Course Overview
The first two days provide a thorough foundation for how to successfully install, configure, and administer IronPort email security appliances. The final day training course provides advanced information for successful configuration and operation of an IronPort email security appliance.
Extensive lab exercises provide attendees with skills for installing, configuring and administering IronPort email security appliances. At the end of the course, attendees will possess a working knowledge of how to use IronPort email security appliances to successfully manage and troubleshoot email traffic entering and leaving the enterprise network.
Audience
- Enterprise messaging managers and system administrators
- Email system designers and architects
- Network managers responsible for messaging implementation
Skills Gained
After completing this course, attendees will have received in-depth instruction on the most commonly used product features, with an emphasis on:
- How to deploy IronPort email security appliances in a typical enterprise email environment, including "best practices" for configuration, operation, and system administration.
- How to manage, monitor, and troubleshoot the flow of email through IronPort email security appliances.
- How to configure access control policies to eliminate threats at the perimeter, based on the identity and trustworthiness of the sender.
- How to create content filters to implement and enforce corporate email policies.
- How to configure IronPort email security appliances to detect and handle unwanted spam and viruses.
- Integrating with a directory server via LDAP
- Debugging of LDAP integration issues
- Using message filters to redirect and modify messages
- Safe deployment and debugging of message filters
- Domain Key Identified Mail
- Sender Profile Framework verification
Prerequisites
It is assumed that attendees possess the following background knowledge and skills:
- A moderate knowledge of TCP/IP fundamentals, including IP addressing and sub-netting, static IP routing and DNS.
- Experience with Internet-based messaging, including SMTP, Internet message formats, and MIME message format.
- Familiarity with command line interface (CLI) and graphical user interface (GUI).
- Previous experience with email security would be helpful.
Course Outline
Day One Agenda
IronPort Overview
- Product Overview
- Technology Overview
Installation & Configuration
- Installation Planning
- System Setup & Configuration
Defining Sender & Recipient Groups
- Configuring Listeners
- Mail Flow Policies
- Host Access Table
- Recipient Access Table
- SMTP Routes
Anti-Spam
- Recognize IronPorts Approach to Stop SPAM
- Configure and Use Sender Base Reputation Scores
- Configure and Use the Content Adaptive Scanning Engine
Anti-Virus & Virus Outbreak Filters
- Enable one or both Anti-Virus Engines
- Use one or both AV Engines in Mail Policies
- Use Virus Outbreak Filters for Zero Hour protection
Policy Enforcement
- Create User-Based Mail Policies
- Identify Message Splintering
- Describe Centralized Tracking & Reporting
- Implement Message Tracking
Day Two Agenda
Quarantines & Delivery Methods
- Create and manage quarantines
- Assign Administrative Users to Quarantines
- Assign Bounce Profiles
- Create Virtual Gateways
Content Filters
- Describe content scanning
- Configure embedded object detection
- Detect password-protected / non-protected attachments
- Use Smart Identifiers
Email Encryption
- Configure an Encryption Profile
- Provision with the Cisco Registered Envelope Service
- Provision with a Local Key Server
- Associate a content filtering rule with an "Encrypt" action
Troubleshooting
- Identify Issues
- Diagnose and Isolate Problems
- Troubleshooting tools and best practices
- Log file contents and log administration
System Administration
- Support tools
- System backup and recovery
- Software upgrades
Day Three Agenda
LDAP
This module focuses directly on common LDAP configurations and issues. A brief overview of the Lightweight Directory Access Protocol is provided to give those new to LDAP some familiarity, but the bulk of the module assumes a basic understanding of LDAP terms and concepts. Active Directory is emphasized in a number of case studies to highlight the various installation choices. These include addressing the use of the ESA against multiple directories in a heterogeneous enterprise.
Message Filters (Advanced Policy)
This module focuses on advanced filter options with specific emphasis on creating, troubleshooting, simplification/streamlining and regular expressions. Helpful tips and tricks for both Message and Content filters are covered. Extensive hands-on exercises are designed to give the students practice working with the Command Line Interface (CLI), as well as practical experience troubleshooting and examining logs.
Email Authentication
This module covers methods of authenticating email on the IronPort Appliance. A brief introduction of DKIM is provided and how it fits into the security aspects of mail, both for DKIM signing and Verification. Helpful examples are provided that shows how to install a DKIM certificate on an IronPort and create a signing profile. Then we introduce Sender Profile Framework and the various fields: HELO, FROM and PRA that are checked according to RFC 4407. Also, the meanings of the stamped SPF results are reviewed and we discuss the creation of filters to react to these results. These filters are designed to enforce SPF policies.
