Microsoft Security Microsoft Ireland Michael RIVA, MCSE: Security, MCT Partner Technical Specialist V2.1 – Sep 2007

Overview Microsoft Forefront Edge Security and Access Why should we be more secure? What is Microsoft Forefront Security Suite ? → Overview Forefront for client → Overview Forefront for server → Forefront for Exchange and SharePoint server 2007 Forefront for Edge → IAG Server (Intelligent Application Gateway Server) Exchange Hosted Services

Why should we be more secure ?

Cybercrime is a real threat. Hackers are interested in gathering information (Credit card details, individual details...) => Fraudulous use of credit cards and or personal individual details for identity theft... Cyber crime affects individuals, customers, insurance companies, companies image and long term existence. Hackers are not kids anymore. Hackers are a lot smarter than you think. They are organised crime organisations, they have an in depth knowledge in programming, Windows, Unix, Linux, Network and they will use any opened door to gain access. Social engineering is an easy way to gather information as many employees will give out information if they find their interlocutor pleasant and nice. We can never win against the threat, this is a perpetual fight. Over 60% of the people who were asked to provide their company login’s password gave it out to a guy who just asked them gently ! (INFOSEC 2007)

Consequences for affected companies : Loss of productivity, loss of data, termination or resignation of employees, increased insurance cost, long-term loss of business, loss of significant business/profit Companies are not securing their data as they should be... 75% of security investment focused here Network Attacks Application Attacks 75% of attacks focused here

54,8744,7183, In the last 6 months of 2006: Mobiles PDAs Laptops Were left in taxis, in London alone… Memory Sticks Source: Pointsec

English Revenue and Customs admits theft of 13,000 civil servants personal information. Tax Credit system had to be shut down to halt the fraud. £15m was stolen. – Dec 05 A printing firm contracted by Marks & Spencers in the UK has had a laptop stolen putting 26,000 employees at risk for identity theft – May Employee of Nationwide Building Society has their laptop stolen from home containing account information for 11m customers. – Aug 06 (Fined £1m for this…) Although the scientist downloaded about 15 times more data than the second most active user, no alarm bells rang until after he submitted his resignation from DuPont, the company behind Kevlar, Teflon, and hundreds of other brands and trademarks. Although the scientist downloaded about 15 times more data than the second most active user, no alarm bells rang until after he submitted his resignation from DuPont, the company behind Kevlar, Teflon, and hundreds of other brands and trademarks. The value of the stolen information is set at 400 million USD – Feb The price of stolen information

FOREFRONT SECURITY SUITE

What is Forefront Security Suite ? Forefront for client Secure Windows clients (Desktops and file servers) against spywares, viruses... Forefront for server Secure Exchange/SharePoint servers against viruses, spam, worms in order to deliver clean s and documents. Forefront for edge Inter network communications protection to insure security of information and application between clients and servers.

Forefront for clients Integrated antivirus and antispyware engine, delivering real-time protection from and scheduled scanning for viruses, spyware, and other threats. Central management system, generating reports and alerts on the security status of their environment. State assessment or scans for determining which managed computers need patches or are configured insecurely.

Forefront for Exchange Anti Spam, Anti Virus and Anti Worm protection for Exchange server. Can run 5 different anti virus engines at the same time reducing the risk because we do not depend on one vendor only. Filter the Spam with rules (Keywords or combination) and automated antivirus signature updates.

Internet A B C D E Exchange Server/ Windows-based SMTP Server Distributed protection Performance tuning Content filtering Central management

Forefront engines VirusBusterSophosNorman Microsoft Anti Malware Kaspersky CA VET CA Inoculate Authentium Command AhnLab All engines are independent from each other. Updates are made available from Microsoft website, 15 mn after they have been sent from the partners.

Forefront for Sharepoint Scan uploaded and downloaded documents before they are saved against worms, malicious code, viruses.

IAG SERVER

IAG Server Intelligent Application Gateway Server SSL-based application access with endpoint security management.

IAG Server Intelligent Application Gateway Server Browser based access. Block malicious traffic and attacks (No network traffic) Drive policy compliance (Limit exposure and liability, better ROI)

IAG Server Intelligent Application Gateway Server Remote machine profiling Determine the health status of the remote machine and dynamically give access accordingly. Cache wiper Clear browser cache, disk cache and overwrite 7 times the clusters where the file was initially downloaded. It is impossible to recover a file after this process. Authentification vendors Works with 60 different vendors such as Radius, RSA SecureID... Network integration SharePoint 2003/2007, OWA, Dynamics, ActiveSync, Terminal-Services, Citrix, SAP, Lotus Domino, WebSphere and many more… Network isolation No network connectivity between the remote user and the remote server/service. The remote client does have an IP address (Unless this is required by IP Phone or any other application/device that requires an IP address)

Overview Intelligent Application Gateway External Firewall Port 443 LDAP Oracle Exchange Server SharePoint Server Partners IBM / Lotus SAP Web Active Directory SSL VPN connectivity and endpoint security verification

Exchange Hosted Services

TraditionalHosted SMTP store Virus (<1%) Spam (70%) Legitimate(30%) SMTP store Virus (<1%) Spam (70%) Legitimate(30%)

Why outsource AV & AntiSpam? Manage cost and complexity Secure, protect and comply Inbox value and access No HW/SW to install and manage Outsource routine IT management Predictable subscription based service Scalable at no additional cost Eliminate threats before they reach the network Policy-compliant infrastructure Service-based archiving for rapid deployment Eliminate spam and viruses from the stream to boost productivity Reliable availability and continuity systems Recover from unplanned outages or disasters

End-user access

Easy recovery

Infrastructure SLAs % network uptime < 2 minute delivery Accuracy SLAs 100% virus detection and blocking 95% spam effectiveness 1:250,000 false positive ratio Service Level Agreement

Any questions ? Please do not hesitate to contact me