical and business call after product installation with sales
  3. Summary compiled for Customer and Symantec use after Pilot Completion 

Define Pilot Group:

  1. Target 20-50 End Users for Pilot Group
  2. Gain Understanding of the Group’s Business Function and Technology Needs
  3. Gain Understanding of Company’s Business Overall Business Practices 

Define Systems Requirements for Group andEnterprise:

  1. Certificate Server
  2. PGP Command Line: Batch Server
  3. PGP VPN Client
  4. PGP Desktop Security 

PGPEnterpriseSecurity Suite:

  1. End User System Requirements (RAM and Disk Space Needed)
    • Assist Organization in Defining Security Requirements
    • Provide both End User and Technical Staff Documentation

 Provide Hands-on Training to Pilot Group and Technical Staff:

  1. Installation Support and Training
  2. Technical Training for Engineers
  3. Installation and Utilization Training for End Users 

System Requirements: 


1) Windows 200x or Solaris (8 – 11) 

User machines

1) Windows Server NT 4 – 200x

2) Windows XP – Windows 7

3) Mac, PowerPC

4) Mobile Devices / Tablets

Implementing PGP

1)      First week

  • Installation of PGP Certserver or Net Tools PKI
  • Review company Security Policy
  • Find out about who is going to be Admin and Root CA
  • Have passphrase ready
  • Set up the permissions for users (W,R,D,….) 

Second week

1)      Installing PGP Admin

  • Create Client installer
  • Create ADK
  • Create CSK
  • Find out how to deploy Client installer (network, CD, …)
  • Check the preferences and set it up before hand for Users
  • Split the key if it is necessary
  • Join the keys through network or locally
  • Spend some time to get familiar with all the features of the product. 

Third week

1) Train users before hand

2) Install the client installer (silent install).

3) Generate the private and public key

4) Sign the keys

5) Train users 

Measure results of Proof of Concept or Pilot

1) Metrics

2) Reports


Comments Off on Sample – PGP Encryption Proof of Concept or Pilot considerations

Mobile Email Requirements

Posted in eMail (66),Policies - Standards (600) by Guest on the April 26th, 2012

Scope (Informative)
Mobile e-mail is defined as an e-mail service optimized to support e-mail usage in mobile devices and mobile networks.  This document describes various use cases to illustrate key mobile e-mail usage patterns and will also provide a comprehensive set of high level requirements that can be derived from the use cases.  High-level requirements can be used as a basis for more detailed architecture definition work.

Use cases and high level requirements are defined and described in a technology agnostic way and as such no specific technology implementation is suggested.
This Requirements Document focuses on requirements for the enabler specifications rather than for particular implementations of those.  Whether the described features are optional or mandatory for implementations will be decided at a later stage.
Normative References

“Key words for use in RFCs to Indicate Requirement Levels”, S. Bradner, March 1997, URL:
“IETF Internet Message Format”
“Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies

Terminology and Conventions
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in [RFC2119].
All sections and appendixes, except “Scope” and “Introduction”, are normative, unless they are explicitly indicated to be informative.


Mobile E-Mail
Enabling technologies that facilitate end-to-end application level interoperable e-mail transactions (e.g. submission, retrieval, notification etc) to and from mobile devices.
E-Mail Events
Changes to the status of an e-mail (e.g. read/unread, flagged, deleted, etc…) that result for example from reading, moving, deleting etc an e-mail. They may be server or client side events depending on where the change takes place
Email Message
A sequence of data containing a Header and optionally:
A Body,
Meta data
Email Message Headers and Bodies are defined in [RFC2822] “Internet Message Format”
A sequence of lines of characters whose syntax includes a field name followed by a colon (“:”) and followed by a field body. Mandatory Headers included in e-mails are  ‘To:’ and ‘From:’
Headers can also include additional custom end-to-end message headers
Source: IETF [RFC2822] “Internet Message Format”.
A body consists of one or more parts that follow the header. A body could include a combination of some or all of the following:
[RFC2822] defined plain text parts
[RFC2045] defined MIME parts, e.g. inline multimedia content (e.g. SMIL, HTML)
A special body part within the message body.  Attachments can be displayed in-line or separately based on the indicated presentation semantic, e.g. graphics or word processing files.
Meta Data
Machine-generated attributes applied at delivery time appearing in [RFC2822] header fields. Examples include “RESENT” header field, Message Context (voicemail, email, MMS, SMS) and Processing Rules results.
Filtering Rules
A set of actions and conditions where the conditions are evaluated to determine what e-mail events and what e-mail notifications should be sent from the client to the server or the server to the client. They also include rules to select what new e-mails should be delivered from the server to the mobile client. This may be based on several criteria like subject, date, sender, folder where it is located etc…
Processing Rules
Actions and conditions that are applied on new e-mail. They include: spam prevention, filtering rule, antivirus processing and other scans, attachment removal
Server to Client Notification
A means by which the server informs the client of status changes, e.g. a new message has arrived.

Unless otherwise stated, all requirements apply to the Mobile E-mail Enabler
High-Level Functional Requirements

It MUST be possible to minimize delays and bandwidth requirements (e.g. by minimizing the number of roundtrips between client and server, the bytes to exchange between client and server, etc…) for the following:
o Events sent from the server to the client  or accessed by the client to announce or describe new e-mail
o Exchanges to deliver new e-mail from the server to the client
o Events sent from the server to the client to announce or describe e-mail events on the server
o Events accessed by the client from the server to announce or describe e-mail events on the server
o Exchanges to reconcile the client after a e-mail event on the server
o Exchanges to access or manipulate attachments
o Sending e-mail from an assigned e-mail server
o Sending e-mail events on the client to the e-mail

Table 1: High-Level Functional Requirements

Events sent from the e-mail server to the client to announce or describe new e-mail MUST support confidentiality and integrity.
When used, events accessed by the client from the server to announce or describe new e-mail MUST be end-to-end confidential when desired.
Exchanges to provide new e-mail arrived on server to the client MUST be end to en
d confidential when desired.
When used, events sent from the server to the client to announce or describe e-mail events on the server MUST be end-to-end confidential when desired.
When used, events accessed by the client from the server to announce or describe w-mail events on the server MUST be end-to-end confidential when desired.
Exchanges to reconcile the client after an e-mail event on the server MUST be end to end confidential when desired.
Exchanges to access or manipulate attachments MUST be end to end confidential when desired.
Exchanges to send e-mail from the assigned e-mail server MUST be end to end confidential when desired.
E-mail events sent from the client to the e-mail server MUST be end-to-end confidential when desired.
The client MUST be able to be authenticated by the server when requesting data from the e-mail server.
The server MUST be able to be authenticated by the client.
Mobile email MUST support content screening.
The mobile e-mail enabler MUST allow the mobile client to be protected by the same spam protection solutions as applied on the server.

Table 2: High-Level Functional Requirements – Security Items

NOTE: When desired is used in the mobile e-mail RD in association to security requirements to emphasize the fact that seeking confidentiality of the exchanges between the client and the server MUST be supported when mandated by the actors BUT that it may be okay not to support them in cases where such additional confidentiality assurance is not required or desired.

For example, consumer internet email does not provide such extra confidentiality. In such cases, it may not be needed to provide it with mobile e-mail. Corporate e-mail requires such confidentiality. Therefore the requirement on the enabler is a MUST.
Charging is not intrinsic to the mobile e-mail enabler.

In order to support charging for e-mail traffic, the mobile e-mail enabler SHOULD provide ways to identify mobile e-mail exchanges (events, access, sending, synchronization) as e-mail data exchanges, even when the exchanges are end-to-end secure.

Table 3: High-Level Functional Requirements – Charging Items
Administration and Configuration

It MUST be possible to provision the mobile client from the server upon authentication and authorization of the user and pairing with a device.
It SHOULD be possible for user preferences/filters/settings to follow the user across devices, when desired by the user or administrator.
Authorized principals MUST be able to configure the settings of the user preferences/filters/configurable settings for a particular user.
The mobile email enabler MUST support preventing or remotely revoking unauthorized usage of and access to e-mail data of a mobile device.

Table 4: High-Level Functional Requirements – Administration and Configuration Items

Mobile email SHOULD minimize event propagation delays and must not impose excessive delays according to user preferences.
Mobile email SHOULD minimize delays in accessing email messages and must not impose excessive delays according to user preferences.
When / if downloading an attachment, the client SHOULD be able to provide indication of the download and to estimate of the time needed to complete the download.
E-mail sent from client MUST be sent to the e-mail server according to user preference if configurable or client settings otherwise, when network connectivity is available.
When connectivity is not available or drops, if it is possible to compose and sent e-mail, it MUST be stored on the client until connectivity becomes available and then sent to the e-mail server as soon as possible.
 E-mail events on the client to the e-mail server MUST be sent to the e-mail server according to user preferences if configurable or client settings otherwise, when network connectivity is available.
When connectivity is not available or drops, email events on the client that may take place MUST be stored on the client until connectivity becomes available and then sent to the e-mail server as soon as possible.
The mobile email enabler MUST provide support for the user to be able to set filtering rules for the delivery of  email based on:
o Email header fields
o Mailbox folder options.
o Server-determined spam score, Other criteria as needed.
The mobile email enabler MUST provide support for the user to be able to change filtering rules from his mobile client.
Rules (like filtering rules, processing rules, attachment removal, spam prevention, …) applied on the server MUST still apply to the repository on the client for what the user has selected to synchronize on the client.
 The mobile email enabler MUST provide support for the user to be able to select the default or available ways to be notified about new e-mails based on capabilities of client and network:
o what
notification is used (e.g. SMS, Push, MMS, …)
o if events are accessed by client (when, how, what is initially part of the event)
The mobile e-mail enabler MUST support the use of a number of different means to transport notifications (e.g. SMS, MMS, WAP Push, SIP Notification, UDP, in band, polled, …). This will allow. deployment on any target networks.
The User MUST be able to select how e-mail server should present new e-mail events to the client and to select how the client reacts to such events and therefore how the new e-mail is reflected in the client repository:
o  A few meta-data, no stored e-mail
o  A given size of the e-mail
o The whole e-mail without attachment
o The whole e-mail with attachment
The user MUST be able to manually initiate access to e-mail that has arrived on the server but is not yet on the client.
The user MUST be able to manually access more e-mail data when only a portion is stored on the client (e.g. more of the body, a specific attachment, more of a specific attachment, the rest of the body, the whole e-mail with all attachments).
 Authorized principals MUST be able to select the default or available ways that -mail events are sent to or accessed by the client and other e-mail settings that may affect the server behaviour.
The mobile e-mail enabler SHOULD NOT require repetitive actions by the user to provide robustness to intermittent or unreliable connectivity (e.g. loss of connectivity, loss of network transport packets and reconnect) (e.g. having to initiate client reconnect, initiation of synchronization, password entry for server authentication, VPN re-establishment, etc…).
The mobile email enabler MUST enable the user to  forward an e-mail with attachment without downloading the attachment to the client.
The mobile email enabler MUST enable the user to forward an e-mail partially downloaded without having to download the remainder to the client.
The mobile e-mail enabler SHOULD minimize the amount of information that a user must provide to provision an e-mail client to access the appropriate e-mail server.
The client MUST allow the user to reply to an e-mail partially downloaded without first having to download the remainder of the e-mail to the client.
The client MUST allow the user to edit a partially downloaded e-mail, for reply and have the resulting e-mail sent from the server.
 The client MUST allow the user to edit a partially downloaded e-mail , for forward and have the resulting e-mail sent from the server.
The client MUST be able to download body parts or parts thereof that the user wants to edit when replying to an e-mail partially downloaded to the client.
The client MUST be able to download body parts or parts thereof that the user wants to edit when forwarding an e-mail partially downloaded to the client.
When replying to a long list of addressees, the client MUST allow the user to edit the addresses.
Mobile-email Enabler SHOULD support multiple email accounts.
Mobile-email Enabler MUST support configuration of email account information for connection and filtering on a per-account basis.
Mobile-email Enabler SHOULD support definition of auto-reply messages for filtered messages. Automatically generated replies MUST conform to RFC 2821 and related RFCs and MUST NOT lead to mail loops.
Mobile-email Enabler SHOULD support activation/deactivation of auto-reply from the client. Automatically generated replies MUST conform to RFC 2821 and related RFCs and MUST NOT lead to mail loops.
Mobile-email Enabler MUST support replying to messages by using the email account that the original message was received on.
Mobile-email Enabler SHOULD support organization of the retrieved email messages according to their source email account.
The mobile enabler MUST support the user ability to forward only a selection of the attachments of an e-mail with attachments, without downloading the attachments to the client.
The mobile e-mail enabler MUST provide mechanisms to access any desirable email part even when the email size is beyond the limit imposed on the size of the emails that can be delivered to mobile devices while remaining within the size constraints of the part to be downloaded

Table 5: High-Level Functional Requirements – Usability Items

Data exchanges between the client and server, such as Events, sending Mail, reconciliation, attachment manipulation MUST remain functional in the presence of firewalls between the mobile e-mail client and the users e-mail servers.
When used, events sent from the server to the client to announce or describe new e-mail MUST be network neutral.
When used, events accessed by the client from the server to announce or describe new e-mail MUST be network neutral.
Exchanges to provide e-mail arrived on server to the client MUST be network neutral.
Exchanges to reconcile the client after a e-mail event on the server MUST be network neutral.
Exchanges to access or manipulate attachments MUST be network neutral.
It MUST be possible to send e-mail from the e-mail server assigned to the user (e.g. not another SMTP server in another domain).
Sending e-mail from an assigned e-mail server MUST be network neutral.
Sending e-mail events on the client to the e-mail server MUST be network neutral.
The mobile e-mail enabler MUST allow the e-mail repository on the mobile client to be synchronized with the appropriate backend server:
· Sometimes via the OMA Mobile e-mail enabler specifications (between client and server)
· Sometimes via the OMA DS specifications for e-mail between the client and another client, that it be
o Connected to the server
o Previously synchronized with the server and later re-synchronized with the server
The e-mail enabler MUST support server-side adaptation of attachment to the device user by user.
The server-side adaptation MUST be capable of being controlled by the client (e.g., with smart or intermediate clients).
The design of the mobile e-mail enabler specifications SHOULD consider and aim at interoperability or gracefully degradation with relevant e-mail standards.
The number of optional features in the Mobile E-mail enabler specifications SHOULD be minimised, while allowing efficient implementation of both consumer and enterprise mobile e-mail solutions.
Server-side adaptation MUST preserve the ability of accessing e-mail via other channels (e.g. via other e-mail clients).
Server-side adaptation MUST preserve the original e-mails and attachment stored in the e-mail server

Table 6: High-Level Functional Requirements – Interoperability Items

The mobile e-mail enabler MUST allow the mobile client to be protected by the same privacy protection rules / solutions as applied on the server (e.g. filtering rules, privacy alert detections on outgoing e-mail, read/unread notice interception).
The mobile e-mail enabler MUST support the use of privacy tools that require user’s confirmation before allowing some e-mail events to take place.

Table 7: High-Level Functional Requirements – Privacy Items
Overall System Requirements

The mobile e-mail enabler MUST be robust enough to operate normally and useably when there is a intermittent or unreliable connection between the client and server.
The mobile e-mail enabler security (authentication, authorization, confidentiality, integrity) MUST operate and be usable in the presence of intermittent or unreliable connectivity (loss of connectivity, loss of network transport packets and reconnect).
The mobile e-mail enabler MUST NOT rely on the storage of email data in intermediate systems outside the e-mail server domain or the terminal.
Mobile e-mail enabler MUST permit highly scalable end-to-end implementations.
The mobile e-mail enabler SHOULD allow optimized implementations on constrained devices (e.g. power consumption, CPU overhead, memory and storage requirements).


Comments Off on Mobile Email Requirements

Protecting Against Spyware and Adware

Posted in eMail (66) by Guest on the April 23rd, 2012

If you notice any of the following symptoms, you may have adware or spyware installed on your computer:

  • Noticeable slowdown in performance with no other explanation.
  • Unusual software behavior, such as your Web browser’s home page suddenly changing, new items appearing in your Favorites menu, or programs closing unexpectedly.
  • Strange hardware behavior, such as the CD drive opening or unusual hard drive activity.
  • Strange network behavior, such as indications by your modem lights that your computer is transmitting data when you are not doing anything online.
  • Pop-up ads displaying when you are not surfing the Web. 

Protecting Against Unwanted E-mail

  • Unwanted e-mail, like junk mail in physical mailboxes, probably can never be completely eliminated. However, there are several things you can do to reduce the amount of spam you receive, including general spam protection practices, using spam filtering services or software, and using sender verification systems.

General Spam Protection Practices

  • Do not give out your e-mail address indiscriminately. Spammers often collect addresses from Web forms or buy them from organizations that collect the information. When you fill out online registrations (for example, many online news sites require that you register before you can read the stories), leave the e-mail address blank or provide an alternate address.
  • Using Spam Filtering Services and Software
  • Using E-mail Sender Verification

Making Web Browsing More Secure

  • Many exploits, malware programs, spam schemes, and phishing scams make use of the Web to collect information. Early Web pages consisted of just text and graphics, but now sophisticated Web sites use programming embedded in the Web pages to create amazing special effects. These capabilities also create security issues.

You can make Web browsing more secure by doing a few simple things:

  • Keep all security patches and service packs for your Web browser and operating system up to date.
  • Configure your browser’s security settings for safe browsing.
  • Configure your browser’s privacy settings to avoid unwanted cookies and pop-up ads.
  • Be careful about which Web sites you visit. Sites devoted to illegal or questionable subjects, such as hacker sites, sites for downloading pirated music or software, and pornographic sites are most likely to contain malicious code.
  • Enable checking of digital signatures on drivers and other programs you download.
  • Do not conduct financial transactions or send private information over the Web unless the site is secure (which is usually indicated by a dialog box or a “lock” icon in the browser’s status bar).
  • Configure your browser to not automatically download ActiveX controls, or run scripts, Java applets, or other code. If you want to be able to run code on some sites, configure the browser to prompt you before doing so. 

You can adjust the security settings for your Web browser software to make Web browsing more secure

  • You can test your Web browser software for common vulnerabilities and determine its encryption strength most corporation and ISP provide Internet assistance and advice in this area. Consult with your ISP or IT department for assistance.

Note: Some organizations’ IT policies specify that updates and patches only be installed by the IT department. Organizations may delay deploying service packs and other updates because of conflicts with proprietary software. Do not download or install software of any kind, including updates, and do not change the automatic update settings on any computer owned by the organization without the knowledge and permission of the IT department.


Comments Off on Protecting Against Spyware and Adware

eMail Security tidbits – Things that will surprise you !

Posted in eMail (66) by Guest on the April 21st, 2012

 Interesting eMail Security tidbits of information:

  • E-mails, contracts, and PowerPoint files account for 80 percent of corporate information.
  • 71% Use Email to Negotiate Contracts and Agreements
  • 69% Use Email to Exchange Invoices, Statements, and Payment Information
  • 93% Use Email to Communicate with Customers.
  • 38% Use Email to Respond to Regulators
  • 44% Use Email to File with Official Bodies
  • 35% Use Separate Back-End System for Email Retention
  • 23% Use Records Management System for Managing Email
  • 34% Use Document Management System for Managing Email
  • 40% Use Email Management and Archiving Software

There are currently over 10,000 U.S. federal, state, and local laws and regulations addressing what, how, when and why records must be created, stored, accessed, maintained, and retained over increasingly longer periods of time.

The Education sector accounted for the majority of data breaches with 30%, followed by Government (26%) and Healthcare (15%) – almost half of breaches (46%) were due to theft or loss with hacking only accounting for 16%.

Hacking resulted in 73% of identities being exposed

  • 1:400 emails contain confidential information
  • 1:50 network files are wrongly exposed

Breaches on the rise

  • 2010:142 companies exposed 86M individual data records
  • 2010: In 6 months, 40 companies and government agencies have exposed nearly 30M individual data records

IT Professionals need to address mission-critical administration concerns with in-depth, concise coverage. Some sample topics would be:

  • Defending the company’s sensitive information against security problems
  • Neutralizing the threat of computer viruses
  • Identifying potentially disastrous hardware conflicts
  • Unlocking the hidden usefulness of Windows NT utilities
  • Creating seamless Windows NT and Unix interoperability
  • Integrating emerging Internet technologies with your network
Comments Off on eMail Security tidbits – Things that will surprise you !

Sample Visio – eMail SMTP flows

Posted in eMail (66),Visio Samples - Stencils (457) by Guest on the April 13th, 2012
Comments Off on Sample Visio – eMail SMTP flows

Simple Script to Stop – Start MS Exchange Services (2000 – 2003)

Posted in Application (380),eMail (66) by Guest on the March 21st, 2012

In an emergency like, this might be useful to you for stopping / starting MS Exchange Services:

net stop MSExchangeMSMI /y

net stop MSExchangePCMTA /y

net stop MSExchangeFB /y

net stop MSExchangeDX /y

net stop MSExchangeIMC /y

net stop MSExchangeMTA /y

net stop MSExchangeIS /y

net stop MSExchangeDS /y

net stop MSExchangeSA /y

 To restart the Exchange Server services, type the following:

net start MSExchangeSA

net start MSExchangeDS

net start MSExchangeIS

net start MSExchangeMTA

net start MSExchangeIMC

net start MSExchangeDX

net start MSExchangeFB

net start MSExchangePCMTA

net start MSExchangeMSMI


Comments Off on Simple Script to Stop – Start MS Exchange Services (2000 – 2003)

Sample Visio – Simple Spam Network Edge drawing

Posted in eMail (66),Visio Samples - Stencils (457) by Guest on the February 18th, 2012

Simple drawing how a spam remediation at the gateway might reduce the spam impact on your organization.

Free – Visio Document download

Simple Spam Network Edge drawing


Comments Off on Sample Visio – Simple Spam Network Edge drawing

E-Mail, Viruses, and The Security Perimeter

Posted in eMail (66) by Guest on the February 6th, 2012

As technology moves on, E-mail subsystems have become key communication methods that not only provide simple E-mail but also a method of  “Work Flow” solution. This can be seen in Lotus Notes, Microsoft Exchange and Novell’s GroupWise, to name but a few. These solutions are commonly known as “GroupWare”. 

The objective of GroupWare solutions is to provide Communication, Collaboration and Co-ordination.  It is extremely important that the strategy of these solutions is well implemented and fully understood, otherwise, the very nature of such communication abilities effectively enables the distribution of malicious software across the whole enterprise. This unintentional extension and breakdown of security perimeters and the subsequent compromise of data confidentiality is an issue that should be most carefully assessed. 

Most organisations are currently looking at, or certainly should be looking at, their existing E-mail subsystems. Generally, we have found that even the largest corporations are still utilising small Workgroup-based E-mail Solutions, designed primarily for PC use, typically Microsoft Mail, Lotus CC:Mail, and so on. 

These small Workgroup E-mail subsystems are becoming increasingly difficult to monitor and control. Tools do not yet exist that can effectively analyse these proprietary E-mail databases, in terms of their storage, forwarding, and data exchange capabilities between themselves and other E-mail systems or client applications. 

Through e-mail is almost universal, keep communicating in person with bosses and clients. Critical attributes, like sincerity and confidence, can be conveyed only through body language and tone. So rely on e-mail for brief memo’s on non-negotiable topics. For example, if you’re seeking a promotion, use e-mail only to schedule a one-on-one meeting with your boss. Note: e-mail can also be a valuable tool in documenting vital correspondence.

The Threats

E-mail/GroupWare is an inherently complex environment that combines client/server technology, mobile users, heterogeneous networking, and electronic messaging between disparate messaging subsystems, all across LAN/WANS and the Internet. The impact of a virus in a corporate environment is damaging enough but the impact of a virus or other malicious object sent from our system to one of our customers could obviously be quite devastating. 

The threat of virus and malicious software compromises in small Workgroup E-mail subsystems is largely ignored until such time as an incident actually occurs. If the issue has been addressed at all, then generally the detection mechanism is installed only at the receiving desktop, which is somewhat akin to an “after the horse has bolted” approach.  Potentially, at this point, the whole organisation has been compromised. 

Needless to say, an attack can take many forms, from E-mail containing Trojan Horses to E-mail with infected file attachments, executables or documents with macro viruses or with embedded malicious objects. The exact nature of threat should always be identified prior to specifying for a solution. 

E-mail / Groupware Security Strategies

To address the complex tasks involved in protecting E-mail/Groupware environments, we must first define E-mail business requirements, ascertain the risks, threats and vulnerabilities, and build an appropriate security policy. We should then design an E-mail data flow that ensures all aspects of security are catered for, confidentiality, integrity, availability, terms which of course encompass the detection and countering of threats not only at the data centre, but also at the electronic front door. This ensures not only a reduction in security incidence, but just as importantly, a containment of such incidents, thus enabling effective and rapid response and recovery. 

In policy terms, the simplest form of prevention would be to not allow the use or the means of introduction of a virus threat in the first place.  Obviously this is a somewhat idealistic approach, but as a strategy statement it should stand, and given such principles, a useful and plausible policy could be assembled. With sound and well thought out design for data flow, and the use of Anti-Virus techniques at the gateway,  we could ensure not only significant risk reduction, but could also prevent such vulnerabilities from compromising LAN security in the first place. 

One definition of security could be to close the door on the threat, preventing it altogether. Another, possibly more realistic definition, would be to ensure that if security has been breached then at least such damage should be immediately detected and summarily contained. This follows the formal procedures of Security Perimeter Establishment and Incident Containment

With any security definition we must first recognise every entry point into our system. Once this has been achieved we can define security perimeters following which incident containment can be achieved. The analysis of data flow is key to understanding how to contain an incident and where to strategically place security tools, be they for prevention, detection or eradication.

Provision and Recommendations

The way forward would be to conduct a formal site survey and risk analysis of the existing E-mail Infrastructure, including all Internal Post Offices (PO), external LAN/WAN PO replications, PO proprietary gateways, remote user connections and external Internet connections. 

Such analysis would identify existing security perimeters and identify all risks and vulnerabilities, thus enabling us to document pertinent sections of existing Security Policy documentation, and design a more effective hierarchical security perimeter.

Once the security perimeters and the data flow is in a workable and manageable format, it will be possible to design the E-mail/IP gateway detection, prevention and eradication strategies, and place these tools tactically within the E-mail infrastructure. 

As a final note, such site survey and organisation-wide risk analysis would require full support from all departments and individuals involved in the control, management and purchase of our parochial E-mail systems, not to mention support from audit and higher management.  But perhaps most significantly, it would also require a recognition of the need to address E-mail security in the first place, and a “champion” or appointed security officer, vested with sufficient authority to present and follow through the initiative internally.


Comments Off on E-Mail, Viruses, and The Security Perimeter

Sample Visio – Outlook Web Access Connection Flow

Posted in eMail (66),Visio Samples - Stencils (457) by Guest on the February 6th, 2012
Comments Off on Sample Visio – Outlook Web Access Connection Flow

HIPAA E-mail Security

Posted in eMail (66) by Guest on the February 6th, 2012


More and more people are using e-mail to communicate with friends, family, colleagues, and businesses. However, only a small percentage of physicians and healthcare providers regularly use e-mail to communicate with patients. 


The advantages of e-mail communication between providers and patients are numerous and include the elimination of telephone tag and voice mail messages; the ability to attach educational materials or test results; and improved documentation as compared to that traditionally associated with telephone calls and physician recollection of patient-provider discussion. When used in addition to, rather than as a substitute for, face-to-face communication, e-mail may also enhance the patient/provider relationship. 


There are risks, however, associated with the use of e-mail by patients and providers to discuss health-related matters. The risks include information leakage, data integrity violations, repudiation, and others. Following is a brief overview of the major issues. 

Information Leakage:

1) Employers and online services retain the right to archive and inspect messages transmitted through their systems.

2) Either party might accidentally send an e-mail to the wrong person.

3) E-mail might be left visible on an unattended terminal.

4) E-mail can be printed, circulated, forwarded, and stored in numerous paper and electronic files.

5) E-mail is discoverable for legal purposes.

6) A person authorized to access the information might use it for an unauthorized purpose or disclose it to an unauthorized party.

7) Confidential health information might be obtained by an unauthorized entity from discarded media.

8) E-mail may be vulnerable to computer hackers who could then transmit the information for illegitimate purposes.

9) Phony e-mail could dupe legitimate users into voluntarily giving up sensitive information. 

Data Integrity Violations:

1) E-mail is easily intercepted and altered without detection.

2) E-mail can be used to introduce viruses into computer systems.

3) An impostor can forge e-mail.


1) A party to the communication could falsely deny that the exchange of information ever took place.

Other Risks

1) The sender may assume, but doesn’t necessarily know, that his/her message was delivered.

2) The recipient might not check his messages within the time frame the sender expects.

3) The attachments embedded in the e-mail might be in a format the recipient’s software can’t read.

4) E-mail can be misinterpreted. Without verbal and nonverbal feedback, the sender can’t confirm that his/her messages are understood.

Safeguards can be devised and implemented against most threats. However, these are not without costs. 

Legal and Regulatory Requirements.

Federal statutes and regulations that address patients’ right to privacy of health information include the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Medicare Conditions of Participation, and the Code of Federal Regulations relative to Alcohol and Drug Abuse. 

HIPAA contains requirements that health information be protected against threats to security, integrity, and unauthorized use. A notice of proposed rule making (45 CFR, Parts 160-164) published Nov. 3, 1999, proposed standards to protect the privacy of individually identifiable health information maintained or transmitted electronically in connection with certain administrative and financial transactions. 

The Conditions of Participation with which healthcare facilities must comply to be eligible for Medicare funds vary based on the healthcare entity. The conditions are as follows:

1) Hospitals: “The hospital must have a procedure for ensuring the confidentiality of patient records. Information from or copies of records may be released only to authorized individuals, and the hospital must ensure that unauthorized individuals cannot gain access to or alter patient records.”

2) Home health agencies: “Clinical record information is safeguarded against loss or unauthorized use.”

3) States and long term care: “The resident has the right to personal privacy and confidentiality of his or her personal and clinical records.”

4) Comprehensive outpatient rehabilitation facilities: “The facility must safeguard clinical record information against loss, destruction, or unauthorized use.”

5) Critical access hospitals: “The facility must safeguard the clinical information against loss, destruction or unauthorized use.”

6) Outpatient physical therapy services furnished by physical therapists in independent practice: “Clinical record information is recognized as confidential and is safeguarded against loss, destruction, or unauthorized use.” 

The Privacy Act of 1974 mandates that federal information systems must protect the confidentiality of individually identifiable data. Section 5 U.S.C. 552a (e) (10) of the act is very clear: federal systems must “establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.” 

Further, a HCFA Internet Security Policy issued in November 1998 states that “a complete Internet communications implementation must include adequate encryption, employment of authentication or identification of communications partners, and a management scheme to incorporate effective password/key management systems.” The policy is meant to establish the basic security requirements that must be addressed to transmit HCFA Privacy Act protected and other sensitive HCFA information over the Internet.


Comments Off on HIPAA E-mail Security

SharePoint VS. Email

Posted in eMail (66),SharePoint by Guest on the July 17th, 2011

Centralize content on company servers 

  • Supports sharing of email content across the enterprise

  • Body & attachment become searchable & reusable

  • Advantages of version control & history

  • Improved knowledge management



Comments Off on SharePoint VS. Email

Sample Visio – Blackberry drawing

Posted in eMail (66),Visio Samples - Stencils (457) by Guest on the July 9th, 2011
Comments Off on Sample Visio – Blackberry drawing

Printing and Mailing Recovery Services

Posted in eMail (66) by Guest on the June 12th, 2011


1) Dedicated recovery sites—hotsites devoted to printing/mailing business continuity; subscriber fees paid for availability, space, equipment, and services of fully operational facilities maintained by independent providers 

2) Excess capacity offerings—printing/mailing facilities offer operational resources and time beyond normal workload in order to accommodate disaster recovery 

3) Reciprocal agreements—pacts made by companies having similar printing/mailing requirements and equipment to support each other with disaster recovery 

Critical mail applications, including billing and customer service, must be recovered along with data to ensure that data will be put to use. Dedicated printing/mailing recov­ery sites offer high-tech equipment that’s ready to go when you’re ready to recover. Such sites also avoid potentially disruptive lead times of up to six months that are typi­cal when replacing specialized mail inserting equipment.


1) If temporary relocation is not feasible, alternate site’s proximity to your primary facility should be a priority.


2) Up-to-date technology and specific equipment to replicate your environment 

3) Expertise in print and mail finishing, as well as postal regulations

4) Well-documented, organized, accountable methodology

5) Local postal facility’s ability to absorb additional high volume of mail 

6) Uninterruptible power supply (UPS) in case of power outage at alternate site

7) Climate control and fire detection/suppression systems 

8. High level of on-site security

9) Telecommunications support

10)  Storage space and systems to warehouse your firm’s printed stock on-site

11)  Transportation accessibility, proximity to food and lodging

12)  Vendor with sound internal business recovery plans

A detailed cost analysis will often reveal hidden expenses. Then adding up costs, consider the following:

1) Set-up, programming fees

2) Monthly subscription fees 

3) Testing fees

4) Usage costs

5) Cost per piece

6) Warehousing fees


In order to bid for your business, vendors will want to know:

1) Monthly print volume and number of statements rendered

2) Number of pages per envelope

3) Number of computer program applications and their sizes

4) Print format

5) Special printing/mailing requirements

6) Type and quantity of equipment currently used

7) Need for intelligent inserting equipment

8. Control codes for intelligent applications 

9) Number of employees responsible for each function 

10)  Experience processing first class transaction mail 

11)  Business impact analysis for loss of printing/mailing operations 

12)  Turn-around time required



1) How many customers are contracted at your site?

2) How many customers can you simultaneously support? 

3) Who is the closest customer to my location that you currently serve or will accept? 

4) Is recovery time assigned on a first-come, first-served basis? 

5)  What is your level of experience? Industry qualifications? 

6) Is your equipment reserved specifically for disaster recovery? 

7) For what percentage of your business does disaster recovery account? 

8. What is your disaster declaration procedure?

9) What percentage of my monthly volume must be processed at your location?

10) Are my employees permitted to operate your equipment?



1)  How similar to my own are your company’s system and recovery needs? 

2)  How long have you contracted with this provider? 

3) Why was this vendor chosen? Others considered? 

4)  What did the selection process entail? 

5) Provider strengths, weaknesses? 

6) Any experiences with site activation? Testing? 

7) Is service consistent? Is there a liaison designated specifically for your company?

8. Has the vendor offered recovery planning services/support?

9) Are maintenance and test support adequate? 

10)  Have costs exceeded original estimates?


1) Vendors that offer printing/mailing disaster recovery services as a sideline. These ven­dors wiul fit you in when regular schedule permits, while those dedicated to disaster recovery will process your work immediately. 

2) Regional hazards – flooding, earthquakes, tornadoes, etc – and potentially hazardous industries in vicinity 

3) Sites served by the same electrical power grid or communications center as your primary facility

4) Inadequate security. Forms containing sensitive information, such as credit cards and check blanks, must be protected. 

5) Inadequate testing – anything less than four times per year


1) After pre-qualifying all vendor candidates, request a presentation at your facility.

2) Request written replies to follow-up questions not answered during vendor presentations. 

3) Visit actual site(s) of vendor finalists. Include your disaster recovery or security spe­cialist to conduct site surveys and your production manager to inspect equipment and evaluate operations.


Comments Off on Printing and Mailing Recovery Services

Simple Visio – Blackberry (BES) Interaction

Posted in eMail (66),Visio Samples - Stencils (457) by Guest on the May 9th, 2011
Comments Off on Simple Visio – Blackberry (BES) Interaction
Next Page »