Securing Email with Cisco Email Security Appliance

Dieses Seminar zeigt Ihnen, wie Sie die Cisco Email Security Appliance einsetzen und verwenden, um Ihre E-Mail-Systeme vor Phishing, E-Mail-Kompromittierung im Unternehmen und Ransomware zu schützen und die Verwaltung von E-Mail-Sicherheitsrichtlinien zu optimieren. Dieser praxisorientierte Kurs vermittelt Ihnen die Kenntnisse und Fähigkeiten zur Implementierung, Fehlerbehebung und Verwaltung der Cisco Email Security Appliance, einschließlich wichtiger Funktionen wie erweiterter Malware-Schutz, Spam-Blockierung, Virenschutz, Filterung von Ausbrüchen, Verschlüsselung, Quarantänen und Verhinderung von Datenverlusten.


Nach Abschluss des Seminars haben die Teilnehmer*innen Kenntnisse zu folgenden Themen:

• Verwalten der Cisco Email Security Appliance (ESA)
• Absender- und Empfängerdomänen kontrollieren
• Spam-Kontrolle mit Talos SenderBase und Anti-Spam
• Antiviren- und Ausbruchsfilter verwenden
• Mail-Richtlinien verwenden
• Inhaltsfilter verwenden
• Verwendung von Nachrichtenfiltern zur Durchsetzung von E-Mail-Richtlinien
• Datenverlust verhindern
• Ausführen von LDAP-Abfragen
• Authentifizierung von SMTP-Sitzungen (Simple Mail Transfer Protocol)
• E-Mail authentifizieren
• E-Mail verschlüsseln
• Verwendung von Systemquarantänen und Bereitstellungsmethoden
• Zentralisierte Verwaltung mit Clustern durchführen
• Test und Fehlerbehebung

Describing the Cisco Email Security Appliance

• Cisco Email Security Appliance Overview
• Technology Use Case
• Cisco Email Security Appliance Data Sheet
• SMTP Overview
• Email Pipeline Overview
• Installation Scenarios
• Initial Cisco Email Security Appliance Configuration
• Centralizing Services on a Cisco Content Security Management Appliance (SMA)
• Release Notes for AsyncOS 11.x

Administering the Cisco Email Security Appliance

• Distributing Administrative Tasks
• System Administration
• Managing and Monitoring Using the Command Line Interface (CLI)
• Other Tasks in the GUI
• Advanced Network Configuration
• Using Email Security Monitor
• Tracking Messages
• Logging

Controlling Sender and Recipient Domains

• Public and Private Listeners
• Configuring the Gateway to Receive Email
• Host Access Table Overview
• Recipient Access Table Overview
• Configuring Routing and Delivery Features

Controlling Spam with Talos SenderBase and Anti-Spam

• SenderBase Overview
• Anti-Spam
• Managing Graymail
• Protecting Against Malicious or Undesirable URLs
• File Reputation Filtering and File Analysis
• Bounce Verification

Using Anti-Virus and Outbreak Filters

• Anti-Virus Scanning Overview
• Sophos Anti-Virus Filtering
• McAfee Anti-Virus Filtering
• Configuring the Appliance to Scan for Viruses
• Outbreak Filters
• How the Outbreak Filters Feature Works
• Managing Outbreak Filters

Using Mail Policies

• Email Security Manager Overview
• Mail Policies Overview
• Handling Incoming and Outgoing Messages Differently
• Matching Users to a Mail Policy
• Message Splintering
• Configuring Mail Policies

Using Content Filters

• Content Filters Overview
• Content Filter Conditions
• Content Filter Actions
• Filter Messages Based on Content
• Text Resources Overview
• Using and Testing the Content Dictionaries Filter Rules
• Understanding Text Resources
• Text Resource Management
• Using Text Resources

Using Message Filters to Enforce Email Policies

• Message Filters Overview
• Components of a Message Filter
• Message Filter Processing
• Message Filter Rules
• Message Filter Actions
• Attachment Scanning
• Examples of Attachment Scanning Message Filters
• Using the CLI to Manage Message Filters
• Message Filter Examples
• Configuring Scan Behavior

Preventing Data Loss

• Overview of the Data Loss Prevention (DLP) Scanning Process
• Setting Up Data Loss Prevention
• Policies for Data Loss Prevention
• Message Actions
• Updating the DLP Engine and Content Matching Classifiers

Using LDAP

• Overview of LDAP
• Working with LDAP
• Using LDAP Queries
• Authenticating End-Users of the Spam Quarantine
• Configuring External LDAP Authentication for Users
• Testing Servers and Queries
• Using LDAP for Directory Harvest Attack Prevention
• Spam Quarantine Alias Consolidation Queries
• Validating Recipients Using an SMTP Server

SMTP Session Authentication

• Configuring AsyncOS for SMTP Authentication
• Authenticating SMTP Sessions Using Client Certificates
• Checking the Validity of a Client Certificate
• Authenticating User Using LDAP Directory
• Authenticating SMTP Connection Over Transport Layer Security (TLS) Using a Client Certificate
• Establishing a TLS Connection from the Appliance
• Updating a List of Revoked Certificates

Email Authentication

• Email Authentication Overview
• Configuring DomainKeys and DomainKeys Identified Mail (DKIM) Signing
• Verifying Incoming Messages Using DKIM
• Overview of Sender Policy Framework (SPF) and SIDF Verification
• Domain-based Message Authentication Reporting and Conformance (DMARC) Verification
• Forged Email Detection

Email Encryption

• Overview of Cisco Email Encryption
• Encrypting Messages
• Determining Which Messages to Encrypt
• Inserting Encryption Headers into Messages
• Encrypting Communication with Other Message Transfer Agents (MTAs)
• Working with Certificates
• Managing Lists of Certificate Authorities
• Enabling TLS on a Listener’s Host Access Table (HAT)
• Enabling TLS and Certificate Verification on Delivery
• Secure/Multipurpose Internet Mail Extensions (S/MIME) Security Services

Using System Quarantines and Delivery Methods

• Describing Quarantines
• Spam Quarantine
• Setting Up the Centralized Spam Quarantine
• Using Safelists and Blocklists to Control Email Delivery Based on Sender
• Configuring Spam Management Features for End Users
• Managing Messages in the Spam Quarantine
• Policy, Virus, and Outbreak Quarantines
• Managing Policy, Virus, and Outbreak Quarantines
• Working with Messages in Policy, Virus, or Outbreak Quarantines
• Delivery Methods

Centralized Management Using Clusters

• Overview of Centralized Management Using Clusters
• Cluster Organization
• Creating and Joining a Cluster
• Managing Clusters
• Cluster Communication
• Loading a Configuration in Clustered Appliances
• Best Practices

Testing and Troubleshooting

• Debugging Mail Flow Using Test Messages: Trace
• Using the Listener to Test the Appliance
• Troubleshooting the Network
• Troubleshooting the Listener
• Troubleshooting Email Delivery
• Troubleshooting Performance
• Web Interface Appearance and Rendering Issues
• Responding to Alerts
• Troubleshooting Hardware Issues
• Working with Technical Support

References

• Model Specifications for Large Enterprises
• Model Specifications for Midsize Enterprises and Small-to-Midsize Enterprises or Branch Offices
• Cisco Email Security Appliance Model Specifications for Virtual Appliances
• Packages and Licenses

 

Lab outline

• Verify and Test Cisco ESA Configuration
• Perform Basic Administration
• Advanced Malware in Attachments (Macro Detection)
• Protect Against Malicious or Undesirable URLs Beneath Shortened URLs
• Protect Against Malicious or Undesirable URLs Inside Attachments
• Intelligently Handle Unscannable Messages
• Leverage AMP Cloud Intelligence Via Pre-Classification Enhancement
• Integrate Cisco ESA with AMP Console
• Prevent Threats with Anti-Virus Protection
• Applying Content and Outbreak Filters
• Configure Attachment Scanning
• Configure Outbound Data Loss Prevention
• Integrate Cisco ESA with LDAP and Enable the LDAP Accept Query
• Domain Keys Identified Mail (DKIM)
• Sender Policy Framework (SPF)
• Forged Email Detection
• Configure the Cisco SMA for Tracking and Reporting

• Security engineers
• Security administrators
• Security architects
• Operations engineers
• Network engineers
• Network administrators
• Network or security technicians
• Network managers
• System designers
• Cisco integrators and partners

Um das Wissen des Kurses in vollem Umfang nutzen zu können, sollten Sie über eine oder mehrere der folgenden technischen Grundkompetenzen verfügen:

• Cisco-Zertifizierung (Cisco CCENT®-Zertifizierung oder höher)
• Relevante Branchenzertifizierung wie (ISC) 2, CompTIA Security +, EC-Council, Global Information Assurance-Zertifizierung (GIAC) und ISACA
• Abschlussbestätigung der Cisco Networking Academy (CCNA® 1 und CCNA 2)
• Windows-Kenntnisse: Microsoft [Microsoft-Spezialist, Microsoft Certified Solutions Associate (MCSA), Microsoft Certified Systems Engineer (MCSE)], CompTIA (A +, Network +, Server +)

 

Die Kenntnisse und Fähigkeiten, die ein Teilnehmer*innen haben muss, bevor er an diesem Kurs teilnimmt, sind:

• TCP / IP-Dienste, einschließlich DNS (Domain Name System), SSH (Secure Shell), FTP, SNMP (Simple Network Management Protocol), HTTP und HTTPS
• Erfahrung mit IP-Routing