Configuring an Attachment Protection Policy

Document created by user.oxriBaJeN4 Employee on Sep 12, 2015Last modified by user.oxriBaJeN4 Employee on May 25, 2017
Version 8Show Document
  • View in full screen mode

This guide describes how a Targeted Treat Protection - Attachment Protect policy can be configured to capture messages with potentially unsafe attachments.

 

Applies To...

 

  •  Administrators responsible to configuring policies to protect their organizations against targeted treats.

 

Best Practice

 

The best practice settings below are based on commonly used configurations, that can provide an optimal solution to protect you against targeted attacks via attachments. It is important to understand that one setting may not meet all your specific requirements. We recommend you review your environment, tweaking these options where necessary.

Walkthrough

 

Targeted Threat Protection - Attachment Protect strips attachments that could potentially contain malicious code (e.g. PDF, Microsoft Office files) from inbound messages. Instead they are replaced them with a clean, transcribed version. Employees have instant access to these clean attachments to maintain productivity. If they require read / write access, a link in the message can be used to request the original file via the sandbox. This safe file approach eliminates the latency inherent in traditional sandbox solutions, confining wait time to only those minority of instances where an editable document is required.

 

Each policy requires an Configuring an Attachment Protection Definition to be configured prior to configuring a policy. This sets the conditions under which an email attachment is considered safe, or whether action should be taken if considered unsafe. The definition is applied as part of the policy (see below).

 

To configure a policy:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item. A menu drop down is displayed.
  3. Click on the Gateway | Policies menu item.
  4. Click on the Attachment Protection policies. A list of existing policies is displayed.
  5. Either click on the:
    • New Policy button to create a policy.
    • Policy to be amended.
  6. Complete the Options section as follows:

    Filed / OptionDescriptionBest Practice Setting
    Policy NarrativeEnter a description for the policy. This is kept with the message in the archive.Specify a value that easily identifies the policy.
    Select OptionSpecify an Attachment Protection definition from the drop down list.-
  7. Complete the Emails To section as follows:

    Filed / OptionDescriptionBest Practice Setting
    Addresses Based OnSpecify the email address characteristics the policy is based on.-
    Applies FromSpecify the sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific.Everyone
    SpecificallyEnables you to specify an SMTP address, if "Individual Email Addresses" is specified in the "Applies From" field.-
  8. Complete the Emails To section as follows:

    Filed / OptionDescriptionBest Practice Setting
    Applies To

    Specify the recipient characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific.

    Apply the policy to a group of users initially via the "Address Groups" option. Once you are sure the configuration works as expected in your environment, change to the "Internal Addresses" option.

    Internal Addresses

    SpecificallyEnables you to specify an SMTP address, if "Individual Email Addresses" is specified in the "Applies To" field.-
  9. Complete the Validity section as follows:

    Filed / OptionDescriptionBest Practice Setting
    Enable / DisableUse this option to enable (default) or disable a policy. Disabling the policy allows you to prevent it from being applied without having to delete or back-date the policy. Should the configured date range of a policy be reached the policy will become disabled automatically.-
    Set Policy as PerpetualSpecifies that the policy's start and end dates are set to Eternal. The result is the Policy never expires.-
    Date RangeYou can turn off the "Set Policy as Perpetual" option, and specify a start and end date for the Policy. Deselect the Eternal option and select the required dates.-
    Policy OverrideSelect this option to override the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type have also been configured with an override.-
    Bi-DirectionalUse this setting if you want the policy to also apply when the Policy's recipient is the sender and the sender is the recipient.-
    Source IP Ranges (n.n.n.n/x)Enter any required source IP ranges for the policy. These only apply if the source IP address used to transmit the email data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.-
  10. Click on the Save and Exit button.

 

See Also...

 

Attachments

    Outcomes