Embed Size (px)
Citation preview
Introduction to Microsoft Forefront
Ken LamRegional Solution Specialist - Security Solution, Incubation Server TeamMicrosoft Corporation - Greater China Region
Ken LamRegional Solution Specialist - Security Solution, Incubation Server TeamMicrosoft Corporation - Greater China Region
ServicesServices
EdgeEdge
ServerServer
ClientClientIdentityIdentity
ManagementManagement
Multi-Layer E-Mail Security
Network Edge Antivirus and Anti-Spam Services or on-premise software protect against spam and viruses before they penetrate the networkFirewall Protection Protocol- and application-layer inspection to help businesses enhance server protection while enabling secure, remote access to ExchangeInternal Antivirus Protection against external and internal threats, while enforcing content policies in e-mail
Managed ServicesManaged Services
Corporate NetworkCorporate Network
Exte
rnal
Fir
ew
all
DMZDMZ
On-Premise SoftwareOn-Premise Software
Internet
BETTER TOGETHER WITH EXCHANGESoftware and services use multiple scanning engines to protect Exchange inboxes from threats
Antigen for Antigen for ExchangeExchange
Antigen for SMTP Antigen for SMTP GatewaysGateways
Advanced Spam Advanced Spam ManagerManager
FrontBridge Email FrontBridge Email Filtering ServicesFiltering Services
InternetInternet
Inte
rnal
Fir
ew
all
ISA ISA ServerServer
Multi-Layer E-Mail Security
Better Together with ExchangeBetter Together with Exchange
Internet
Eliminate spam and viruses before they reach your network with multiple scanning engines
Rapid identification and quickest response to latest threats
Unparalleled reliability and scalability
Protect against internal threats with multiple scanning engines
Enforce content policies in e-mail Provide additional layer of defense
against the latest viruses, worms and spam
Securely and easily enable remote access to Exchange e-mail
Enhance server protection with pre-authentication of users
Improve security of OWA sessions from unmanaged clients
ISA ServerISA Server
FrontBridge Managed ServicesFrontBridge Managed Services Antigen On-Premise SoftwareAntigen On-Premise SoftwareISA ServerISA Server
External ProtectionExternal Protection Internal ProtectionInternal Protection
Forefront Solutions
Live Live Communications Communications
ServerServer
SharePoint SharePoint ServerServer
Exchange ServersExchange Servers
ISA ISA ServerServer
Windows SMTP Windows SMTP ServerServer
VirusesViruses
WormsWorms
SpamSpam
Stop viruses at the network edge on ISA server and SMTP GatewaysStop viruses at the network edge on ISA server and SMTP GatewaysProtect Exchange 5.5, 2000, and 2003 from viruses and provideProtect Exchange 5.5, 2000, and 2003 from viruses and providecontent filteringcontent filteringReduce spam on ISA Server, Exchange and Windows SMTP Reduce spam on ISA Server, Exchange and Windows SMTP servers with Antigenservers with Antigen’’s Advanced Spam Manager option s Advanced Spam Manager option Protect Live Communications Server 2005 with antivirus and Protect Live Communications Server 2005 with antivirus and content scanningcontent scanningProtect SharePoint document libraries from viruses and unwanted Protect SharePoint document libraries from viruses and unwanted contentcontent
IM and IM and DocumentsDocuments
E-mailE-mail
LayeredLayeredDefenseDefense
ss
Server Server OptimizationOptimization
Content Content ControlControl
Forefront multiple scan engine Integration with Exchange Server 2007
• Manage up to 8 scan enginesManage up to 8 scan engines
• Eliminate single point of failureEliminate single point of failure
• Minimize window of exposure Minimize window of exposure during outbreaks during outbreaks
Scan Engine 1Scan Engine 1
Scan Engine 4Scan Engine 4
Scan Engine 2Scan Engine 2
Scan Engine 3Scan Engine 3QuarantineQuarantine
9 Scan engines all included in 1 license Microsoft AntivirusSophosCA VETCA InoculateITNorman
New! Kaspersky LabAhnLabAuthentiumVirusBuster
Signature Updates
Sober.P Virus Detection TimeMay 2, 2005 (GMT)
No. Updates/Day
Kaspersky 18.5
Dr. Web 10.7
Sophos 2.7
BitDefender 1.7
ClamAV 1.5
AntiVir 1.4
F-Secure 1.4
Panda 1.3
Ikarus 1.1
Symantec 1.1
Trend Micro 1.0
AV-Test.org May 2005
AV-Test.org Feb. 2005
January 2005 Updates
Time of Day
Hour : Minute
Note: the chart (left) represents a single virus outbreak only. It does not represent average response times for the listed antivirus labs.
Antigen Engines
Example: Unique Viruses Caught per Antigen Engine
Viruses Caught Only By (excluding body of message viruses)
2/28 3/1 3/2 3/3 3/4 3/5 3/6 3/7 3/8 3/9 3/10 3/11 3/12 3/13
Engine A 1 1 1 0 0 0 1 1 0 0 0 0 0 0
Engine B 3 1 1 2 1 2 5 3 0 1 2 1 1 0
Engine C 0 1 1 0 0 0 0 1 2 1 1 0 0 2
Engine D 3 2 2 3 0 1 1 0 4 0 0 0 0 0
Engine E 1 2 2 0 0 0 1 0 0 1 0 0 0 0
Unique Viruses caught over 14 days
Engine A: 5 Engine B: 23 Engine C: 9 Engine D: 16 Engine E: 7
Example: Viruses Not Caught per Antigen Engine
Viruses Not Caught By (excluding body of message viruses)
2/28 3/1 3/2 3/3 3/4 3/5 3/6 3/7 3/8 3/9 3/10 3/11 3/12 3/13
Engine A 19 21 23 25 14 19 22 17 17 15 17 10 9 10
Engine B 18 16 17 15 8 11 14 16 20 15 15 9 10 13
Engine C 9 11 13 9 2 5 9 6 8 2 4 1 3 4
Engine D 8 9 14 12 9 13 15 14 10 11 14 8 11 11
Engine E 13 11 11 13 8 10 14 13 13 10 13 10 8 9
Viruses missed over 14 days Engine A: 238 Engine B: 197 Engine C: 86 Engine D: 159 Engine E: 156
Forefront is positioned in the “Leaders” quadrant of the 2006 E-Mail Security Boundary
Source: Gartner, Magic Quadrant for E-Mail Security Boundary, 2006
Antigen Enterprise Manager Collect information from all of the
managed servers and generate reports for both incoming and outgoing emails.
The main Report categories are: 1. Detection Reports 2. SMTP Traffic Reports 3. Engine Versions
Sample reports; http://www.microsoft.com/technet/
antigen/2006/aem/ch7.mspx Antigen provides a variety of reports
designed to help administrators analyze the state and performance statistics;
Incident Log VirusLog.txt Antigen Incidents Event Statistics Quarantine
More info at https://www.microsoft.com/technet/
antigen/2006/antigenforexchange/ch16.mspx
Central Management
SMTP Servers
Exchange Servers
Software Deployment Configuration Template
Deployment Distributed Quarantine
Management Distributed Log File
Retrieval
What’s New In ISA Server 2006What’s New In ISA Server 2006
Secure application publishing
Integrated security
Enhanced multi-factor authentication AD/LDAP integration Customizable forms-based pre-authN Enhanced authentication delegation Improved session management
Efficient management
Web publishing load balancing Automated tools for Exchange, SharePoint,
other web servers Better certificate administration
Fast, secure access
More single sign-on choices Automatic link translation
Secure Publishing
By the numbers
> 35% Unauthorized access to computer resources1:1 Ratio of external to internal attacks
CSI/FBI 2005 reportCSI/FBI 2005 report
More wizards
Web-based items OWA SharePoint Web servers Rules and network objects
Other items SMTP email Exchange RPC Custom rule
Wizards create network elements and configure link translation as necessary
Web listener wizard
Authentication Certificate handling HTTP compression
Authentication attributes
User IDUser ID GroupGroupmembershimembershi
pp
ProtocolProtocolusageusage
ScheduleSchedule
Authentication: client to ISA
HTML form RADIUS OTP SecurID
HTTP basic Client-side SSL
Combine with or fallback to another method
None Third-party addons
Authentication: ISA to validator
Active Directory Kerberos LDAP
RADIUS RADIUS OTP SecurID
Delegation process
URLURL
access-acceptaccess-acceptgroup attribsgroup attribs
URL +URL +basic credsbasic creds
Win
Logon
Win
Logon
datadata
datadata
ADAD
IISIIS
ISA ServerISA Server
401401OWA formOWA form
URL + basic credsURL + basic credsform variablesform variables
RA
DIU
SR
AD
IUS
access-requestaccess-request
WinLogonWinLogon
tokentoken
toke
nto
ken
browserbrowser
cookiecookie
Single sign-on
Occurs automatically between all applications published on a single listener
Think of a listener as a container of authentication settings shared by all published sites in that listener
Single sign-on flow
engeng
devdev
mktmktgg
supsup
example.coexample.comm
www.domain.cowww.domain.comm
dev.example.cdev.example.comom
Papers, Papers, pleasepleaseID+pasID+pas
sssup.example.csup.example.c
omomSeen Seen youyou
eng.example.ceng.example.comom
Papers, Papers, pleaseplease
www.domain.cwww.domain.comom
Even if listeners share Even if listeners share same authentication same authentication profile and SSO is profile and SSO is enabledenabled
Form formats
Username and password Username and passcode Combine (enter both)
ID+passcode: for SecurID or RADIUS OTP Validated by ISA Server
ID+password: for delegation Validated by back-end
Predefined form sets (logos, mostly) Generic ISA Server Exchange
Generic form
Next Steps
Read whitepapers on Antigen and Advanced Spam Manager http://www.microsoft.com/antigen Paste link for launch PressPass article
Download evaluation copy of Antigen e-mail security products http://www.microsoft.com/antigen
Read about Microsoft Secure Messaging solutions http://www.microsoft.com/securemessaging
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the
date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
