Presentation is loading. Please wait.

Presentation is loading. Please wait.

Claus Petersen Sr. PTS Forefront Server Products.

Published byDenis William Shields Modified over 8 years ago

Similar presentations

Presentation on theme: "Claus Petersen Sr. PTS Forefront Server Products."— Presentation transcript:

1 Claus Petersen Sr. PTS cpeters@microsoft.com Forefront Server Products

2 Agenda Overview of Forefront Server Exchange Scanning E-mail Transport Scanning How Mail Store Scanning Works Mail Store Scanning Options File filtering Forefront Server Security Management Console (FSSMC) Forefront Security for SharePoint

3 Specifications Three Win2003 R2 VMs + Exchange 2007 + Forefront for Exchange + Outlook 2003 + SharePoint Services 3.0 + Forefront for SharePoint + Forefront Management Console (beta) Memory: 2 GB required Demo environment

4 Microsoft Confidential Market Recognition Leader in Gartner E-mail Security Boundary Magic Quadrant

5 Forefront Security for Exchange Server includes multiple scan engines from industry-leading security firms, integrated in a single solution to help businesses protect their Exchange messaging environments from viruses, worms, and spam. Comprehensive Protection Protection OptimizedPerformance Simplified Management Ships with & manages multiple antivirus engines Multi-layered protection in Exchange 2007 File filtering and premium anti-spam protection Deep integration with Exchange Server Scanning innovations & performance controls Maintains uptime and optimizes performance Easily manage configuration and operation Automated signature updates Reporting, notifications and alerts

6 History Sybari Antigen 8.0 for Exchange For Exchange 5.5 and Exchange 2003 Microsoft Antigen 9.0 for Exchange For Exchange 2003 Forefront Security 10.0 for Exchange For Exchange 2007 Forefront Security for Exchange

7 Forefront Security for Exchange Server integrates and ships with industry-leading antivirus scan engines from: Each scan job in Forefront Security for Exchange Server can run up to five engines simultaneously Internal Messaging Servers A B C E D Multiple Scan Engines

8 Engines from eight different vendors All delivered and licensed by Microsoft You can select a maximum of 5 (out of 8) engines Customer benefits Rapid response to new threats Greater protection through diversity of anti-virus engines Continuous protection Ahn Labs Authentium Command CA Kaspersky Microsoft Norman Sophos Virus Buster Multiple Scan Engines

9 The Multiple Engine Advantage Rapid response to new threats Fail-safe protection through redundancy Diversity of anti-virus engines and heuristics Response Time (in hours) Microsoft Multi-engine Solution Other Single Engine Solutions Forefront Set 1 Forefront Set 2 Forefront Set 3 Vendor A*Vendor B*Vendor C* 1006_areses_itw30.ex_ 0.00**0.00 1006_areses_itw36.ex_0.00 1598.780.00 1006_areses_itw37.ex_0.00 52.30175.45 1006_areses_itw41.ex_0.00 13.15194.35 1006_mytob_itw590.ex_0.00 1332.170.00 1006_rontokbro_itw36.ex_0.00 613.40 1006_sdbot_itw1809.ex_0.00 9.97166.07270.39 1006_sdbot_itw1831.ex_65.9552.2341.7859.431.0046.38 1006_sdbot_itw1847.ex_56.54 204.79416.2729.9285.32 1006_stration_itw101.ex_0.00 93.8823.4696.85 1006_stration_itw102.ex_0.00 26.0028.0530.83 1006_stration_itw42.ex_0.92 3.723.127.05 1006_stration_itw43.ex_2.00 4.804.208.13 1006_stration_itw44.ex_0.00 5.602.007.58 1006_stration_itw45.ex_0.00 3.552.007.58 1006_stration_itw46.ex_0.00 2.752.206.78 1006_stration_itw47.ex_0.00 3.723.127.05 1006_stration_itw60.ex_0.00 4.646.32 1106_rbot_itw2090.ex_0.00 1739.100.00298.64 1106_sdbot_itw1814.ex_0.00 1.000.00 1106_sdbot_itw1866.ex_0.00 26.801.0035.27 1106_sdbot_itw1867.ex_0.00 14.0012.8423.14 1106_sdbot_itw1876.ex_0.00 468.60306.82430.80 1106_stration_itw124.ex_0.00 0.380.661.888.80 1206_bagle_itw137.ex_0.00 4.010.0013.83 1206_bagle_itw141.ex_0.00 17.150.0013.83 1206_puce_itw1.ex_0.00 1.00 1206_rbot_itw2038.ex_0.00 1026.270.00 1206_sdbot_itw1889.ex_0.00 128.28255.2063.96 AVTest.org, 2007 = less than 5 hours = 5 to 24 hours = more than 24 hours * Includes beta signatures **0.00 denotes proactive detection

10 Multiple Scan Engines Bias setting Available: 8 engines Select: max 5 engines (from 8) Bias setting: how many used on single email (1..5) Max Certainty:uses all selected engines (100%) - 5 Favor Certainty:uses all available engines - 5 or 4 Neutral:uses at least 50% of selected engines - 3 Favor Performance:uses up to 50% of selected engines - 3, 2 or 1 Max Performance: uses one engine for every scan - 1 A B

11 Scan Engines Multiple Scan Engine Performance 3Sharp conducted analysis on the incremental impact of additional scan engines on performance Findings: The additional protection offered by multiple engines greatly offsets the minimal impact to server performance

12 Scan Egine Updates Forefront for Exchange polls for updates Available at: http://forefrontdl.microsoft.com Share at another Forefront Server Share at Forefront Management Console (FSSMC) But NOT available at: Antivirus vendor Web site (Norman, Sophos, etc)

13 Scan Mechanisms Scan for viruses - using scan engines Signature based File filtering - block specific attachments File name or content based Scan inside "containers" (zip, rar, doc, etc) Max 5 levels deep Re-creates rest of container-file, if virus detected

14 Enterprise network SMTP Servers Mailbox RoutingHygieneRoutingPolicy Voice Messaging Client Access Public Folders Fax Applications: OWA Protocols: ActiveSync, POP, IMAP, RPC / HTTP … Unified Messaging Edge Transport Hub Transport INTERNET Exchange 2007 Roles

15 Transport scanning Try to minimize effect on Message Store Do not scan if scanned already - AV-stamp Inbound:at Edge role (not at Mailbox role) Outbound:at Hub role (not at Mailbox role) Internal:at Hub role (not at Mailbox role) AV-stamp Antivirus header stamp is written to each email as it is first scanned (at Edge or Hub role) X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0 Checked by later scanning operations (at Hub or Store role) If found - mail is not re-scanned When mail is saved in the Store, antivirus stamp properties are saved as a MAPI property The header is stripped from the email Scanning at Transport

16 A Quick Look At Transport Scanning How It Works Inbound mail Scanned at the Edge or Hub role (whichever comes first) Outbound mail Scanned at the first Hub role Internal Mail Scanned at the first Hub role (not in the Store) Mail in Sent Items is not scanned Public Folder postings Not scanned on submission

17 Edge Server INTERNET Hub Role Mailbox Role Public Folder Client SCAN + AV-STAMP NO SCAN Mail scanned only once at the Edge Saves processing load on Hub and Mailbox servers Scanning - Inbound Mail

18 Edge Server INTERNET Hub Role Mailbox Role Public Folder Client SCAN + AV-STAMP NO SCAN On-submission scanning at the Mailbox server (store) is turned off by default Scan takes place at the Hub role Saves processing load on Edge and Mailbox servers Scanning - Outbound Mail

19 Edge Server INTERNET Hub Role Mailbox Role Public Folder Client SCAN + AV-STAMP NO SCAN Internal mail is routed through Hub role Saves processing load on Mailbox servers Scanning - Internal Mail

20 Store scanning Proactive scanning - off by default Scan on message submission to the store On-access scanning - on by default Scan when a message is accessed or viewed But do not scan if scanned before (looks at AV-stamp) Useful for: Outbox, Sent-Items, Public Folders Background Scan - off by default Runs once a day Scan only message less than x days old (ignores AV-stamp) Manual Scan - off by default Runs on a set schedule or on demand (ignores AV-stamp) Quick Scan - off by default Easy way to run one-time manual scan (ignores AV-stamp) Scanning at Store

21 Automatic Scanning Behavior Changes Scanning behavior changes in Exchange 2007 User ActionProactive Scanning on (Exchange 2000/2003 default) Proactive Scanning off (Exchange 2007 default) 1. User attaches an infected file to an email and sends email. Virus is detected in the Outbox by the Realtime Scan Job and deleted. Virus is detected in the Outbound mail queue by the Transport Scan Job and deleted. 2. User checks Sent Items folder. Virus is already deleted, detected in the Outbox by the Realtime Scan Job. Mail is scanned by On Access scanning (Realtime Scan Job) and virus deleted. Each scan job has separate settings, so scan behavior may vary in Exchange 2007

22 "Outbreakmode" Warning: do not use, except with major outbreak Scan on Scanner Update setting Invalidates AV-stamp after each engine update Result: Enables proactive (submission) scanning Scans each incoming message at store, even if just scanned on transport Scans each mail on access, if engine has been updated Conclusion: Significant increase in amount of store scanning, but always scanned with latest engines

23 File Filtering Block file attachments, based on name (or content) Extension - file name or file content *.exe, *.vbs, etc Inbound/outbound/size *.exe, *.doc *.mp3>5MB, *>10MB Can also configure for "detect only"

24 Filter Rules: Delete *.exe Quarantine File Filtering – Zip File Behavior Forefront scans within ZIP and other compressed formats, deletes only the offending file and then repackages the ZIP Container file before scan EXEDOC JPGBMP Container file after scan TXTDOC JPGBMP Custom deletion text Quarantine EXE

25 Premium Anti-spam Protection Forefront Security for Exchange Server licenses and activates the premium anti-spam features for Exchange 2007 Deployed on Exchange Edge or Hub server role Edge server can be deployed in front of Exchange 2003 mailboxes Built upon base anti-spam in Exchange 2007, premium anti-spam protection adds: Microsoft IP reputation filter service and automated updates Automated updates every 15 minutes for Microsoft Smartscreen spam heuristics, phishing Web sites and Intelligent Message Filter (IMF) Targeted spam signature data and automatic updates to identify latest spam campaigns Rights to use Exchange Hosted Services Filtering

26 Forefront for Exchange DEMO

27 Forefront Server Security Management Console

28 Centralizes management through the Web-based console Automates signature updates for multiple antivirus engines Generates comprehensive reports Microsoft® Forefront™ Server Security Management Console allows administrators to easily manage Forefront Security for Exchange Server, Forefront Security for SharePoint® and Microsoft Antigen installed on multiple servers across the enterprise. Provides outbreak response Rapidly distributes signature and scan engine updates Optimized Performance Comprehensive Protection Integration with Microsoft SQL Server™ 2005 and Windows Server® 2003 Redundancy maintains server availability Support for Exchange 2007 CCR clusters Simplified Management

29 FSSMC Forefront Server Security Management Console (FSSMC) provides: - management - reporting - alerting/events for the Forefront Server products This includes Antigen Server products, but not Forefront Client Security Successor to Antigen Enterprise Manager (AEM) Released: October 2007 Future: "Stirling" management console covers: Forefront Client Forefront Server Forefront Edge

30 Forefront Server Security Management Console Features Central management console Deploys and configures Forefront/Antigen Security for Exchange and SharePoint environments Automates signature updates across the enterprise Scans for and pulls updates for multiple antivirus engines Distributes updates to all Forefront/Antigen servers

31 Exchange 2007 Edge Server Exchange 2007 Hub Server Exchange 2000 or 2003 Routing Server Exchange 2007 Mailbox Server Exchange 2000 or 2003 Mailbox Server Microsoft Office SharePoint Server 2007 or Windows SharePoint Services 3.0 Forefront Server Security Management Console DMZ servers not supported Supported Topology

32 Minimum System Requirements Operating System Microsoft Windows Server 2003 SP2 (x86) Recommended: Install the latest security patches from Windows Update Memory128 Mb of available memory Hard Disk 65 MB of available disk space on a NTFS formatted drive for Forefront Server Security Management Console 185 MB of available disk space on a NTFS formatted drive for prerequisites listed below Prerequisites Internet Information Services (IIS) 6.0 or higher with ASP.NET 2.0 enabled Microsoft SQL Server 2000 Standard Edition (SP3a recommended), Microsoft SQL Server 2005 Standard Edition or SQL Server 2005 Express Edition* The following prerequisites are included in the trial download and installed automatically if they are not already present:.NET Runtime v2.0 Microsoft Message Queuing (MSMQ)and MSMQ Triggers Microsoft Core XML Services (MSXML) 6.0 SP1 * Forefront Server Security Management Console supports SQL Server 2005 Express Edition, which is installed when selecting the “Express Install” option.

33 Feature Overview Management Create Users Add Servers Server Groups Package Creation Jobs: Installation Template distribution Signature Distribution General Options Settings Manual Scan Job Reporting At a Glance Screen Quarantine Management Log Retrieval Performance Reports Engine Version reports Alerts/Events Alert Management Event Logs Alert Logs Notification Logs

34 Add a Server First step is to identify and add the Forefront or Antigen server Can be added directly or use the Browse feature Once added, the FSSMC Agent software must be installed on the target server by a job that will push and install the Agent Target server credentials are entered through the FSSMC console Installation progress and status shown on screen

35 Jobs Overview Jobs are management tasks that are run on demand or based on a schedule Deployment jobs Software, license files, templates Signature redistribution jobs Schedule reports General options Manual Scan Job Log retrieval

36 Job – Signature Distribution A primary task for the FSSMC The FSSMC server serves as the central download agent for all scan engines and updates They are then distributed proactively to the Forefront and Antigen servers Engine updates are delivered to all servers. You cannot choose among them. Select the Update Schedule and choose the engines to download

37 Job – Signature Distribution Set the time intervals and download path. Choose the scan engines for Forefront and Antigen.

38 Engine Partner Updates www.microsoft.com Internet Forefront Engine Adaptor Internet Automated Signature Updating

39 Internet PrimaryBackup 1 2 3 4 5 Forefront Servers 6 Redundancy Signature Distribution The Backup server connects to Internet and retrieves the Forefront (FF) engine manifest file The Primary Server connects to the Internet and retrieves signature updates Primary notifies all FF clients that updates are available The Backup Server connects to Primary and compares file manifest to files available on Primary If files are newer, Backup copies them If Primary is out of date, Backup downloads from the Internet Backup notifies client machines that it also has signature updates Clients will pull signatures from Backup if they are more up to date

40 Auto-discovery of Exchange Servers A nightly scan of Active Directory searches for Exchange servers Compares discovered servers with known servers in the Forefront Server Security Management Console All previously undiscovered Exchange servers are highlighted on the screen and available via a daily report Forefront/Antigen can then be deployed to these servers

41 At a Glance screen highlights newly discovered servers. Auto-discovery of Exchange Servers (cont.)

42 Reporting – At a Glance A system status screen showing key data points from the past 24 hours Virus statistics Skipped, cleaned, detected, blocked, etc. Spam statistics Skipped, purged, identified, etc. Antigen 9 only Filter Statistics File filters, keyword filters, subject line filters Top 5 Viruses Most Active Servers

43 Reporting – Out-of-date engine and signature version report Problem: Security Admins want to be kept up to date of whether their systems are up-to-date. Out-of-date signatures and engines should be identified. Solution: FSSMC makes it possible to view the signature and engine version on each managed server. It does not matter whether the server is updated by FSSMC or not.

44 Alert Management Example: An alert can be sent when no virus activity is seen for a specified period of time A lack of virus detections can indicate a scanning failure Possible scan job crash Possibly misconfigured server

45 Reporting – Out-of-date engine and signature version report Turns RED when there is no internet connection

46 Real-time threat prevention features Multi-layer anti-spam and anti-virus Customized content and policy enforcement Uninterrupted e-mail accessibility Rapid recovery from unplanned disasters and network outages Thirty-day rolling historical e-mail store Full e-mail encryption No public and private key management Gateway, policy-based e-mail encryption E-mail retention for help with compliance and e-discovery Customized report generation for help demonstrating compliance Fully indexed, searchable archive Exchange Hosted Services

47 Global Network

48 Hosted antivirus & antispam Internet

49 Hosted antivirus & antispam

50 Exchange Hosted Filtering DEMO

51 Flexible licensing with multiple choices Standalone offerings to meet specific needs Suites provide enhanced value and effectively meet broader security needs in one simple purchase. Products available on Open, Select & EA Standalone Offerings Enterprise CAL Suite Exchange Enterprise CAL Forefront Security Suite Forefront Client Security  Forefront for Exchange Server  Forefront for SharePoint  Antigen for IM  Exchange Hosted Filtering  Other Server CALs 

52 Q&A

53 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Claus Petersen Sr. PTS Forefront Server Products."

Similar presentations

1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel

Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel
Services Course Windows Live SkyDrive Participant Guide.

Services Course Windows Live SkyDrive Participant Guide.
Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.

Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Forefront Server Products Ronald Beekelaar Beekelaar Consultancy

Forefront Server Products Ronald Beekelaar Beekelaar Consultancy
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.

Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Optimize for Software + Services E-mail ArchivingE-mail Archiving Protect CommunicationsProtect Communications Advanced SecurityAdvanced Security Manage.

Optimize for Software + Services Archiving Archiving Protect CommunicationsProtect Communications Advanced SecurityAdvanced Security Manage.
Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.

Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
02 | Install and Configure Team Foundation Server Anthony Borton | ALM Consultant, Enhance ALM Steven Borg | Co-founder & Strategist, Northwest Cadence.

02 | Install and Configure Team Foundation Server Anthony Borton | ALM Consultant, Enhance ALM Steven Borg | Co-founder & Strategist, Northwest Cadence.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Similar presentations

Ads by Google