Download presentation
Presentation is loading. Please wait.
PublishKerrie Hannah Casey Modified over 8 years ago
1
Managing Messaging and Collaboration System Threat Protection: A Technical Dive of Forefront Server Security Ketil Pedersen Technology Specialist Manager
2
Agenda Introduction to Forefront Server Security products Forefront Security for Exchange Server Exchange 2007 Role Support Premium Anti-spam Services File filtering Forefront Security for SharePoint SharePoint API Demo Closing remarks
3
Simplified Forefront + System Center IT SecurityIT Management Change & Configuration Management Backup & Recovery Virtual Machine Management Systems Monitoring Common Management Infrastructure & Platform Productive Integrated Client Security Application Server Security Network Edge Security Secure Remote Access
4
Comprehensive Protection Optimized Performance Simplified Management Ships with & manages multiple antivirus engines File Filtering and premium anti-spam protection File & Content Keyword Filtering for SharePoint Deep integration with platform Scanning innovations and performance controls Maintains uptime and optimizes performance. Easily manage configuration and operation Automated signature updates Reporting, Notifications and Alerts Microsoft ® Forefront ™ Server Security includes multiple scan engines from industry-leading security firms, integrated in a single solution to help businesses protect their Exchange messaging environments from viruses, worms, and spam and protect their Microsoft Office SharePoint 2007 and Windows SharePoint Services 3.0 collaboration environment by eliminating documents containing malicious code, confidential information, and inappropriate content.
5
Server Security Product Roadmap Previous VersionsCurrent2007 + Microsoft ® Antigen Messaging Security Suite Microsoft ® Antigen Messaging Security Suite SP1
6
Comprehensive Protection
7
Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from Each scan job in a Forefront Server Security product can run up to five engines simultaneously Harnessing the Strength of Multiple Engines Internal Messaging and Collaboration Servers A B C E D
8
The Multiple Engine Advantage Rapid response to new threats Fail-safe protection through redundancy Diversity of anti- virus engines and heuristics Response Time (hours) Forefront Set 1 Forefront Set 2 Forefront Set 3 Vendor A Vendor B Vendor C 0406 Mytob.NQ@mm 1.51.03.19.917.42.1 0406 Mytob.NQ@mm 1.0 28.111.63.5 0406 Spybot!04C2 23.0 1.00.029.939.0 0406 Nugache.a 1.0 34.112.948.1 0506 Numuen.F 0.0 1.010.315.0 0506 Numuen.H 1.0 103.8251.9114.8 0506 Numuen.G 3.2 1.0151.8469.0 0506 Banwarum.C@mm 87.5 1.0116.773.0129.3 0506 Banwarum.B@mm 12.11.81.0116.722.532.9 0506 Rbot!E905 0.0 1,141.8217.61.0 0606 Bagle.EG 0.0 7.30.0 0606 Bagle.EH@mm 0.0 18.40.0 0606 Bagle.EG@mm 0.0 1.00.026.50.0 0606 Bagle.LY@mm 0.0 6.42.5 0706 Feebs.gen@mm 0.0 503.8 0706 Feebs.EU 0.0 52.3173.239.0 0706 Virut.A 0.0 1,317.0 > 24 hrs 4 to 24 hrs < 4 hrs 1 AVTest.org, 2006
9
Optimized Performance
10
Optimized Performance Controls Bias Engines used are not always the same. They are dynamically allocated from the available pool. A B Max Certainty: uses all engines (100%) Favor Certainty: uses all available engines* Neutral: uses approximately 50% of available engines* Favor Performance: uses 25% of available engines* Max Performance: uses one engine for every scan* C D
11
Optimized Performance Controls Bias Engines used are not always the same. They are dynamically allocated from the available pool. Max Certainty: uses all engines (100%) Favor Certainty: uses all available engines* Neutral: uses approximately 50% of available engines* Favor Performance: uses 25% of available engines* Max Performance: uses one engine for every scan* A B
12
Simplified Management
13
Forefront Server Security Management Console Features Central management console Deploys and configures Forefront/Antigen Security for Exchange and SharePoint environments Automates signature updates across the enterprise Scans for and pulls updates for multiple antivirus engines Distributes updates to all Forefront/Antigen servers SharePoint Servers Exchange Servers
14
Forefront Server Security Management Console Features Comprehensive reporting Detected viruses, keyword filters or file filters Actions taken by Forefront/Antigen on detection of a virus or content violation Message traffic activity Antivirus engine versions Outbreak alerts SNMP and SMTP alerts sent when administrator-defined thresholds for viruses, file and content filters are exceeded Alerts can be forwarded to Microsoft Operations Manager
15
Notifications & Reporting
16
Integrated Management Forefront Management Pack Over 100 Events, Performance Counters, and Services Monitored Monitors the state of Forefront. Collects statistical data on scanning, detection, and removal of messages and attachments Polls Forefront Services - Provides timed events to poll systems for critical process health Key Tasks Triggers scan engine updates Centralizes storage and deployment of license files Imports, exports and deploys setting changes Initiates and/or schedules manual scan jobs Starts/Stops control of Forefront services
17
Forefront Security for Exchange Server
18
Mailbox Client Access Unified Messaging Edge Transport Hub Transport Enterprise network Other SMTP Servers Mailbox RoutingHygieneRoutingPolicy Voice Messaging PBX or VoIP Public Folders Fax Applications: OWA Protocols: ActiveSync, POP, IMAP, RPC / HTTP … Programmability: Web services, Web parts Exchange 2007 Enterprise Topology INTERNETINTERNET
19
Email Transport Scanning New intelligent scanning does not scan email that has already been scanned By default, email scanned at Edge Transport or Hub Transport does not get scanned again when routed or deposited into mailboxes Minimizes AV scanning overhead to maximize mail system performance Significantly reduces scanning impact at the store Can be turned off to allow scanning at all points
20
Edge Server Hub RoleMailbox Role Public Folder Client SCAN and STAMP NO SCAN Mail scanned only once at the Edge Saves processing load on Hub and Mailbox servers Transport Scanning Inbound Mail INTERNETINTERNET
21
Edge ServerHub RoleMailbox Role Public Folder Client SCAN and STAMP NO SCAN Transport Scanning Internal Mail Internal mail is routed through Hub role Proactive scanning at the Mailbox server (store) is turned off by default Saves processing load on Mailbox servers Internet
22
Mail Store Scanning Multiple Options Standard mode Background Scan to sweep the store once each day, scanning only the most vulnerable files On-access protection for unscanned mail Outbreak mode Re-scan on-access whenever scan engines update Ultimate security mode Scan on submission to store Re-scan on access whenever scan engines update Continuous background scan with new signatures
23
Incremental Background Scanning Ability to scope background scanning allows for daily “sweep” of store with latest updates Scan only messages delivered in the past 4, 6, 8, 12, 18 hours 1, 2, 3, 4, 5, 7, 30 days Combines security and performance The most dangerous messages are scanned The bulk of the store does not get scanned repeatedly for no reason
24
Premium Anti-spam Protection Forefront Security for Exchange Server licenses and activates the premium anti-spam features for Exchange 2007 Deployed on Exchange Edge or Hub server role Edge server can be deployed in front of Exchange 2003 mailboxes Built upon base anti-spam in Exchange 2007, premium anti-spam protection adds: Microsoft IP reputation filter service and automated updates Automated updates for Microsoft Smartscreen spam heuristics, phishing Web sites and Intelligent Message Filter (IMF) Targeted spam signature data and automatic updates to identify latest spam campaigns
25
File Filtering A key part of any mail protection strategy File filtering proactively blocks a specific range of potentially dangerous file types whether or not a signature exists Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM and BAT Some users will block the same file types that are blocked by Outlook 2003 See Outlook online help for list
26
Use *.exe and All Types of files to block anything named *.exe Use *.* and EXEFILE to block any executable file no matter what it is named File Filtering Setting up file filters Forefront blocks by extension and true file type Can’t fool filter by simple change of extension Each is configured differently
27
File Filtering Setting up file filters Search for specific files by name, e.g. “resume.doc” Wildcards supported, e.g. “*resume*.doc” Each * represents 250 characters File filters can be Inbound or Outbound *.exe, *.doc Files can be blocked based on size, and size/name/type/direction combinations *.mp3>2mb *.mp3>5mb *.*>10mb
28
File Filtering Actions Every filter or filter list can have a separate action applied, offering great flexibility Skip:Detect only – logs the event but does not block or alter the message Not a secure setting! Useful for monitoring and discovery purposes Allows for pre-testing of new rules without end user impact Delete:Remove contents – removes the attachment only and replaces with the customized deletion text Purge:Eliminate message – deletes both the attachment and the message body End user receives nothing
29
Filter Rules: Delete *.exe Quarantine File Filtering – Zip file behavior Forefront scans within ZIP and other compressed formats, deletes only the offending file and then repackages the ZIP Container file before scan EXEDOC JPGBMP Container file after scan TXTDOC JPGBMP Custom deletion text Quarantine EXE
30
Real-time threat prevention features Multi-layer anti-spam and anti-virus Customized content and policy enforcement E-mail retention for help with compliance and e-discovery Customized report generation for help demonstrating compliance Fully indexed, searchable archive Full e-mail encryption No public and private key management Gateway, policy-based e-mail encryption Uninterrupted e-mail accessibility Rapid recovery from unplanned disasters and network outages Thirty-day rolling historical e-mail store
31
Hosted Services Network Infrastructure Hosted services provisioned across a reliable network infrastructure SLA uptime guarantees of 99.999 percent Services activated with simple mail exchange record redirect Requires minimal IT administration; centralized control Scalability without additional cost; can handle all message volume variations Helps free local loop, customer’s servers, and bandwidth from unwanted traffic Delivers legitimate messages to customer’s site
32
Forefront Security for SharePoint
33
SQL Document Library Document Users Document SharePoint Server Virus Protection for Document Libraries Real-time scanning of documents uploaded and downloaded from document library Manual and scheduled scanning of document library Content Policy Enforcement File filtering to block documents from being posted based on name match, file type or file extension Content filtering by keywords within documents for inappropriate words and phrases
34
SharePoint API integration Utilizes the SharePoint Virus API to scan files during upload and download Optimized for performance in a SQL environment Files are not rescanned if engines have not been updated Up to ten simultaneous scanning threads to help ensure users are not delayed waiting for documents to scan Automatic integration with SharePoint Information Rights Management (IRM) to scan protected files on the fly
35
Summary Comprehensive protection Optimized performance Simplified management. An integral part of Microsoft Forefront™ Visit http://www.microsoft.com/infrastructurehttp://www.microsoft.com/infrastructure Learn more about how Forefront Client Security fits in the Forefront & System Center solution Download beta/evaluation software “Forefront works like a dream. We don’t have to do anything to it until we’re ready to upgrade. With a small IT staff, that’s exactly what we want.” Alexander Fischer, Chief of IT Infrastructure, Koehler Paper Group “We wouldn’t put anything else for e-mail security on our Exchange Server 2007 machines. The software is well-respected. It’s been around; it’s proven. ” Chris Habala, Senior Architect/Analyst, Del Monte
36
Demo: Forefront Security for Exchange Server
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.