Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Discovery Email Inspector (DDEI) Hardening Guide

    • Updated:
    • 20 Dec 2019
    • Product/Version:
    • Deep Discovery Email Inspector
    • Platform:
Summary

This article gives a high-level overview of the security hardening and features implemented in DDEI appliance.

Details
Public

DDEI uses customized Linux kernel and remove unnecessary tools/software/command to secure the environment.

According to Trend Micro security policy, when DDEI receives a CVE or ZDI vulnerability report, DDEI will do CVSS evaluation. If the vulnerability has impacted DDEI, DDEI will release a critical patch or resolve it in next major release.

DDEI grants access to the management console by user accounts. The built-in administrator account can create both local account and account from AD if integrated with AD. To access the management console, each user account requires a logon password.

The management console accepts passwords that contain the following:

  • 8 to 32 characters
  • At least one upper case letter: A to Z
  • At least one lower case letteR: a to z
  • At least one number: 0 to 9
  • At least one special character: ~!`@#$%^&*()/_+=[] {}-\|<>',.?:;"

Observe the following guidelines for creating a strong password:

  • Avoid words found in the dictionary.
  • Intentionally misspell words.
  • Use phrases or combine words.
  • Use both uppercase and lowercase letters.
  • Account Role

Trend Micro recommends each customer to change the default administrator’s password.

DDEI has three kinds of account roles: Administrator, Investigator and Operator.

The Administrator has complete access to the features and settings contained in the menu items.

  • Dashboard
  • Detections
  • Policies
  • Alerts / Reports
  • Logs
  • Administration
  • Help

The Investigator can view certain features and settings contained in the menu items, but cannot make any administrative modifications.

  • Dashboard
  • Detections
  • Alerts / Reports > Reports > Generated Reports
  • Alerts / Reports > Alerts > Triggered Alerts
  • Logs
  • Help

The Operator can view certain features and settings contained in the menu items, but cannot make any administrative modifications.

  • Dashboard
  • Detections (no access to message body)
  • Alerts / Reports > Reports > Generated Reports
  • Alerts / Reports > Alerts > Triggered Alerts
  • Logs
  • Help

DDEI accesses several Trend Micro services to obtain information about emerging threats and to manage your existing Trend Micro products. For more information, refer to Appendices of the DDEI Administration Guide (Appendix D > Connections and Ports).

 

DDEI can export a backup file of most configuration settings to an encrypted file. If needed, import this file to restore settings.

DDEI can be reset by restoring it to factory default settings.

The following settings can be backed up and restore from the backup file:

  • Screen
  • Tab
  • Dashboard

    • Settings for all widgets only
  • Policies > Policy Management

    • Policy List
    • Content Filtering Rules
    • DLP Rules
    • Antispam Rules
    • Threat Protection Rules
  • Policies > Policy Objects

    • Notifications
    • Message Tags
    • Redirect Pages
    • Archive Servers
    • Data Identifiers
    • DLP Templates
  • Policies > Exceptions

    • Messages
    • Objects (local object exceptions only)
    • URL Keywords
    • Graymail Exceptions
  • Alerts / Reports > Alerts

    • Rules
  • Alerts / Reports > Reports

    • Schedules
  • Administration > Component Updates

    • Schedule
    • Source
  • Administration > System Settings

    • Operation Mode
    • Proxy
    • SMTP
    • Time (date and time format and NTP server settings only)
    • SNMP
  • Administration > Mail Settings

    • Connections
    • Message Delivery
    • Limits and Exceptions
    • SMTP Greeting
    • Edge MTA Relay Servers
  • Administration > Integrated Products/Services

    • Syslog
    • Microsoft Active Directory
    • SFTP
  • Administration > Scanning / Analysis

    • Settings (Submission Filters and Timeout
    • Setting sections only)
    • File Passwords
    • Smart Protection
    • Smart Feedback
    • YARA Rules
    • Time-of-Click Protection
    • Business Email Compromise Protection
    • URL Scanning
  • Administration > Sender Filtering/Authentication

    • Approved Senders
    • Blocked Senders
    • DHA Protection
    • Email Reputation
    • Bounce Attack Protection
    • SMTP Traffic Throttling
    • SPF
    • DKIM Authentication
    • DKIM Signatures
    • DMARC
  • Administration > End-User Quarantine

    • User Quarantine Access
    • EUQ Digest
  • Administration > System Maintenance

    • Storage Maintenance
  • Administration > Accounts / Contacts

    • Accounts
    • Contacts
  • DDEI 7100/7200/9100/9200: Raid 1 configuration
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000158484
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.