• Contacts
  • Contact Details
  • Contact Us
  • Home
• Encryption Solutions
  • Enterprise Encryption
  • Laptop Encryption
  • PC Encryption
  • PDA/SmartPhone Encryption
  • Email Encryption
  • Portable Media Encryption
  • Services
• Solutions for email
  • Email Archiving
  • Webroot E-mail Filtering Service
  • E-mail Firewalls Anti-SPAM
  • Anti-Virus
• Enterprise Mobile Solutions
  • Application Development
  • Mobile Device Management
  • Mobile Device Security
• Security Solutions
  • Remote Access SSL VPN
  • Password & Identity Management
  • Internet Firewall
  • Secure DNS Server
  • Document Collaboration
  • Web Content Management
  • E-commerce
  • Alumni Membership
  • Network File Encryption
  • USB Memory Drives
  • Smart Cards & Single Signon
  • Aladdin eToken
  • URL Web Filter
  • Fault Tolerant IP
  • SSL Acceleration
  • Tape Backup
  • Network Storage
  • Wireless Networking
  • Domain Names
• Resources
  • Library
  • Product Data Sheets
  • Customer Projects
  • Articles & Links
  • Credit Card Systems
  • Nominet T&C's
  • Accessibility
• Site
  • Home
  • News
  • Events
  • Contact Details
  • Contact Us

MXtreme : Microsoft Exchange & Outlook Web Access security vulnerabilities

BorderWare MXtreme Customers unaffected by Microsoft Exchange and Outlook Web Access security vulnerabilities

DALLAS, TX and TORONTO, ON – October 24, 2003 – BorderWare Technologies Inc., The Security Appliances Company, today announced that customers of its MXtreme Mail Firewall Appliance are unaffected by the recently disclosed vulnerabilities in Microsoft Exchange Server and Outlook Web Access (OWA).

Cited in Microsoft security bulletins MS03-046 and MS03-047 and CERT® Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft Windows and Exchange.The "Vulnerability in Exchange Server could allow arbitrary code execution" problem identifies how an attacker can cause a buffer overrun that could permit them to essentially hijack an organization's email servers and run malicious programs in the security context of the SMTP service.

The "Vulnerability in Exchange Server 5.5 Outlook Web Access aould allow Cross-Site Scripting Attack" problem arises from a cross-site scripting (XSS) vulnerability in the way OWA performs HTML encoding in the Compose New Message form. An attacker exploiting the vulnerability can gain access to any user-accessible data belonging to the site.

In addition to these two exploits, Microsoft has issued several bulletins specific to weaknesses in Microsoft Exchange's security, none of which affect MXtreme customers.

MXtreme provides comprehensive protection to email systems from any number of threats including spam, viruses or other attacks, and enables companies to safely deploy Outlook Web Access for remote mail by providing a secure proxy to Microsoft Exchange. MXtreme deploys in front of a company's email infrastructure and handles all email traffic including remote sessions. It ensures that Exchange servers cannot be directly accessed, and that remote users are secured by an encrypted session.

MXtreme can also be used to enforce security policies for remote users such as strong authentication with tokens like RSA SecurID.

With as many as 78 million business users in the U.S. requiring remote access to corporate email, security ranks high on the minds of IT professionals. A survey conducted by Osterman Research, Inc. finds that 35.6% of IT decision-makers and end-users of information technology consider secure remote access for email as a "problem" or a "very serious problem" to contend with.

Such is the case for Eric Swanlund, Director of Engineering and IT Services, at managed IT and professional services company ThinOffice Inc., who has safely deployed Outlook Web Access using MXtreme for many customers. According to Swanlund, "Not having to worry about updating each and every operating system and Exchange server has given us peace-of-mind, reducing our security concerns for remote email access, while increasing the quality of service to our customers. With MXtreme, email is always up and running."

MXtreme

Spam Protection

MXtreme implements a three-tier SPAM barrier: configurable filters based on source systems, use of RBL lists to reject known SPAM, smart pattern matching to reject based on suspicious message envelope characteristics. MXtreme substantially reduces SPAM, while providing local control to ensure real mail is allowed. See the SPAM Whitepaper for more information.

Hardware Options

MX-200

The MX-200 is a set-top or mini-1U format system, comes with a single disk drive and two fast ethernet interfaces, and will comfortably support the requirements of small/medium sized organizations. With built-in POP3 server and full support for user mailboxes, the MX-200 can also provide a cost-effective alternative to MS Exchange, Lotus Notes etc.

MX-400

The MX-400 is a full 1U rackmount system. It provides increased performance and throughput over the MX-200, plus:

• RAID 1 support (two mirrored disks) for redundancy


• 2 x Fast Ethernet interfaces for extra flexibility in deployment


• 1 x Gigabit Ethernet interface for high performance networks

MX-800

The MX-800 is a full 2U system designed for high traffic installations. With a 2 GHz processor and 1GB of RAM, it can support thousands of users and millions of messages a day. A higher degree of fault-tolerance is provided by:

• RAID 0 +1 (based on two pairs of mirrored disks)
• Hot-swappable power supply
• 2 x Fast Ethernet interfaces and 2 x Gigabit interfaces