You are on page 1of 4

www.espionintl.

com

[mx]lock
white paper
introduction
Over the past couple of years, a vast majority of health care
providers and financial institutions have moved from using
conventional (snail) mail to e-mail as the preferred medium
to transfer information. Using e-mail allows entities within the
health care system to exchange medical, billing, personal
patient data and other information, and to process transactions
in a manner that is quick and cost efficient. This has created
a major reduction in time required to process documents,
when compared to paper. At the same time this also reduces
the chances for data to get lost. The one major flaw with e-
mail is security. Anyone interested in reading a confidential
e-mail sent by someone can do so. This introduces the need
for a secure medium to be used to send e-mail. In summary,
though email has improved and enhanced the communication
process, it has created privacy concerns. The Health Information
Patient Privacy Act (HIPPA) places severe financial penalties
for violations. Therefore, the encryption of Private Health
Information (PHI) is a critical process.
[mx]lock
common encryption methods
There are mainly two types of solutions, which attempt to solve this problem.
• Server to server side encryption, like TLS.
• Client to client side encryption, like PGP or S/MIME.

There are disadvantages of using the above mentioned methods:


• A server to server method requires both sides to have TLS capable servers.
• The client to client side encryption, like PGP or S/MIME, has a steep
learning curve as well as specialized client software to install.

The Espion [MX]Lock approach aims to completely


get rid of extra software installation on the client
side, as well as minimizing the learning curve.
foundation
The foundation for the [MX]Lock system is the Espion Interceptor AI based spam filtering appliance, which already achieves
over 99% spam accuracy in independent tests. The Interceptor was originally designed as a secure email gateway. The
enhancements offered by adding AI allow the product to expand to include anti-spam and encryption. The completely
flexible and modular design of the Espion Interceptor system, makes it possible to design and implement add-ons in a
very simple fashion. The Espion Interceptor’s extensive content policy engine provides an excellent base for the [MX]Lock
system. The main security features of the Interceptor include:

Hardened OS, based on FreeBSD


Full stateful packet filter operation, including statefulness support for the ICMP and UDP protocols (allows for a wider range
of network cloaking options)
Denial of Service protection - custom code within the OS slows down the packet response rate to suspected hosts, therefore,
preventing the attack from causing link saturation
Proactive bug/security hole patches - Espion constantly monitors the hacking underworld as well as official network security
sources. Therefore, Espion is able to quickly counteract new attacks by promptly deploying system hot fixes
Analyzes and directs all HTTP and HTTPS proxy connections to stop attacks, like denial of service or buffer overflow attacks.
Over 1,200+ signatures already in place to identify and destroy known attacks.
Detect and block threats such as buffer overflow and malformed HTTP requests, in real-time.

In addition to the above layers of security, the system also includes an IPS (Intrusion Prevention System) which
protects against known vulnerabilities like:
Directory Traversal Buffer Overflow HTML Header Tampering
SQL Injection Form Mismatches Script Tampering
Cross-site Scripting URL Tampering Unauthorized GETS and POSTS
HTML DoC attacks Credential Tampering
Cookie Modifications User session modification

www.espionintl.com
Figure 1. Deployment

Internet

system deployment
The [MX]Lock system (bundled as a module on the Espion
Interceptor) provides a comprehensive solution. Figure 1
shows the typical deployment architecture of the Interceptor.
Espion Interceptor
The Espion Interceptor replaces what would normally be
multiple appliances between the Internet and the Mail
Server. The advantages of using a single appliance include:
Mail Server
Significantly lower TCO
Single point of management
Simplified maintenance Workstations

[mx]lock system description


Figure 2. [MX]Lock MX Module operation

Email In
from Server

secure intelligent
policy content
engine scanning Plain Text
Email Out
to Internet

[mx]lock Generated Secure Link

module Secure
Server-Server
Secure Storage SSL Tunnel

Figure 2 describes the basic system operation of the [MX]Lock module. The setup of this system is very simple.
The only required setting is to route e-mail from the Mail Server to the Interceptor. An e-mail composed at the end
user’s workstation (the system is 100% e-mail client independent) flows through the mail server and onto the
Interceptor. At this point the Interceptor’s Content Analysis engine inspects the e-mail content. If the content
matches any given rule, or the content is analyzed to be confidential, it is then sent to the [MX]Lock module.
dual key encryption
The [MX]Lock system uses a unique dual key system. The [MX] Lock encryption module
encrypts the message to be stored on disk with two unique keys. One of the keys is stored
on the Interceptor and the other key is sent to the recipient. The system then generates a
unique link with another key, which is sent with the original key that was used to encrypt
the data on disk. The overall key length of this whole process is greater than 1024 bits. This
dualkey system is analogous to a bank vault, where one would use a key from the bank,
and his own key to open the vault. This insures that either party cannot decrypt any message
independently. This is just one of the many layers of protection the overall system offers.

Once the link is sent out, the intended recipient can click on the link to view the message.
This message is viewed through a common web browser supporting HTTPS (SSL AES
128bit/High-Grade 256 bit). This web browser system is completely protected by the IPS
system as well as a custom intrusion detection system which throttles and/or bans hackers.

identity management
Identity Management, as the name suggests, is a login based authentication system built
on top of the [MX]Lock system. This provides one more layer of protection from unauthorized
users. When this module is switched on (comes on by default), a first time user accessing
the e-mail is asked for a passphrase. This passphrase is then used every time a user
wants to view any e-mail. In addition to the passphrase, a set of questions (out of a list
of questions) are asked and the answers to that are used whenever the user forgets the
password and/or wants to reset his password.

about espion international, inc.


Espion International, Inc., a Costa Mesa, CA-based company with Research and Development
located in Baton Rouge, Louisiana, is a leader in the development and deployment of
Artificial Intelligence (A.I.) based solutions for email gateway and network security. The A.I.
"brain" boosts the performance of the Espion product range, which offers appliances that
are easy to install for organizations from five to five million users, providing email gateway
security, anti-spam and secure, encrypted email.

Copyright © 2006 Espion International, All rights reserved.


Specifications subject to change without notice
Espion International
11211 Industriplex Blvd, Suite 800
Baton Rouge, Louisiana 70809 U S A

for more information, visit www.espionintl.com