Proofpoint Protection / Privacy Accredited Engineer Training Accredited Engineer
Introductions • About the Instructor(s) • About you: • Your name and title. • Your background. • How do you use Proofpoint now? • What do you hope to gain from the course?
Logistics and Courtesies Refreshments, lunch, and breaks. Facilities and safety. Wi-Fi access, SSID and password. If you have to take a phone call, please take it outside of the training room. Ask questions when you have them. Give constructive feedback to make this course better.
Course Agenda / Topics Day One: • Email Overview • Architecture Overview • Installation and Deployment • Management User Interface • Filtering • General Rule Creation • User Repository • Protection Suite: • SPAM Module • Virus Module • Targeted Attack Protection Day Two: • Protection Suite (cont.) • Email Firewall • SMTP Rate Control • Recipient Verification • Privacy Suite: • Regulatory Compliance • Digital Assets • Encryption • End User Experience • Reports
Sending an Email Ehlo proofpoint.com mail from: <email@example.com> rcpt to: <firstname.lastname@example.org> data From: Joe User <email@example.com> To: Tom Recipient <firstname.lastname@example.org> Subject: Simple message This is the body of the email . Envelope Body Simple SMTP Session:
SMTP Protocol • Envelope: • HELO/EHLO • MAIL FROM • RCPT TO • DATA • Body: • Headers • Body • MIME
Proofpoint Protection Sever Internet Mail (SMTP) DMZ Email Gateway – MTA Virus Protection SPAM Email Users Exchange Server
Proofpoint Protection Server • Enterprise Appliance Performance: • 10,000+ simultaneous connections. • 90,000+ messages per hour. • MTA Functionality: • SMTP over IPV6. • Relaying, address rewriting. • Routing messages using envelope attributes and users/groups. • Sender authentication, recipient verification. • Easy-to-use: • Point-and-click. • Queue management.
Appliance Hardware • Dell PowerEdge R620XL: • Proofpoint P86016/300/2x2.0GHz(6c) – Master Appliance • Proofpoint P860M 32/900/2x2.0GHz(6c) – Large Quarantine • Proofpoint P660 8/300/1x1.8GHz(4c) – Enterprise Agents • Dell PowerEdge R210 II: • Proofpoint P360 8/250/1x3.1GHz(2c) – Smaller Deployments
Deployment: Master / Agents • Master: • Central management configuration. • Pushes out configuration to agents on port 10000 via SOAP. • Sends start/stop/deploy etc. commands to agents. • Collects logs from agents. • Responsible for end-user digest, quarantine, admin server. • Agents: • Agents process mail traffic. • Send quarantined mail to master. • Secure Reader server for Proofpoint Encryption.
Single Appliance Deployment Private Network Standalone Master/Agent Admin
Proofpoint Update Servers PPS Agents SSL port 10000 (SOAP) SSL port 10010 DBI port 3306 PPS Master HTTPS HTTPS port 10000 port 443 Admin Console Email Clients The Standard Cluster HTTPS port 443 DMZ Private Network
Multiple Datacenters Data Center 1Houston Data Center 2 New Jersey DMZ Agents Agents Private Network Master Admin
Multiple Clusters Inbound Cluster Outbound Cluster Agents Agents Private Network Master Master Exchange Server Domino Server
Proofpoint on Demand (PoD) Firewall
Hybrid Deployment POD Customer Network Internal Internal Master Agent Admin
Virtual Machine Deployment • Tested and accredited on VMware VSphere: • ESX and ESXi 4.0 • ESX and ESXi 4.1 • ESXi 5.0 • ESXi 5.1 • ESXi 5.1 Update 1 • VM tips: • Proofpoint Protection Server is available for installation as either .ISO or .OVF. • Proofpoint VMs will use all of their resource allocation. • Call Support to adjust RAM or number of CPUs after install. • Disk speed is crucial to performance. • NAS or RAID5 can cripple appliance performance.
Physical Appliance Deployment • Appliance OS is tightly coupled with Proofpoint software. • Allows for Smart Search and sendmail™ integration to Management Interface. • Appliance system configuration menu:
Software Based Deployment • Customer runs Proofpoint software in-house on their own servers. • Installed from a simple installation script. • Manual configuration of sendmail is required. • Some functionality is lost without OS integration: • Smart Search • Management Interface: • Network Interface settings. • System Firewall settings.
Optional Dedicated Nodes • Master: • Quarantine node - move quarantine functions to second node. • Smart Search - hosts the search database and executes searches. • Log node - stores log files. • Agents: • Proofpoint Encryption Reader: • Provides web interface for viewing encrypted messages. • May be used simultaneously as mail filters.
Installation Overview Appliance Installation Operating System Software Activation
Setting Up a Cluster • Required Ports: • 3306 (Database) • 10000 (Config) • 10010 (Logs) • System Names: • The master hostname must resolve on every agent. • All agent names must resolve from the master. • Names may be defined in DNS or host file entries.
Operating System • Proofpoint Linux (Plinx): • Based on CentOS / Red Hat Enterprise kernel. • Hardened distribution: • Unused services removed / deactivated. • No Yum or Up2date. • IPTables: • Software firewall. • Unused ports are blocked. • Other information: • 64-bit based. • Software tuned to hardware on install.
Proofpoint Specific Software(1 of 2) • Filter (filterd): • The “heart” of Proofpoint Protection Server. • Spam Engine: • Generates spam classifier scores. • Virus Engine: • F-Secure (or McAfee) • Encryption: • Integrated message encryption.
Proofpoint Specific Software(2 of 2) • Smart Search: • Message search and information tool. • Conversion Engine: • Message deconstruction for filtering. • Sendmail: • MTA (Message Transfer Agent)
Third Party Software Used • MariaDB (MySQL): • Database • Apache / Tomcat: • Web services
Building / Re-imaging • ISO installation images: • Available from Support. • Console wizard available for network setup. • Default username: admin • Default password: password • Activation ID must match installed version and not be currently in use.
Activating • Your Activation Key provides access to: • Spam updates • Virus updates • Dictionary updates • Product patches • Product upgrades • Allowed modules • Expiration dates
Getting Started • Logging in to the Management UI: • Port 10000 with SSL enabled: https://<hostname>:10000 • Minimum supported browser versions: • Firefox 23 on Windows and Linux. • Internet Explorer 7 on Windows. • (IE 11 not yet supported.) • Chrome 29 on Windows and Linux. • Safari 5.1 on Windows and Mac.
Default Administrator(On-Premise configurations only) • Default Administrator account: • Login ID: admin • “Super-user” account and it should be carefully controlled. • Cannot be deleted. • Should change the account password on a regular basis. • Has unrestricted administrative privileges for the Proofpoint Protection Server or appliance, including all modules and configuration. • Controls the administrative privileges for all other administrator accounts. • Has console access.
Admin Password • User is prompted during the software installation to create a password for the adminaccount. • Password requirements: • Minimum length of seven characters • Must contain a mixture of letters and numbers. • At least one special character.
Navigating the Management UI ˬ • Modules listed on the left. • Menus collapse “ ” to hide less-used menus. • Menus and sub-menus under each Module. • NOTE: Save all changes before changing the page or the changes will be lost.
Accredited EngineerExercise #1 • Objective: Classroom Lab Server Home page. • Procedure: • Open a browser and navigate to: lab.training.proofpoint.com • Note the tools available on the right. • Click on the server that your instructor assigned to you. • Note the information and links for your lab environment. • You should keep this page open during the duration of your lab exercises for quick reference.