Microsoft Forefront Server Security
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Microsoft Forefront Server Security as PDF for free.
More details
- Words: 841
- Pages: 16
Microsoft Forefront Server Security Tony Clarke Technical Specialist - Security Microsoft UK
The Interconnected World
Communication Collaboration Business productivity gains
Worms and Viruses Evolving threats to Collaboration Spam
Security Issues Today Messaging and collaboration systems are easy targets for malicious code and distribution of undesirable content: Viruses Worms Bot-nets Trojans Spam Phishing Profanity / offensive content
E-mail Antivirus Approaches Internet
Single Vendor Solution Multi-vendor Solution
Viruses Worms Spam
• Same scan • Different heuristics scanengine, engines, heuristics technologyand andsignature signature files fileson on technologies
AV AV ISA Servers
Windows SMTP Servers
AV AV
AV AV Exchange
AV AV
AVAV
Exchange
Exchange
AV AV AV AV
AV AV
all server and client platforms server and client platforms • Dependent • High onand one AV lab acquisition for scan engine maintenance cost updates • Added during virus or worm filtering complexity • Added outbreaks signature update • Queuing and delay during complexity • Risk engine updates mission of failure and on queuing still critical (i.e. exists on servers mission-critical Exchange) servers
Problem:
Single Point of Failure Management/Cost
Defense-in-Depth for Exchange Server
Internet
EHS
ISA Server
Exchange
Mail flow EHS Service • Eliminate spam and viruses before they reach your network
ISA Server 2004/6 • Securely enable remote access to Exchange email
Rapid identification and quickest response to latest threats
• Enhance server protection with preauthentication of users
Unparalleled reliability and scalability
Improve security of OWA sessions from unmanaged clients
Antigen On-Premise Software • Protect against internal threats Enforce content policies in e-mail Provide additional layer of defense against the latest viruses, worms and spam
The Ideal Solution Use a single vendor solution that integrates antivirus engines from top worldwide virus labs and provides all updates from a single source Manages multiple antivirus scan engines on all mission critical messaging and collaboration servers
AV
AV
AV AV AV
Exchange Server/ Windows SMTP Server
AV
Central Mgt
Includes anti-spam, policy and content filtering for complete protection and hygiene Anti-spam Antivirus Policy Mgt
E-mail and Collaboration Server Security Live Communications Server
ISA Server
SharePoint
Collaboration SMTP Server
Exchange Server
Internet
Users Viruses Worms Spam
Edge
Antigen Enterprise Manager
E-mail Microsoft Operations Manager w/ Antigen Management Pack
Management
Viruses Worms Inapp. Content
Layered Defenses Protection at multiple points in the network Edge: Antigen for SMTP, Advanced Spam Manager E-Mail server: Antigen for Exchange, Advanced Spam Manager Microsoft SharePoint® Portal Server (SPS): Antigen for SharePoint Live Communication Server: Antigen for Instant Messaging
Multiple engine management Up to eight engines available Advanced Spam Manager integration with Microsoft® Intelligent Message Filter
Content and Document filtering Block mail according to file type Scan file names, text within documents, and e-mail subject and body for administrator-defined keywords
Antigen for Exchange Scans all messages routed through SMTP transport stack and Exchange Message Transfer Agent Connectors Real-time, on-demand, on-access, and manual (scheduled) scanning of Information Store for back-end Exchange servers Microsoft-approved virus scanning application programming interface integration for Exchange 2000 and 2003 Full protection of Outlook® Web Access
Internet
ISA Server
Exchange Site 1
Antigen
Exchange Front End
Exchange Site 2 Antigen
Antigen
Exchange Public Folder Server
Exchange Mailbox Server
Antigen for SMTP Gateways Protects SMTP traffic thru ISA and Windows SMTP servers Scans SMTP stack to disable threats within a message during the routing process Message body scanning enabled by default to detect embedded viruses (eg. HTML viruses in MIME format) Integrates scanning techniques (keyword filtering, antispam, and others) during routing process Proactively notifies administrators of virus incidents and scan events by e-mail or event log
Firewall
ISA or SMTP
Antige Gateway n
Server/Routing Server Exchange Servers
Users
ASM & IMF Together On the same server, IMF scans before ASM Each applies an SCL rating – the higher the rating always wins (i.e. has more confidence) Mail that is rejected , deleted or archived by IFM will NOT make it to ASM Example: IMF archived SCL 7,8 & 9 IMF Scan
ASM Scan
ASM Spam set to 9 IMF SCL of 0-6
Mail Store
If SCL is 7,8,9 Archive Folder
Pickup Folder If Admin moves
Junk EMail
Inbox
Antigen Enterprise Manager Configuration and Upgrade Deployment Centralized Scan Engine Updates Management Reporting and Alerts
MOM MP for Antigen Over 100 Events, Performance Counters and Services Monitored Monitors the state of Antigen and its key components Collects statistical data on scanning, detection and removal of messages and attachments 5 Antigen Services Polled - Provides timed events to poll systems for critical process health
Key Tasks: Trigger Scan Engine updates Centralized storage and deployment of License files Import, export and deploy changes for key settings Immediate and/or scheduling of Manual Scan Jobs. Start/Stop control of Antigen services
Competitive Advantages Key Points: Single Points of Failure One Engine throughout antivirus suite on all platform
Single Layer of Scanning on Exchange Server Different products for different version of Exchange poor migration support
Limited Notifications No disclaimers Limited File and Content Filtering PSS Support
Q&A
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
The Interconnected World
Communication Collaboration Business productivity gains
Worms and Viruses Evolving threats to Collaboration Spam
Security Issues Today Messaging and collaboration systems are easy targets for malicious code and distribution of undesirable content: Viruses Worms Bot-nets Trojans Spam Phishing Profanity / offensive content
E-mail Antivirus Approaches Internet
Single Vendor Solution Multi-vendor Solution
Viruses Worms Spam
• Same scan • Different heuristics scanengine, engines, heuristics technologyand andsignature signature files fileson on technologies
AV AV ISA Servers
Windows SMTP Servers
AV AV
AV AV Exchange
AV AV
AVAV
Exchange
Exchange
AV AV AV AV
AV AV
all server and client platforms server and client platforms • Dependent • High onand one AV lab acquisition for scan engine maintenance cost updates • Added during virus or worm filtering complexity • Added outbreaks signature update • Queuing and delay during complexity • Risk engine updates mission of failure and on queuing still critical (i.e. exists on servers mission-critical Exchange) servers
Problem:
Single Point of Failure Management/Cost
Defense-in-Depth for Exchange Server
Internet
EHS
ISA Server
Exchange
Mail flow EHS Service • Eliminate spam and viruses before they reach your network
ISA Server 2004/6 • Securely enable remote access to Exchange email
Rapid identification and quickest response to latest threats
• Enhance server protection with preauthentication of users
Unparalleled reliability and scalability
Improve security of OWA sessions from unmanaged clients
Antigen On-Premise Software • Protect against internal threats Enforce content policies in e-mail Provide additional layer of defense against the latest viruses, worms and spam
The Ideal Solution Use a single vendor solution that integrates antivirus engines from top worldwide virus labs and provides all updates from a single source Manages multiple antivirus scan engines on all mission critical messaging and collaboration servers
AV
AV
AV AV AV
Exchange Server/ Windows SMTP Server
AV
Central Mgt
Includes anti-spam, policy and content filtering for complete protection and hygiene Anti-spam Antivirus Policy Mgt
E-mail and Collaboration Server Security Live Communications Server
ISA Server
SharePoint
Collaboration SMTP Server
Exchange Server
Internet
Users Viruses Worms Spam
Edge
Antigen Enterprise Manager
E-mail Microsoft Operations Manager w/ Antigen Management Pack
Management
Viruses Worms Inapp. Content
Layered Defenses Protection at multiple points in the network Edge: Antigen for SMTP, Advanced Spam Manager E-Mail server: Antigen for Exchange, Advanced Spam Manager Microsoft SharePoint® Portal Server (SPS): Antigen for SharePoint Live Communication Server: Antigen for Instant Messaging
Multiple engine management Up to eight engines available Advanced Spam Manager integration with Microsoft® Intelligent Message Filter
Content and Document filtering Block mail according to file type Scan file names, text within documents, and e-mail subject and body for administrator-defined keywords
Antigen for Exchange Scans all messages routed through SMTP transport stack and Exchange Message Transfer Agent Connectors Real-time, on-demand, on-access, and manual (scheduled) scanning of Information Store for back-end Exchange servers Microsoft-approved virus scanning application programming interface integration for Exchange 2000 and 2003 Full protection of Outlook® Web Access
Internet
ISA Server
Exchange Site 1
Antigen
Exchange Front End
Exchange Site 2 Antigen
Antigen
Exchange Public Folder Server
Exchange Mailbox Server
Antigen for SMTP Gateways Protects SMTP traffic thru ISA and Windows SMTP servers Scans SMTP stack to disable threats within a message during the routing process Message body scanning enabled by default to detect embedded viruses (eg. HTML viruses in MIME format) Integrates scanning techniques (keyword filtering, antispam, and others) during routing process Proactively notifies administrators of virus incidents and scan events by e-mail or event log
Firewall
ISA or SMTP
Antige Gateway n
Server/Routing Server Exchange Servers
Users
ASM & IMF Together On the same server, IMF scans before ASM Each applies an SCL rating – the higher the rating always wins (i.e. has more confidence) Mail that is rejected , deleted or archived by IFM will NOT make it to ASM Example: IMF archived SCL 7,8 & 9 IMF Scan
ASM Scan
ASM Spam set to 9 IMF SCL of 0-6
Mail Store
If SCL is 7,8,9 Archive Folder
Pickup Folder If Admin moves
Junk EMail
Inbox
Antigen Enterprise Manager Configuration and Upgrade Deployment Centralized Scan Engine Updates Management Reporting and Alerts
MOM MP for Antigen Over 100 Events, Performance Counters and Services Monitored Monitors the state of Antigen and its key components Collects statistical data on scanning, detection and removal of messages and attachments 5 Antigen Services Polled - Provides timed events to poll systems for critical process health
Key Tasks: Trigger Scan Engine updates Centralized storage and deployment of License files Import, export and deploy changes for key settings Immediate and/or scheduling of Manual Scan Jobs. Start/Stop control of Antigen services
Competitive Advantages Key Points: Single Points of Failure One Engine throughout antivirus suite on all platform
Single Layer of Scanning on Exchange Server Different products for different version of Exchange poor migration support
Limited Notifications No disclaimers Limited File and Content Filtering PSS Support
Q&A
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Related Documents
Microsoft Forefront Server Security
November 2019 9
Introducing Microsoft Forefront Client Security
November 2019 10
Forefront Security For Exchange Server Evaluation Guide
November 2019 10
Edge Security With Forefront
November 2019 12
