One of the best practices in ITIL is "Track the incidents to make sure they're resolved in a timely fashion". As mentioned earlier, we're now testing an incident management process. The log used in Cyber-Lab is a very simple spreadsheet and yet it is very effective. For example, I can now easily see what incidents are still in progress and the targeted deadlines:
How to make sure the support staff record the incidents? After all it is extra work for them and it is very easy to forget to log down the "trivial" incidents. The best solution I've found so far is to tell them this log shows to the management how much work they've done (which is true).
We all know that emails can be forged easily (just set the "From" address in your mail client). That's why sometimes I receive returned mails telling me that I have sent a virus to someone. Fortunately, there are now technologies that allow the recipient to verify the origin of email. Now over 35% of emails on the Internet are already using such a technology. If you send a mail to Yahoo or Hotmail without using such a technology, the recipient will see a warning like "the origin of this mail can't be verified and it may be junk".
How to allow people to verify the origin of your emails? There are two different technologies to do that: One is called DomainKeys Identified Mail (DKIM) and the other is called Sender ID. Which one should you use? Here is a comparison:
| DKIM | Sender ID | |
| Created by | Yahoo, Cisco | Microsoft |
| How it works | Your mail server signs every outgoing email so that the recipient can verify it. For it to work, you need to publish the public key of your mail server. | You publish the IP of the mail server so that the recipient can check if the mail was sent from that IP. |
| Mails can be forwarded | Yes | No |
| Modification to the mail content can be detected | Yes | No |
| Patented (hindering open source implementations) | No | Yes |
| Used by | GMail, Yahoo | MSN, Hotmail |
| Adoption (as of now) | Less | More |
| Major implementations | Exchange (plugin developed by a 3rd party), Sendmail, Postfix, qmail, exim, MDaemon, Communigate PRO | Exchange, Sendmail, MDaemon |
| Standardization | IETF | IETF |
At CPTTM we opted for DKIM as it is more open and technically
more
sound (Your mileage may vary and you might well implement both
DKIM
and Sender ID). We have tested it on Postfix and it is working well.
We're now entering the deployment phase.
Any questions, ideas or experiences to share? Contact me at 781313 or kent at cpttm dot org dot mo.
Until next time,
Kent Tong