420 likes | 527 Views
Sikkerhed /Compliance. Peter Arvedlund Security Solutions Specialist Claus Petersen Sr. Partner TS Core Infrastructure. Forefront Security Overblik ...mod malware/virus, hacking, spam etc. Server Applications. Client and Server OS. Internet. Perimeter/edge.
E N D
Sikkerhed/Compliance Peter Arvedlund Security Solutions Specialist Claus Petersen Sr. Partner TS Core Infrastructure
Forefront Security Overblik ...mod malware/virus, hacking, spam etc. Server Applications Client and Server OS Internet Perimeter/edge
Forefront codename “Stirling” Management & Visibility Dynamic Response Client and Server OS Server Applications vNext Network Edge vNext vNext V.2
Forefront Security Overblik ...mod malware/virus, hacking, spam etc. Server Applications Client and Server OS Internet Perimeter/edge
Hosted antivirus & antispam Internet
Forefront Security Overblik ...mod malware/virus, hacking, spam etc. Server Applications Client and Server OS Internet Perimeter/edge
Internet Security & Acceleration Server&Intelligent Application Gateway
ISA 2006 Strengths • Branch Office Application Gateway • Site – Site VPN with application layer protection • Caching and Compression between sites • Combination Proxy/Firewall benefits for remote offices • Application Firewall/Proxy Server • AD integrated proxy server • 5th generation proxy server • Http filtering with 3rd party plug-ins extensibility • Secure Application Publishing • Good choice for customers with single namespace • Easy setup for Exchange and RPC/Http access • AD integrated/Cert/Smart Card auth/RADIUS
Forefront "Threat Management Gateway" The Forefront “Threat Management Gateway” provides protection from multiple Internet-based threats, secure connectivity and simplified management. Multiple Threat Protection Secure Connectivity Simple Management • “Threat Management Gateway” represents the evolution of ISA Server into a comprehensive, integrated Edge protection solution • Web anti-virus, anti-malware • URL filtering • Email anti-virus, anti-spam • Intrusion prevention • Integration with Forefront codename “Stirling” “Threat Management Gateway” Investment Areas • Network & application firewall • Internet access protection (proxy) • Remote access VPN • Site-to-site VPN • Exchange & SharePoint publishing • “Appliance like” experience • Easy deployment • Centralized management • Integration with MS infrastructure, including AD, WSUS, System Center
Anything you can do…. I can do…ANYWHERE..! Anywhere Acces / Secure Remote Acces
Forskellige roller – forskellige adgang “Compliance”: Hverbrugersadgangbestemmesafadgangs-politikkersomrelateresdirektetil den enkelteBruger, Sikkerhedsniveaueller PC/PDA Financial Partner or Field Agent Home PC Logistics Partner Kiosk Corporate Laptop Project Manager Employee Remote Technician Employee Unmanaged Partner PC
"TMG" vs. ISA Server 2006 • ISA 2006 • “TMG" • TMG extends current ISA capabilities to provide Edge protection against viruses, malware and other Internet based threats Network firewall • • • • Application firewall Internet access protection (proxy) • • Basic OWA & SharePoint publishing • • IPsec VPN (remote & site to site) • • • • Web caching, HTTP compression Web anti-virus, anti malware • • New URL filtering • • New Email anti-virus, anti-malware • • New • Intrusion prevention • New • Integration with codename “Stirling” • New • Enhanced UI, management, reporting • New
"UAG" vs. IAG 2007 • IAG 2007 • “UAG" • • Application Intelligence and Publishing • • End Point Security • • SSL Tunneling • • Information Leakage Prevention • • Robust Authentication Support (KCD, ADFS, OTP) • Product Certification (Common Criteria, ICSA) • New • NAP Integration • New • • New Terminal Services Integration Array Management • • New Enhanced Management and Monitoring (MOM Pack) • • New Enhanced Mobile Solutions • • New New and Customizable User Portal • • New • Wizard Driven Configuration • New
Forefront Security Overblik ...mod malware/virus, hacking, spam etc. Server Applications Client and Server OS Internet Perimeter/edge
Forefront for Application Servers Forefront til Exchange, Sharepoint & OCS fungerer som én samlet anti-virus administrations- & integrations-konsol som indeholder op til 8 forskellige antivirus scannere.....! Internet • Exchange • Sharepoint • OCS
Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from Each scan job in a Forefront Server Security product can run up to five engines simultaneously A B Internal Messaging and Collaboration Servers C E D
Virus Protection for Document Libraries • Real-time scanning of documents uploadedand downloaded from document library • Manual and scheduled scanning of document library SQL Document Library Document SharePoint Server Users Document Content Policy Enforcement • File filtering to block documents frombeing posted based on name match, file type or file extension • Content filtering by keywords withindocuments for inappropriate words and phrases
Detects and removes viruses in IM conversations • Supports LCS 2005 pooling, PIC, file transfers, and encrypted conversations • Blocks IMs with potentially harmful links • Scans for confidential information and inappropriate keywords in IMs and documents • Allows creation of IM policies through whitelisting and IM/SMTP notifications Outside IM Clients Firewall Office Communications Server Forefront Microsoft Office Communicator Windows Messenger Clients
Integrated Management Forefront Management Pack • Over 100 Events, Performance Counters, and Services Monitored • Monitors the state of Forefront. • Collects statistical data on scanning, detection, and removal of messages and attachments • Polls Forefront Services - Provides timed events to poll systems for critical process health • Key Tasks • Triggers scan engine updates • Centralizes storage and deployment of license files • Imports, exports and deploys setting changes • Initiates and/or schedules manual scan jobs • Starts/Stops control of Forefront services
Forefront Security Overblik ...mod malware/virus, hacking, spam etc. Server Applications Client and Server OS Internet Perimeter/edge
Én antivirus scannerAntivirus, antispyware & antirootkit AVComparatives (Feb 2008) AVTest.org (November 2007) AVTest.org (March 2008) Received AVComparatives Advanced Certification Test of consumer anti-virus products using a malware sample covering approximately the last three years. Test based on more than 1 million malware samples Results of testing of 29 anti-virus engines against more than 870,000 malware files discovered during the last six months
Én antivirus scannerAntivirus, antispyware & antirootkit 7% less CPU 60%+ less CPU usage 14x faster at boot time 2x faster 2x faster in quick scans 5x faster in full scans Sources: West Coast Labs, AVTest.org, Performance benchmarking study with West Coast Labs.
“Is my environment compliant with security best practices?” “Has my level of vulnerability exposure changed over time?” “What portion of my environment is at high risk?”
Forefront Security Overblik ...mod malware/virus, hacking, spam etc. Server Applications Client and Server OS Internet Perimeter/edge Management – “Codename Stirling” RTM Q1 ´09
Forefront codename “Stirling”FCS v.2 is part of the “Stirling” security System Management & Visibility Dynamic Response Client and Server OS Server Applications vNext Network Edge vNext vNext V.2
Stirling Protection Overview Exchange 2007 & E14 Protection Firewall Antimalware Additional Antimalware Capabilities Web (URL) Filtering Host Firewall vNext vNext Advanced Antispam HTTP/FTP AV Host Intrusion Prevention System vNext Intrusion Prevention Software Restriction Remote Access Content Filtering Device Control NAP Integration Sharepoint 2007 & SPS 14 Malware Protection NAP Integration Comprehensive and coordinated protection with dynamic response Unified assets and policy-centric management across client, server, and edge Critical visibility into security state: threats and vulnerabilities
Silo'd best of breed solution are not enough • Time span of data breach events http://www.verizonbusiness.com/resources/security/databreachreport.pdf • Breaches came from a combination of event: • 62% were attributed to a significant error • 59% resulted from hacking and intrusions • 31% incorporated malicious code • 22% exploited a vulnerability • 15% were due to physical threats
Example:Zero Day Scenario Today : Phone Hours Network Admin. Desktop Admin. Manual: Disconnect the Computer DNS Reverse Lookup Edge Protection Logg Client Security Edge Protection WEB Client Event Log Manual: Launch a scan Malicious Web Site DEMO-CLT1 Peter
Security Assessments Channel Example: Zero Day Scenario With Stirling and Dynamic Response Compromised User: Andy Low Fidelity High Severity Expire: Wed 2-3 min Alert Network Admin Security Admin. Desktop Admin. Compromised Computer DEMO-CLT1 High Fidelity High Severity Expire: Wed TMG identifies malware on DEMO-CLT1 computer attempting to propagate (Port Scan) FCS identifies Andy has logged on to DEMO-CLT1 Forefront TMG Stirling Core Client Security Forefront Server for: Exchange, SharePoint OCS WEB NAP Active Directory Scan Computer Block IM Quarantine Malicious Web Site DEMO-CLT1 Reset Account Block Email Peter
NEW Identity & Security Roadmap NEXT H1 CY08 H2 CY08 H1 CY09 ~2010 Beta 1 Beta 2 RTM Management Beta 3 RC RTM Beta 1 Beta 2 RTM Beta 1 Beta 2 RTM ThreatMitigation Beta 1 Beta 2 RTM WEBS Beta 1 Beta 2 RTM Beta RTM Active DirectoryRights Management Services IdentityBasedAccess RTM IAG SP2 RTM "Zermatt" Identity Developer Framework Beta RTM IdentityInfrastructure RTM AD, ADLDS, ADFS (Windows Server 2008 R2)
Spørgsmål? Claus Petersen cpeters@microsoft.com Peter Arvedlund peterarv@microsoft.com www.forefront.dk www.microsoft.com/stirling