Introduction to Microsoft Forefront Ken Lam Regional Solution Specialist - Security Solution, Incubation Server Team Microsoft Corporation - Greater China Region
Microsoft’s Comprehensive Security Products Services Edge Server Client Identity Management
Managed Services On-Premise Software Multi-Layer E-Mail Security Managed Services On-Premise Software Internet DMZ Corporate Network ISA Server Internet External Firewall Internal Firewall FrontBridge Email Filtering Services Antigen for SMTP Gateways Advanced Spam Manager Antigen for Exchange Network Edge Antivirus and Anti-Spam Services or on-premise software protect against spam and viruses before they penetrate the network Firewall Protection Protocol- and application-layer inspection to help businesses enhance server protection while enabling secure, remote access to Exchange Internal Antivirus Protection against external and internal threats, while enforcing content policies in e-mail TDM slide BETTER TOGETHER WITH EXCHANGE Software and services use multiple scanning engines to protect Exchange inboxes from threats
Multi-Layer E-Mail Security Tactical Guideline: Enterprises need to be more aggressive at dropping or slowing connections. You do not need to process and quarantine all spam. External Protection Internal Protection ISA Server Internet FrontBridge Managed Services ISA Server Antigen On-Premise Software Eliminate spam and viruses before they reach your network with multiple scanning engines Rapid identification and quickest response to latest threats Unparalleled reliability and scalability Securely and easily enable remote access to Exchange e-mail Enhance server protection with pre-authentication of users Improve security of OWA sessions from unmanaged clients Protect against internal threats with multiple scanning engines Enforce content policies in e-mail Provide additional layer of defense against the latest viruses, worms and spam BDM Slide Better Together with Exchange
Live Communications Server Forefront Solutions IM and Documents Live Communications Server Viruses Worms Spam SharePoint Server E-mail ISA Server Windows SMTP Server Exchange Servers Layered Defenses Server Optimization Content Control Protect Exchange 5.5, 2000, and 2003 from viruses and provide content filtering Reduce spam on ISA Server, Exchange and Windows SMTP servers with Antigen’s Advanced Spam Manager option Protect Live Communications Server 2005 with antivirus and content scanning Protect SharePoint document libraries from viruses and unwanted content Stop viruses at the network edge on ISA server and SMTP Gateways
Forefront multiple scan engine Integration with Exchange Server 2007 Quarantine Scan Engine 1 Scan Engine 4 Scan Engine 2 Scan Engine 3 Manage up to 8 scan engines Eliminate single point of failure Minimize window of exposure during outbreaks
Antigen Anti-virus Engines 4/22/2017 9:05 AM Antigen Anti-virus Engines 9 Scan engines all included in 1 license Microsoft Antivirus Sophos CA VET CA InoculateIT Norman Kaspersky Lab AhnLab Authentium VirusBuster New! ©2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. 7
Signature Updates Antigen Engines Sober.P Virus Detection Time May 2, 2005 (GMT) January 2005 Updates No. Updates/Day Kaspersky 18.5 Dr. Web 10.7 Sophos 2.7 BitDefender 1.7 ClamAV 1.5 AntiVir 1.4 F-Secure Panda 1.3 Ikarus 1.1 Symantec Trend Micro 1.0 Time of Day Hour : Minute Antigen Engines AV-Test.org Feb. 2005 Note: the chart (left) represents a single virus outbreak only. It does not represent average response times for the listed antivirus labs. AV-Test.org May 2005
Example: Unique Viruses Caught per Antigen Engine Viruses Caught Only By (excluding body of message viruses) 2/28 3/1 3/2 3/3 3/4 3/5 3/6 3/7 3/8 3/9 3/10 3/11 3/12 3/13 Engine A 1 Engine B 3 2 5 Engine C Engine D 4 Engine E Unique Viruses caught over 14 days Engine A: 5 Engine B: 23 Engine C: 9 Engine D: 16 Engine E: 7 9
Example: Viruses Not Caught per Antigen Engine Viruses Not Caught By (excluding body of message viruses) 2/28 3/1 3/2 3/3 3/4 3/5 3/6 3/7 3/8 3/9 3/10 3/11 3/12 3/13 Engine A 19 21 23 25 14 22 17 15 10 9 Engine B 18 16 8 11 20 13 Engine C 2 5 6 4 1 3 Engine D 12 Engine E Viruses missed over 14 days Engine A: 238 Engine B: 197 Engine C: 86 Engine D: 159 Engine E: 156 10
Forefront is positioned in the “Leaders” quadrant of the 2006 E-Mail Security Boundary Source: Gartner, Magic Quadrant for E-Mail Security Boundary, 2006
Antigen Enterprise Manager Collect information from all of the managed servers and generate reports for both incoming and outgoing emails. The main Report categories are: 1. Detection Reports 2. SMTP Traffic Reports 3. Engine Versions Sample reports; http://www.microsoft.com/technet/antigen/2006/aem/ch7.mspx Antigen provides a variety of reports designed to help administrators analyze the state and performance statistics; Incident Log VirusLog.txt Antigen Incidents Event Statistics Quarantine More info at https://www.microsoft.com/technet/antigen/2006/antigenforexchange/ch16.mspx
Central Management Software Deployment Configuration Template Deployment Distributed Quarantine Management Distributed Log File Retrieval SMTP Servers Exchange Servers
What’s New In ISA Server 2006
Secure application publishing Integrated security Enhanced multi-factor authentication AD/LDAP integration Customizable forms-based pre-authN Enhanced authentication delegation Improved session management Efficient management Web publishing load balancing Automated tools for Exchange, SharePoint, other web servers Better certificate administration Fast, secure access More single sign-on choices Automatic link translation
Secure Publishing
By the numbers > 35% Unauthorized access to computer resources 1:1 Ratio of external to internal attacks CSI/FBI 2005 report
More wizards Web-based items Other items OWA SharePoint Web servers Rules and network objects Other items SMTP email Exchange RPC Custom rule Wizards create network elements and configure link translation as necessary
Web listener wizard Authentication Certificate handling HTTP compression
Authentication attributes Group membership Protocol usage User ID Schedule
Authentication: client to ISA HTML form RADIUS OTP SecurID HTTP basic Client-side SSL Combine with or fallback to another method None Third-party addons
Authentication: ISA to validator Active Directory Kerberos LDAP RADIUS RADIUS OTP SecurID
Delegation process browser access-request 401 OWA form URL RADIUS access-accept group attribs URL + basic creds form variables cookie data WinLogon token AD WinLogon URL + basic creds token ISA Server data IIS
Single sign-on Occurs automatically between all applications published on a single listener Think of a listener as a container of authentication settings shared by all published sites in that listener
Single sign-on flow dev Papers, please eng sup Papers, please www.domain.com eng.example.com sup.example.com dev.example.com Seen you ID+pass mktg example.com Even if listeners share same authentication profile and SSO is enabled www.domain.com
Form formats Username and password Username and passcode Combine (enter both) ID+passcode: for SecurID or RADIUS OTP Validated by ISA Server ID+password: for delegation Validated by back-end Predefined form sets (logos, mostly) Generic ISA Server Exchange
Generic form
Next Steps Read whitepapers on Antigen and Advanced Spam Manager http://www.microsoft.com/antigen Paste link for launch PressPass article Download evaluation copy of Antigen e-mail security products http://www.microsoft.com/antigen Read about Microsoft Secure Messaging solutions http://www.microsoft.com/securemessaging
© 2006 Microsoft Corporation. All rights reserved. Business Value Launch 2006 4/22/2017 9:05 AM © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.