X.400 Filter™

If you thought that the threats presented by uncontrolled email originated only from the Internet via SMTP, then think again. Any email protocol used to communicate beyond the boundaries of your organization represents a common exposure to risk.

Many organizations around the world rely on the X.400 protocol to provide true business-critical messaging and X.400 remains a highly popular choice for providing backbone-messaging services. Clearswift is unique in providing a comprehensive messaging firewall specifically engineered for the X.400 market.

X.400 Filter is simple and straightforward to install and configure. It offers virus scanning, document analysis, sensitivity filtering, access control, audit and archive in a single proxy service.

How does it work?
Operating as a stand-alone system, much like its network firewall counterpart, X.400 Filter fits into your existing messaging infrastructure as a 'proxy' server. The solution acts upon messages 'in-transit' and hence concentrates thorough checking where it is really needed, without hindering the operation of the internal messaging service:

• Multi-file formats such as ZIP, TAR, MIME, UUENCODE, GZIP, and UNIX COMPRESS are opened out
• Any nested multi-file documents are recursively opened out
• Documents conforming to the Compound Document Architecture (CDA), such as MS Office documents, are decomposed to expose any embedded documents (only supported on NT)
• X.400 Filter may optionally pass on a message with some or all of the multi-file content decomposed into separate attachments

Solution Filters and Solutions Controls
In order to deal correctly with the content of a message, X.400 Filter completely decomposes the content into its most basic elements before subjecting each exposed component to a number of Solution Filters and Solution Controls. Alarms and actions are triggered as defined in the policy rules.

These filter and control mechanisms are supplied as standard solution components:

Solution Filters

Virus Filter
Integrates with third-party virus scanners to identify infected message attachments, raise alarms and remove infected attachments. It is the perfect complement to the use of desktop virus detection software, providing defense in depth. For additional security multiple independent virus detection packages may be used.

Media Filter
X.400 Filter can control, audit or block the passage of specific types of document. Powerful document identification techniques prevent documents being camouflaged. To prevent documents from being disguised by a simple change of file type, documents are identified by their 'fingerprint', rather than their file extension.

Macro Filter
Detects the presence of macros within office documents and embedded objects and blocks the passage of such documents. Macros can be easily conveyed as part of a document and may contain 'malicious code' which could pass unnoticed through a virus filter.

Sensitivity Filter
Customized security labels (e.g. Restricted, Commercial-in-confidence, etc.) can be added to message subject fields to indicate the sensitivity level of the content. The solution performs checks on security labels to ensure that sensitive information is not conveyed to inappropriate destinations. A sensitivity label plug-in is available for MS Outlook to achieve consistent labeling by users.

Spoof Filter
Validates the authenticity of a message by using Route Authentication to ensure that the originator address of a message received from a remote MTA (Message Transfer Agent) is compatible with the configured address details for that MTA. This feature also prevents a remote MTA masquerading as an authentic message source.

Custom Filters
Clearswift are able to offer integration and development services to help extend X.400 Filter to meet your exact requirements.

Solutions Control

Access Control
Policy rules are established to prevent the unauthorized disclosure of information. Control over who can send to whom is established by enforcing 'closed user groups' (CUGs).

Resource Control
Controls the amount of messages sent to your MTA (Message Transfer Agent) and protects against network congestion by allowing you to set message size limits, thereby preventing the degradation of your messaging server. Messages exceeding the defined limit are blocked and a notification sent to the originator if requested.

Archive Control
Archives all or selected messages according to policy needs and assists in achieving compliance to regulatory or 'best practice' requirements. The archive format allows integration with Hierarchical Storage Management (HSM) and mass optical storage systems for long-term storage and retrieval.

Action Control
The control mechanisms of X.400 Filter can be used to trigger a range of different actions. The actions are all controlled as part of the policy rules you define.

Message actions
Each message will either be passed through unchanged, modified or non-delivered.

Reporting actions
As well as archiving messages, notifications of actions taken by X.400 Filter can be configured to be sent as email to an administrator and/or the message originator.

Attachment actions
For each attachment of a message, the policy rules may direct that an attachment is removed or replaced with predefined text or another file.

Annotations
Annotates messages with an additional component, such as a legal disclaimer attached to out going messages.

Logging, alarms and audit trail.

Support mechanisms are vital in order to provide visibility of policy enforcement and of any actual attack. Log files are generated for audit, virus scanning and for inter-MTA communication.

System management are alerted to attacks. Vital early warning of rogue activity can be supplied.

An audit trail of both system and user activity is provided by comprehensive accounting and archiving facilities. These can be used to keep track, to any required level of detail, of who is using your system and for what purposes.

System Requirements

X.400 Filter requires a platform comprising as a minimum:

• Windows NT 4.0 (SP 3 or later) or Windows 2000, Pentium 800MHz, 256Mb RAM, 2Gb free disc space.

Please contact Clearswift for availability and specification of UNIX platform support.