Presentation is loading. Please wait.

Presentation is loading. Please wait.

ForeFront Security Microsoft Government Workshop November 2007 Ľubo Technology Solution Professional Microsoft.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ForeFront Security Microsoft Government Workshop November 2007 Ľubo Technology Solution Professional Microsoft."— Presentation transcript:

1 ForeFront Security Microsoft Government Workshop November 2007 Ľubo Goryllgoryl@microsoft.comlgoryl@microsoft.com Technology Solution Professional Microsoft Slovakia

2 Agenda  Prehľad Forefront Server Security produktov  Forefront Security for Exchange Server  Forefront Security for SharePoint  Forefront Management Console  Forefront Client Security  Záver a otázky

3 23 million pobočiek celosvetovo (IDC, 2006) 3.6 billion mobilných užívateľov do 2010 (Infonetics, 2007) 85% of organizácií bude mať WLANs do 2010 (Infonetics, 2006) Požiadavky na prístup 8x viac “phishing” stránok za posledný rok (AWG, 2006) „Spyware software“ nárast 277% za posledný rok (Microsoft Security Intelligence Report) Viac útokov indikovaných za účelom zisku (Multiple sources) Nebezpečenstvá Výskum v organizáciách

4 Technológie zabezpečenia a správy IT Active Directory Federation Services Card Space

5 Interoperability Developer Tools & Guidance Systems Management Identity Management Windows Client and Server Operating Systems Forefront = integrácia, komplexnosť, správa Windows Networking Solutions Client And Server OS Server Applications Network Edge

6 Forefront Server Security

7 Roadmapa Server Security produktov MámeNajnovšieĎalšia generácia SP1 Includes downgrade rights to Antigen 9.0 for securing Exchange 2003/2000 9.0 SP1 Includes downgrade rights to Antigen for SharePoint

8 Komplexná ochrana

9 Problem Single Point of Failure SharePoint ISA Server SMTP Server Internet Viruses Anti-virus – možnosti riešenia ExchangeExchange Single Vendor Single Engine Worms Spam A AAAA A A A

10 Problem Management/Cost SharePoint ISA Server SMTP Server Internet Viruses Anti-virus – možnosti riešenia ExchangeExchange Multi-vendor Multi-engine Worms Spam AB C A E D B C

11 Sila viacerých „enginov“ Forefront Server Security sú integrované a dodávané s „industry-leading antivirus scan engines“ od : Každý „scan job“ vo Forefront Server Security product môže bežať simultánne s 5 „engine“ Internal Messaging and Collaboration Servers A B C E D

12 Výhody viacnásobného „enginu“  Rýchlejšia odozva na nové nebezpečenstvá  Ochrana voči „padnutému enginu“  Rôzne antivírusové „enginy a heuristiky“ AVTest.org, 2007 Forefront Set 1 Forefront Set 2 Forefront Set 3 Vendor A*Vendor B*Vendor C* 1006_areses_itw30.ex_ 0.00**0.00 1006_areses_itw36.ex_ 0.00 1598.780.00 1006_areses_itw37.ex_ 0.00 52.30175.45 1006_areses_itw41.ex_ 0.00 13.15194.35 1006_mytob_itw590.ex_ 0.00 1332.170.00 1006_rontokbro_itw36.ex_ 0.00 613.40 1006_sdbot_itw1809.ex_ 0.00 9.97166.07270.39 1006_sdbot_itw1831.ex_ 65.9552.2341.7859.431.0046.38 1006_sdbot_itw1847.ex_ 56.54 204.79416.2729.9285.32 1006_stration_itw101.ex_ 0.00 93.8823.4696.85 1006_stration_itw102.ex_ 0.00 26.0028.0530.83 1006_stration_itw42.ex_ 0.92 3.723.127.05 1006_stration_itw43.ex_ 2.00 4.804.208.13 1006_stration_itw44.ex_ 0.00 5.602.007.58 1006_stration_itw45.ex_ 0.00 3.552.007.58 1006_stration_itw46.ex_ 0.00 2.752.206.78 1006_stration_itw47.ex_ 0.00 3.723.127.05 1006_stration_itw60.ex_ 0.00 4.646.32 1106_rbot_itw2090.ex_ 0.00 1739.100.00298.64 1106_sdbot_itw1814.ex_ 0.00 1.000.00 1106_sdbot_itw1866.ex_ 0.00 26.801.0035.27 1106_sdbot_itw1867.ex_ 0.00 14.0012.8423.14 1106_sdbot_itw1876.ex_ 0.00 468.60306.82430.80 1106_stration_itw124.ex_ 0.00 0.380.661.888.80 1206_bagle_itw137.ex_ 0.00 4.010.0013.83 1206_bagle_itw141.ex_ 0.00 17.150.0013.83 1206_puce_itw1.ex_ 0.00 1.00 1206_rbot_itw2038.ex_ 0.00 1026.270.00 1206_sdbot_itw1889.ex_ 0.00 128.28255.2063.96 = less than 5 hours = 5 to 24 hours = more than 24 hours * Includes beta signatures **0.00 denotes proactive detection Čas odozvy ( v hodinách) Microsoft multi-engine solution Other single- engine solutions

13 Optimalizácia výkonu

14 Riadenie oprimalizácie výkonu Dôraz na Používané enginy nie sú stále tie isté. Sú dynamicky alokované z dostupných. A B CD Max bezpečnosť: používa všetky engines (100%) Vyššia bezpečnosť: používa všetky dostupné engines* Neutral: používa pribl.50% dostupných engines* Vyšší výkon: používa 25% dostupných engines* Max výkon: používa jeden engine pre každý scan*

15 Riadenie oprimalizácie výkonu Dôraz na : Používané enginy nie sú stále tie isté. Sú dynamicky alokované z dostupných. A B Max bezpečnosť: používa všetky engines (100%) Vyššia bezpečnosť: používa všetky dostupné engines* Neutral: používa pribl.50% dostupných engines* Vyšší výkon: používa 25% dostupných engines* Max výkon: používa jeden engine pre každý scan*

16 Jednoduchší Management

17 SharePoint Servers Exchange Servers Forefront Server Security Management Console Features  Centrálna management konzola  Nasadzuje a konfiguruje Forefront/Antigen Security for Exchange and SharePoint  Automatizuje „signature updates“ naprieč organizáciou  Scanuje a sťahuje aktualizácie pre viacnásobné enginy  Distribúcia aktualizácií na všetky Forefront/Antigen servery

18 Forefront Server Security Management Console vlastnosti :  Komplexné reporty  Detected viruses, keyword filters or file filters  Actions taken by Forefront/Antigen on detection of a virus or content violation  Message traffic activity  Antivirus engine versions  Zaznamenané upozornenia  SNMP and SMTP alerts sent when administrator-defined thresholds for viruses, file and content filters are exceeded  Alerts can be forwarded to Microsoft Operations Manager

19 Automatizovaný „Signature Updating“ Internet Engine Partner Updates www.microsoft.com Internet Forefront Engine Adaptor

20 Notifikácie & Reporting

21 Microsoft Operations Manager Forefront Management Pack for MOM 2005 / SCCM 2007  Over 100 Events, Performance Counters, and Services Monitored  Monitors the state of Forefront.  Collects statistical data on scanning, detection, and removal of messages and attachments  Polls Forefront Services - Provides timed events to poll systems for critical process health  Key Tasks  Triggers scan engine updates  Centralizes storage and deployment of license files  Imports, exports and deploys setting changes  Initiates and/or schedules manual scan jobs  Starts/Stops control of Forefront services

22 Forefront Security for Exchange Server

23 Čo je nové ?  Forefront Security for Exchange Server  Support for three Exchange roles in single product  64-bit support (32-bit support only for evaluation)  Localization into 11 languages  Support for new Exchange AV features  AV transport stamp  Targeted background scanning for optimized performance  Access to all scan engines included with license  Premium anti-spam services for Exchange 2007  Cluster Server improvements including new Exchange 2007 CCR cluster support

24 Mailbox Client Access Unified Messaging Edge Transport Hub Transport Enterprise network Other SMTP Servers Mailbox  Routing  Hygiene  Routing  Policy Voice Messaging PBX or VoIP Public Folders Fax  Applications: -OWA  Protocols: -ActiveSync, POP, IMAP, RPC / HTTP …  Programmability: -Web services, -Web parts Exchange 2007 Enterprise Topology INTERNETINTERNET

25 Email Transport Scanning  New intelligent scanning does not scan email that has already been scanned  By default, email scanned at Edge Transport or Hub Transport does not get scanned again when routed or deposited into mailboxes  Minimizes AV scanning overhead to maximize mail system performance  Significantly reduces scanning impact at the store  Can be turned off to allow scanning at all points

26 INTERNETINTERNET Edge Server Hub RoleMailbox Role Public Folder Client SCAN and STAMP NO SCAN Mail scanned only once at the Edge Saves processing load on Hub and Mailbox servers Transport Scanning – Prichádzajúci Mail

27 Edge ServerHub RoleMailbox Role Public Folder Client SCAN and STAMP NO SCAN Transport Scanning – Interný Mail  Internal mail is routed through Hub role  Proactive scanning at the Mailbox server (store) is turned off by default  Saves processing load on Mailbox servers Internet

28 Mail Store Scanning – Multiple Options  Standard mode  Background Scan to sweep the store once each day, scanning only the most vulnerable files  On-access protection for unscanned mail  Outbreak mode  Re-scan on-access whenever scan engines update  Ultimate security mode  Scan on submission to store  Re-scan on access whenever scan engines update  Continuous background scan with new signatures

29 Incremental Background Scanning  Ability to scope background scanning allows for daily “sweep” of store with latest updates  Scan only messages delivered in the past  4, 6, 8, 12, 18 hours  1, 2, 3, 4, 5, 7, 30 days  Combines security and performance  The most dangerous messages are scanned  The bulk of the store does not get scanned repeatedly for no reason

30 Premium Anti-spam Protection  Forefront Security for Exchange Server licenses and activates the premium anti-spam features for Exchange 2007  Deployed on Exchange Edge or Hub server role  Edge server can be deployed in front of Exchange 2003 mailboxes  Built upon base anti-spam in Exchange 2007, premium anti-spam protection adds:  Microsoft IP reputation filter service and automated updates  Automated updates for Microsoft Smartscreen spam heuristics, phishing Web sites and Intelligent Message Filter (IMF)  Targeted spam signature data and automatic updates to identify latest spam campaigns

31 File Filtering  A key part of any mail protection strategy  File filtering proactively blocks a specific range of potentially dangerous file types whether or not a signature exists  Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM and BAT  Some users will block the same file types that are blocked by Outlook 2003  See Outlook online help for list

32  Use *.exe and All Types of files to block anything named *.exe  Use *.* and EXEFILE to block any executable file no matter what it is named File Filtering Setting up file filters  Forefront blocks by extension and true file type  Can’t fool filter by simple change of extension  Each is configured differently

33 File Filtering Setting up file filters  Search for specific files by name, e.g. “resume.doc”  Wildcards supported, e.g. “*resume*.doc”  Each * represents 250 characters  File filters can be Inbound or Outbound  *.exe, *.doc  Files can be blocked based on size, and size/name/type/direction combinations  *.mp3>2mb  *.mp3>5mb  *.*>10mb

34 File Filtering Actions  Every filter or filter list can have a separate action applied, offering great flexibility  Skip:Detect only – logs the event but does not block or alter the message  Not a secure setting!  Useful for monitoring and discovery purposes  Allows for pre-testing of new rules without end user impact  Delete:Remove contents – removes the attachment only and replaces with the customized deletion text  Purge:Eliminate message – deletes both the attachment and the message body  End user receives nothing

35 Filter Rules: Delete *.exe Quarantine File Filtering – Zip file behavior  Forefront scans within ZIP and other compressed formats, deletes only the offending file and then repackages the ZIP Container file before scan EXEDOC JPGBMP DOC JPGBMP TXT Container file after scan EXE Quarantine Custom deletion text

36 Forefront Security for SharePoint

37 Čo je nov?  Forefront Security for SharePoint  Both 32-bit and 64-bit support  Localization (11 languages)  Support for SharePoint Information Rights Management Documents  Keyword filtering on Office XML Open Format and Excel formats  Access to all scan engines included with license

38 Forefront Security for SharePoint SQL Document Library Document Users Document SharePoint Server Virus Protection for Document Libraries -Real-time scanning of documents uploaded and downloaded from document library -Manual and scheduled scanning of document library Content Policy Enforcement -File filtering to block documents from being posted based on name match, file type or file extension -Content filtering by keywords within documents for inappropriate words and phrases

39 SharePoint API integration  Utilizes the SharePoint Virus API to scan files during upload and download  Optimized for performance in a SQL environment  Files are not rescanned if engines have not been updated  Up to ten simultaneous scanning threads to help ensure users are not delayed waiting for documents to scan  Automatic integration with SharePoint Information Rights Management (IRM) to scan protected files on the fly

40 Forefront Server Security Management Console

41 Čo je nové v Forefront Server Security Management Console?  Exchange 2007 CCR Cluster Support  SQL 2005 Support*  Auto-discovery of Exchange Servers*  Exchange Server Filter*  Redundancy*  Localization in 11 languages** * Beta 2 (mid-2007) ** RTM (2H 2007)

42 Forefront Server Security Management Console

43 November 200643

44 Reportovanie

45 * Magic Quadrant for E-Mail Security Boundary, 2006. Peter Firstbrook, Arabella Hallawell Publication Date: 25 September 2006/ID Number: G00142431 Gartner Magic Quadrant for E-Mail Security Boundary 2006 * Industry Analyst Perspective

46 © 2007 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "ForeFront Security Microsoft Government Workshop November 2007 Ľubo Technology Solution Professional Microsoft."

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
EX04: Exchange 2007 Security, Part II Jim McBee

EX04: Exchange 2007 Security, Part II Jim McBee
Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel

Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel
| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.

| Copyright© 2010 Microsoft Corporation Quick Start into Activating and Selling Office 365.
Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.

Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Forefront Server Products Ronald Beekelaar Beekelaar Consultancy

Forefront Server Products Ronald Beekelaar Beekelaar Consultancy
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.

Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Secure Messaging Nick Hall & James Clifford Microsoft.

Secure Messaging Nick Hall & James Clifford Microsoft.
Optimize for Software + Services E-mail ArchivingE-mail Archiving Protect CommunicationsProtect Communications Advanced SecurityAdvanced Security Manage.

Optimize for Software + Services Archiving Archiving Protect CommunicationsProtect Communications Advanced SecurityAdvanced Security Manage.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Similar presentations

Ads by Google