sebastian vijeu microsoft romania [email protected] microsoft forefront server & client...
TRANSCRIPT
Sebastian VijeuMicrosoft [email protected]
Microsoft Forefront Server & ClientTechnology
Agenda
Forefront security familyForefront Client Security (FCS)Forefront for ExchangeForefront for SharepointForefront for OCS
SystemsManagement
Identity & Access
Services
Security and Management Technologies
3
Client and Server OS
EdgeMicrosoft®
Internet Security &Acceleration Server 2006
Microsoft®
Forefront™
Client Security
Intelligent ApplicationGateway 2007
Microsoft®
Forefront™
Security for Exchange Server
Microsoft®
Forefront™
Security for SharePoint
Server Application
s
Active Directory Federation Services
Card Space
Consumer/ Small Business
Corporate
Client ProtectionServer Protection Edge Protection
Simple PC maintenanceAnti-Virus Anti-SpywareAnti-Phishing
FirewallPerformance TuningBackup and Restore
Protection Edge, server and client protection“Point to Point” SolutionsSecurity of data at rest and in transitMobile workforceManageability
One solution for spyware and virus protection
Built on protection technology used by millions worldwide
Effective threat response
One console for simplified security administration
Define one policy to manage client protection agent settings
Integrates with your existing AD Infrastructures
One dashboard for visibility into threats and vulnerabilities
View insightful reports
Stay informed with state assessment scans and security alerts
Unified malware protection for business
desktops, laptops and server operating systems
that is easy to manage and control
Remove most prevalent viruses
Remove all known
viruses Real-time antivirus
Remove all known
spywareReal-time antispyware
Central reporting and alerting
Customization
MicrosoftForefront
ClientSecurity
MSRT Windows Defender
Windows Live OneCare Safety
Scanner Windows
Live OneCare
IT Infrastructure Integration
FOR INDIVIDUAL USERS FOR BUSINESSES
Client Anti-Malware Unified Protection
Only AntiVirus is enough?
User Account Control
IE7 with Protected Mode
Randomize Address Space Layout
Advanced Desktop Firewall
Kernel Patch Protection (64bit)
Unified Virus & Spyware Protection
Central Management
Reporting, Alerting and State Assessment
NAP
File/Folder Encryption
Full Volume Encryption
Combined Solution
Windows Vista™ Forefront™ Client Security
Protection Features FCS + Windows OS = Complete Client Protection
Real-time reporting
Enabled by embedded Operations Manager technology
Access to real-time data and trends
“At-a-glance” view of threats & vulnerabilities across organization
Machines reporting security issues (malwarenot cleaned, critical vulnerabilities present)
Machines not reporting issues
Machines not reporting
30-day trend history
Drill down into detail as required
Notification of machines reporting alerts
Reporting Capabilities
Security SummarySecurity Summary
Reporting Capabilities
• Key information on security state for taking action against threats,
• Snapshot of the top trends and issues in the environment.
• Launch point for other reports, allowing the administrator to drill down into details as much as needed.
• Ability to review:• Deployment Status: How many
machines are up to date or not up to date with the latest signatures
• Top issues and issue history: Categorized by type along with history of issues
• Top Threats and threat history: Types of threats, their severity and how many machines a specific threat has affected.
• Top alerts and alert history: Key alerts impacting environment
• Top vulnerabilities and vulnerability history: Through state assessment scans
Summary Report
“Is my environment compliant with security best practices?”
“Has my level of vulnerability
exposure changed over time?”
“What portion of my environment is at
high risk?”
Reporting CapabilitiesSecurity State Assessment Reporting
Forefront server security solutions help businesses protect their messaging and collaboration servers against viruses, worms, spam and inappropriate content.
Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against e-mail and collaboration threats
Advanced Protection
Availability & Control
Tight integration with Microsoft Exchange, Windows-based SMTP, SharePoint and Office Communications Servers maximizes availability and management control
Secure Content
Ensures organizations can eliminate inappropriate language and dangerous attachments from internal and external communications
Advanced Protection – the strength of single vendor / multiple engines
Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from
Each scan job in a Forefront Server Security product can run up to five engines simultaneously
• Internal Messaging and
Collaboration Servers
A B C ED
No single point of failureProblem: Management/Cost
SharePoint
ISA Server
SMTP Server
Internet
Viruses
Advanced Protection – antivirus approaches
Exchange Exchange
Multi-vendorMulti-engine
Worms
Spam
A B
C
A
ED
B C
The Multiple Engine Advantage
Rapid response to new threatsFail-safe protection through redundancyDiversity of antivirus engines and heuristics
Response time1 (in hours)The Microsoft
multiple-engine solution
WildList Number
MalwareName
Forefront
Set 1
Forefront Set 2
Forefront Set 3
Vendor A* Vendor B* Vendor C*
01/08 agent_itw14.ex_ 0.00 0.00 0.00 0.00 268.65 65.3301/08 autorun_itw180.ex_ 0.00 0.00 0.00 1023.47 0.00 1123.9801/08 autorun_itw92.ex_ 0.00 0.00 0.00 275.67 0.00 731.4301/08 ircbot_itw227.ex_ 0.00 0.00 0.00 1083.70 640.45 557.5301/08 ircbot_itw236.ex_ 0.00 0.00 0.00 0.00 711.47 1148.2701/08 ircbot_itw238.ex_ 0.00 0.00 0.00 563.13 521.73 452.1301/08 ircbot_itw295.ex_ 0.00 0.00 0.00 40.08 226.02 37.3201/08 ircbot_itw301.ex_ 387.98 387.98 404.13 558.98 678.73 514.5501/08 ircbot_itw305.ex_ 387.98 387.98 404.13 484.80 485.77 487.3801/08 ircbot_itw308.ex_ 0.42 0.42 0.42 101.02 12.03 2.1001/08 ircbot_itw314.ex_ 0.00 0.00 0.00 808.48 355.20 802.0301/08 ircbot_itw317.ex_ 0.00 0.00 0.00 12.45 506.28 6.5701/08 pushbot_itw2.ex_ 0.00 0.00 0.00 0.00 700.27 696.1701/08 rbot_itw2555.ex_ 0.00 0.00 0.00 1083.70 0.00 1082.2801/08 rbot_itw2579.ex_ 0.00 0.00 0.00 386.60 306.83 422.2701/08 rbot_itw2582.ex_ 0.00 0.00 0.00 1117.85 0.00 138.8301/08 rbot_itw2583.ex_ 0.00 0.00 0.00 1112.17 3.67 1110.7501/08 sdbot_itw2584.ex_ 0.00 0.00 0.00 961.78 344.62 795.3501/08 sdbot_itw2596.ex_ 0.00 0.00 0.00 301.77 415.20 89.5001/08 sdbot_itw2636.ex_ 0.00 0.00 0.00 0.00 247.47 699.3302/08 autorun_itw245.ex_ 0.00 0.00 0.00 1321.35 0.00 1025.3002/08 ircbot_itw318.ex_ 0.00 0.00 0.00 100.02 619.72 223.4202/08 ircbot_itw320.ex_ 0.00 0.00 0.00 157.67 120.12 669.1502/08 ircbot_itw336.ex_ 0.00 0.00 0.00 181.08 811.67 17.4702/08 ircbot_itw337.ex_ 0.00 0.00 0.00 701.95 901.80 54.6802/08 ircbot_itw338.ex_ 0.00 0.00 0.00 97.73 763.30 81.0202/08 rcbot_itw342.ex_ 0.00 0.00 0.00 1360.62 78.92 260.15* Includes beta signatures** 0.00 denotes proactive detection
1 Source: AV-Test.org 2008 (www.av-test.org)
Other single-engine solutions
= Less than 5 hours
= 5 to 24 hours
= More than 24 hours
Forefront Server Multiengine Optimized Performance
Bias
Engines used are not always the same.They are
dynamically allocated from the available pool.
A
B
Max Certainty: uses all engines (100%) Favor Certainty: uses all available engines
Neutral: uses approximately 50% of available enginesFavor Performance: uses 25% of available enginesMax Performance: uses one engine for every scan
VirusesWormsSpam
Office Communications Server
Users
Internet
SMTP Server
ISAServer
SharePoint
Exchange Server
EdgeE-mail
Collaboration
Forefront Comprehensive Security
VirusesWormsInapp. Content
Management
Microsoft Operations Manager Forefront Management Pack (MP)
Forefront Client Security
Forefront Security Management Console (actually Antigen Enterprise Manager)
Mailbox
ClientAccess
Unified Messaging
EdgeTransport
HubTransport
Enterprise network
OtherSMTP
Servers
Mailbox
Routing Hygiene Routing Policy
Voice Messaging
PBX or VoIP
PublicFolders
Fax
Applications:- OWA
Protocols:- ActiveSync,
POP, IMAP, RPC / HTTP …
Programmability: Web services,Web parts
Exchange 2007 Enterprise Topology for security
INTERNET
Anti-spam ProtectionForefront Security for Exchange Server licenses and activates the premium anti-spam features for Exchange 2007
Deployed on Exchange Edge or Hub server role
Built upon base anti-spam in Exchange 2007, premium anti-spam protection adds:
Microsoft IP reputation filter service and automated updatesAutomated updates for Microsoft Smartscreen spam heuristics, phishing Web sites and Intelligent Message Filter (IMF)Targeted spam signature data and automatic updates to identify latest spam campaigns
Microsoft Forefront Security for SharePoint integrates multiple scan engines from industry-leading vendors and content controls to help businesses protect their Microsoft SharePoint portal and collaboration environments by eliminating documents containing malicious code, confidential information, and inappropriate content.
Comprehensive Protection
OptimizedPerformance
Simplified Management
Multiple industry-leading antivirus enginesFile & Content Keyword FilteringSupport for Open XML & IRM-protected docs
Native integration with SharePoint ServerScanning innovations and performance controlsContinuous scanning during engine updates
Administration console for easy setup and managementAutomated signature updatesCentralized reporting, notifications and alerts
Why SharePoint Antivirus?File Server AV does not provide the level of protection needed to prevent SharePoint-related infections Desktop AV is not enough to solve the problem
Desktop AV may detect infection within the cached copy, but cannot clean the stored copy in the document libraryForefront Security for SharePoint cleans the document in the library, ensuring all posted and downloaded documents are safeSignature distribution is often slow and problematic, and never contains five scanning engines
Forefront server security solutions help businesses protect their messaging and collaboration servers against viruses, worms, spam and inappropriate content.
Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against e-mail and collaboration threats
Advanced Protection
Availability & Control
Tight integration with Microsoft Exchange, Windows-based SMTP, SharePoint and Office Communications Servers maximizes availability and management control
Secure Content
Ensures organizations can eliminate inappropriate language and dangerous attachments from internal and external communications
Forefront for Instant Messaging – Office Communications Server
Find and remove viruses from the IM conversations and file transferInfected file blockingContinuous scanning IM traffic for removing malicious softwareContent filtering and support for encrypted traffic
Microsoft Office
Communicator
Office Communications Server
Firewall
Microsoft Live Messenger
Antivirus Protection for IM
Integrated scan with Session Initiation Protocol (SIP) for efficient realtime scanningNotifications for file infectionsSupport for OCS 2007 / Live Communications Server 2005 and encrypted traffic
Security Guidance and ResourcesMicrosoft Security Home Page: www.microsoft.com/securityMicrosoft Security Portal: www.microsoft.com/security/portal Microsoft Trustworthy Computing: www.microsoft.com/security/twcMicrosoft Security Intelligence Report: www.microsoft.com/sir Infrastructure Optimization: www.microsoft.com/ioMicrosoft Security Assessment Tool: www.microsoft.com/security/msat
General Information:Microsoft Live Safety Center: safety.live.comMicrosoft Security Response Center: www.microsoft.com/security/msrcSecurity Development Lifecycle:
http://msdn2.microsoft.com/en-us/library/ms998404.aspxGet the Facts on Windows and Linux:
www.microsoft.com/windowsserver/compare
Anti-Malware:Understanding malware
http://download.microsoft.com/download/a/b/e/abefdf1c-96bd-40d6-a138-e320b6b25bd3/understandingantimalwaretechnologies.pdf
Microsoft Forefront: www.microsoft.com/forefrontMicrosoft OneCare: www.windowsonecare.com Microsoft Defender: www.microsoft.com/athome/security/spyware/softwareSpyware Criteria: www.microsoft.com/athome/security/spyware/software/isv
Guidance Centers:Security Guidance Centers: www.microsoft.com/security/guidanceSecurity Guidance for IT Professionals: www.microsoft.com/technet/securityThe Microsoft Security Developer Center: msdn.microsoft.com/security
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.