Cisco CCIE Security 350-701 – Email Security _ ESA

1. Email Based Threats

The next thing we’ll try to understand some of the email security threats. Like the most common is like email spams where you get some emails from the attacker like some kind of advertisements or maybe offering some prices or something like that where you or maybe some kind of tools on travel relating to that. You just end up clicking on the link, you just want to see what exactly these deals are rating to. So once you click on the link it may either redirect to another website or maybe it can install some kind of malicious traffic in the back end and where that particular system security might get compromised.

Now, other options like there are some malware attachments which contain some malicious codes. So once you either open up or download these files, your security on that particular system may get compromised because it contains some malicious traffic and it gets downloaded and it gets installed or even spread on the network. Some other options like now once you download this kind of malicious traffic it can also lead to some data leaking which can either leak your information like user sense to information or maybe it can automatically delete some kind of files or make some changes to system files and so on. So other kind of threat is like phishing.

Phishing is like fooling the end users as an email coming from a valid website. Like maybe it is coming from banking banks or maybe a social media or maybe some kind of online payment related things or even sometimes you get from the It from It companies as if they are It companies and offer them some kind of jobs and other things. Now, probably once you once you go through with these links or click on those particular links, it may install some kind of malicious malicious traffic where the attacker goal is to steal the sensitive information.

2. Cisco Email Security Appliance – ESA

In order to provide some email security, cisco offer multiple solutions. Like the first one, if on premises, on premises email security. Or it can be in cloud email security by using cloud email security. Or it can be ESA. Now, the main advantage of this ESA is, let’s say ESA is more like a dedicated device or the platform. And it will be the gateway for all your incoming emails as well as the outgoing emails. So let’s say there is some kind of incoming email to your company network and all that all goes through the ESA. And the ESA is going to filter the emails. Like if it is in the category of known good, it’s going to deliver to the destination.

And if it figure out any kind of spams, or if it is a malicious traffic, it will be automatically filtered. And also if it is a bad email, it will be automatically deleted. Now, all the email traffic has to go via ESA. So ESA has to be the SMTP gateway for all your incoming and outgoing emails. So that’s what in order to maximize the security, it has to be the MX of your domain, nothing but the first gateway to receive all the email traffic on both of this. Now, the second solution is like we have cloud email security, CES.

Now, CES allows the companies to outsource the email security management. Like all the companies, what they can do is let’s say you got a customer, one, two, three. So they will be outsourcing all the email security to a Cisco global cloud infrastructure and all the email traffic which is coming and going will be filtered through this centralized database.

So where the end users, they don’t need to install a specific security appliance. So they are just like outsourcing, outsourcing to this cloud. So the main advantage of this is you don’t need to maintain your own security device for emails. And probably it also supports for most of the end users or the remote workers, probably they work from the internet, maybe from the home.

For them it will apply as a scalable solution for them. Or you can also go with a hybrid email security which combines both of these features in both of the ESA as well as CES, we can configure our own policies. Now, the email traffic will be filtered based on the security policies configured by the administrator. And the second thing is it will also check whether that particular email is carrying any kind of malicious traffic or not. So if it is not carrying, then it will automatically allow.

• Category: Uncategorized