Evaluated Product - Details

Symantec Messaging Gateway offers enterprises a gateway-based message-security solution. Symantec Messaging Gateway delivers inbound and outbound messaging security, real-time antispam and antivirus protection, advanced content filtering, and data loss prevention in a single platform. Symantec Messaging Gateway does the following to protect the customer environment:

Security audit 

The TOE generates spam reports and virus reports to provide the Administrator with insight on the filtering activity. Additionally, the TOE supports the provision of log data from each system component and supports the ability to notify an Administrator when a specific event is triggered.

User data protection

The spam detection, virus detection, monitoring, and managing capabilities of the TOE ensure that the information received by the customer network is free of potential risks.

Identification and authentication

The TOE supports identity-based identification and authentication of an Operator. Operators authenticate via a Web-based HTTPS GUI connected to the Control Center, and operators can assume a role of Administrator or Limited Administrator.

Security management

The TOE provides administrators with the capabilities to configure, monitor, and manage the TOE to fulfill the Security Objectives. Security Management principles relate to Security Audit, SMTP Information Flow Control, and Component Services. Administrators configure the TOE via web-based connection.

Trusted path/channels

The TOE requires remote users to initiate a trusted communication path using HTTPS for initial user authentication. The TOE also requires that the trusted path be used for the transmission of all Symantec Messaging Gateway administrative communication.   HTTPS ensures the administrative session communication pathway is secured from disclosure and modification.