What security settings best apply to the client?

When installing new services or products for a client, such as email security, resellers need to be cognizant of the requirements that may apply to their organization. Since companies are in the business to make money, as it pertains to their particular vertical market, they may or may not be aware of email security requirements that apply to their organization. Detailed conversations with the client will help ensure the client has a better idea of requirements and what configurations will work best for their organization. Take the opportunity to educate the client, if necessary.

About the author  Russ Rogers is an information security expert and author of Nessus Network Auditing, 2nd Edition. Russ is currently a penetration tester for the federal government. Listen to Russ's supplemental podcast on email security.

If no particular email security requirements exist, ensure the client is aware of best practices in information security. Basic rules, such as securing the underlying operation system, keeping the OS and application patched on a consistent basis, avoiding the use of clear text protocols where possible, and ensuring appropriate user access control, should all be reiterated to the client.