sikkerhed /compliance
DESCRIPTION
Sikkerhed /Compliance. Peter Arvedlund Security Solutions Specialist Claus Petersen Sr. Partner TS Core Infrastructure. Forefront Security Overblik ...mod malware/virus, hacking, spam etc. Server Applications. Client and Server OS. Internet. Perimeter/edge. - PowerPoint PPT PresentationTRANSCRIPT
Sikkerhed/Compliance
Peter ArvedlundSecurity Solutions Specialist
Claus PetersenSr. Partner TS Core Infrastructure
Client and Server OS
Server ApplicationsPerimeter/edge
Forefront Security Overblik ...mod malware/virus, hacking, spam etc.
Internet
Management & VisibilityDynamic Response
Network EdgeServer ApplicationsClient and Server OS vNextForefront codename “Stirling”
vNext
V.2
vNext
Client and Server OS
Server ApplicationsPerimeter/edge
Forefront Security Overblik ...mod malware/virus, hacking, spam etc.
Internet
Exchange Hosted Filtering
Hosted antivirus & antispam
Internet
Client and Server OS
Server ApplicationsPerimeter/edgeInternet
Forefront Security Overblik ...mod malware/virus, hacking, spam etc.
Internet Security & Acceleration Server
&Intelligent Application Gateway
ISA 2006 Strengths
• Branch Office Application Gateway− Site – Site VPN with application layer protection− Caching and Compression between sites− Combination Proxy/Firewall benefits for remote offices
• Application Firewall/Proxy Server− AD integrated proxy server− 5th generation proxy server− Http filtering with 3rd party plug-ins extensibility
• Secure Application Publishing− Good choice for customers with single namespace− Easy setup for Exchange and RPC/Http access− AD integrated/Cert/Smart Card auth/RADIUS
Microsoft Confidential
Simple Management
Multiple Threat Protection
• Web anti-virus, anti-malware
• URL filtering• Email anti-virus, anti-spam• Intrusion prevention• Integration with Forefront
codename “Stirling”
Secure Connectivity
Forefront "Threat Management Gateway"
The Forefront “Threat Management Gateway” provides protection from multiple Internet-based threats, secure
connectivity and simplified management.“Threat Management Gateway” represents the evolution of ISA Server into a comprehensive, integrated Edge protection solution
“Threat Management Gateway” Investment Areas
• Network & application firewall
• Internet access protection (proxy)
• Remote access VPN• Site-to-site VPN• Exchange & SharePoint
publishing
• “Appliance like” experience
• Easy deployment• Centralized management• Integration with MS
infrastructure, including AD, WSUS, System Center
Anything you can do….I can do…ANYWHERE..!
Anywhere Acces / Secure Remote Acces
12
Appliance solutions
Forskellige roller – forskellige adgang
FinancialPartner or Field Agent
Project ManagerEmployee
LogisticsPartner
CorporateLaptop
Home PC
Kiosk
Full Intranet
Payroll & HR
Legacy AppsCustom Financials
Supply Chain
File Access
Remote TechnicianEmployee
Unmanaged Partner PC Webmail Tech Support App
Limited Webmail: no attachments
Limited Intranet
“Compliance”: Hver brugers adgang bestemmes af adgangs-politikker som relateres direkte til den enkelte Bruger, Sikkerhedsniveau eller
PC/PDA
ISA & IAG Roadmap
Microsoft Confidential
Network firewall
Application firewall
Internet access protection (proxy)
Basic OWA & SharePoint publishing
IPsec VPN (remote & site to site)
Web caching, HTTP compression
Web anti-virus, anti malware
URL filtering
Email anti-virus, anti-malware
Intrusion prevention
"TMG" vs. ISA Server 2006• TMG extends current ISA capabilities to provide Edge protection against
viruses, malware and other Internet based threatsISA 2006 “TMG"
NewNew
New
New
Integration with codename “Stirling” New
Enhanced UI, management, reporting New
Microsoft Confidential
Application Intelligence and Publishing
End Point Security
SSL Tunneling
Information Leakage Prevention
Robust Authentication Support (KCD, ADFS, OTP)
Product Certification (Common Criteria, ICSA)
NAP Integration
Terminal Services Integration
Array Management
Enhanced Management and Monitoring (MOM Pack)
"UAG" vs. IAG 2007IAG 2007 “UAG"
New
New
New
New
New
New
New
Enhanced Mobile Solutions
New and Customizable User Portal
Wizard Driven Configuration
New
Demo IAG
Client and Server OS
Server ApplicationsPerimeter/edgeInternet
Forefront Security Overblik ...mod malware/virus, hacking, spam etc.
Forefront Security for Application
Servers
InternetForefront til Exchange, Sharepoint & OCS fungerer som én samlet anti-virus administrations- & integrations-konsol som indeholder op til 8 forskellige antivirus scannere.....!
Forefront for Application Servers
- Exchange- Sharepoint - OCS
Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from
Each scan job in a Forefront Server Security product can run up to five engines simultaneously
Internal Messaging and Collaboration Servers
A B C ED
SQL Document Library
DocumentUsers
Document
SharePoint Server
Virus Protection for Document Libraries
Real-time scanning of documents uploadedand downloaded from document libraryManual and scheduled scanning of document library
Content Policy EnforcementFile filtering to block documents frombeing posted based on name match, file type or file extensionContent filtering by keywords withindocuments for inappropriate words and phrases
• Detects and removes viruses in IM conversations− Supports LCS 2005 pooling, PIC, file
transfers, and encrypted conversations
− Blocks IMs with potentially harmful links
• Scans for confidential information and inappropriate keywords in IMs and documents
• Allows creation of IM policies through whitelisting and IM/SMTP notifications
Forefront
Microsoft Office Communicator
Windows Messenger Clients
Office Communications Server
Firewall
Outside IM Clients
Integrated Management Forefront Management Pack
• Over 100 Events, Performance Counters, and Services Monitored− Monitors the state of Forefront.− Collects statistical data on scanning, detection,
and removal of messages and attachments− Polls Forefront Services - Provides timed events
to poll systems for critical process health
• Key Tasks− Triggers scan engine updates− Centralizes storage and deployment of license
files− Imports, exports and deploys setting changes− Initiates and/or schedules manual scan jobs− Starts/Stops control of Forefront services
Demo Forefront for Sharepoint
Client and Server OS
Server ApplicationsPerimeter/edgeInternet
Forefront Security Overblik ...mod malware/virus, hacking, spam etc.
Forefront Client Security
AVComparatives(Feb 2008)
Results of testing of 29 anti-virus engines against more than 870,000 malware files
discovered during the last six months
Test of consumer anti-virus products using a malware sample covering
approximately the last three years.
Received AVComparatives Advanced Certification
Kaspersky 97.4%Symantec 96.1%Microsoft 96.1%Trend Micro 95.4%AVG 95.1%Sophos 95.0%NOD32 93.6%Panda 93.3%Norman 90.8%McAfee 86.4%eTrust 73.7%
AVTest.org(November 2007)
Test based on more than 1 million malware samples
AVTest.org(March 2008)
Kaspersky 98.30%
Symantec 97.70%
McAfee 94.90%
Microsoft 93.90%
VBA32 87.70%
AVK (G Data) 99.91%Trend Micro 98.72%
Sophos 98.10%Microsoft 97.79%Kaspersky 97.17%
F-Secure 96.78%
Norton (Symantec) 95.70%
McAfee 95.58%eTrust / VET (CA) 72.07%
Én antivirus scannerAntivirus, antispyware & antirootkit
Product Name/
Capability
Leading Competit
or
Forefront Client Security
Memory Footprint1
ServerClient
58.6 Mbs66.3 Mbs
56.5 Mbs57.9 Mbs
Avg Usage, CPU & Memory2
% Server Avg% Client Avg
30.5%29.4%
2.0%11.1%
Boot time increase3
62% avg increase
4.5% avg increase
Scanning time (quick)
Network 1 (Avg)4
Network 2 (Avg)4
29.9 min12.0 min
13.6 min5.3 min
Scanning time (full)
Network 1 (Avg)4
Network 2 (Avg)4
156.8 min92.8 min
34.6 min18.3 min
60%+ less CPU
usage
14x faster
at boot time
2x faster
in quick scans
5x faster in full scans
Sources: West Coast Labs, AVTest.org, Performance benchmarking study with West Coast Labs.
Product Name/ Capability
LeadingCompetit
or
Forefront Client
Security
Memory Footprint1
Client – uninfected
Client -infected
536 Mbs593 Mbs
522 Mbs495 Mbs
Avg Usage, CPU & Memory2
% Client – uninfected % Client - infected
82.37%88.56%
79%81.6%
Scanning timeUninfected client
Infected client147.69mi
n167.09mi
n
81.82 min95.33 min
Application Startup time
Starting Word with no AV –
1.7252.425 sec 2.233 sec
Starting IEwith no AV –
2.2753.6 sec 2.6 sec
7% less CPU
2x faster
Én antivirus scannerAntivirus, antispyware & antirootkit
SMS/SCCM
Security SummarySecurity Summary
“Is my environment compliant with security
best practices?”
“Has my level of vulnerability exposure changed over time?”
“What portion of my environment is at high
risk?”
Client and Server OS
Server ApplicationsPerimeter/edgeInternet
Forefront Security Overblik ...mod malware/virus, hacking, spam etc.
Management – “Codename Stirling” RTM Q1 ´09
Management & VisibilityDynamic Response
Network EdgeServer ApplicationsClient and Server OS vNextForefront codename “Stirling”FCS v.2 is part of the “Stirling” security System
vNext
V.2
vNext
Stirling Protection Overview• Comprehensive and coordinated protection with dynamic response• Unified assets and policy-centric management across client, server, and
edge• Critical visibility into security state: threats and vulnerabilities
vNext
vNext
vNext
Antimalware
Host Firewall
Host Intrusion Prevention System
Software Restriction
Device Control
NAP Integration
Exchange 2007 & E14 Protection
Additional Antimalware Capabilities
Advanced Antispam
Content FilteringSharepoint 2007 & SPS 14 Malware Protection
Web (URL) Filtering
HTTP/FTP AV
Intrusion Prevention
Remote Access
NAP Integration
Firewall
Silo'd best of breed solution are not enough• Breaches came from a combination of event:
− 62% were attributed to a significant error− 59% resulted from hacking and intrusions− 31% incorporated malicious code− 22% exploited a vulnerability− 15% were due to physical threatsTime span of data breach events
http://www.verizonbusiness.com/resources/security/databreachreport.pdf
DNS Reverse Lookup
Client Event Log
Edge ProtectionLogg
Network Admin.
Edge Protection
Client Security
Hours
DEMO-CLT1
Peter
DesktopAdmin.
Manual: Launch a scan
WEB
Malicious Web Site
Phone
Manual: Disconnect the Computer
Example: Zero Day ScenarioToday :
Security Assessments Channel
2-3 min
TMG identifies malware on DEMO-CLT1 computer attempting to propagate (Port Scan)
Security Admin.
Network Admin
DEMO-CLT1
Peter
DesktopAdmin.
Malicious Web Site
WEB
Forefront TMG Client
Security
CompromisedComputer DEMO-CLT1High FidelityHigh SeverityExpire: Wed
CompromisedUser: AndyLow FidelityHigh SeverityExpire: Wed
Stirling Core
FCS identifies Andy has logged on to DEMO-
CLT1
Alert
Scan Computer
Block Email
Block IM
Reset Account
Quarantine
Example: Zero Day ScenarioWith Stirling and Dynamic Response
NAPActive
Directory
Forefront Server for:
Exchange, SharePoint
OCS
Demo Stirling
Identity & Security Roadmap
ThreatMitigation
Management
IdentityBasedAccess
IdentityInfrastructure
"Zermatt" Identity Developer Framework
H2 CY08H1 CY08 H1 CY09
Beta 1
Beta 1
Beta 1
Beta 1 WEB
S
Beta
Beta 2
Beta 2
Beta 2
Beta 2
~2010
NEW
NEXT
RTM
RTM
RTM
RTM
RTM
Beta 3 RC RTM
RTMIAG SP2
Active DirectoryRights Management Services RTM
AD, ADLDS, ADFS (Windows Server 2008 R2) RTMRTMBeta
RTMBeta 2Beta 1