Upload
farrah
View
82
Download
0
Embed Size (px)
DESCRIPTION
Microsoft Security. Microsoft Ireland Michael RIVA, MCSE: Security, MCT Partner Technical Specialist. V2.1 – Sep 2007. Overview Microsoft Forefront Edge Security and Access. Why should we be more secure? What is Microsoft Forefront Security Suite ? → Overview Forefront for client - PowerPoint PPT Presentation
Citation preview
Microsoft Security
Microsoft IrelandMicrosoft IrelandMichael RIVA, MCSE: Security, MCTMichael RIVA, MCSE: Security, MCT
Partner Technical SpecialistPartner Technical SpecialistV2.1 – Sep 2007V2.1 – Sep 2007
OverviewOverview Microsoft Forefront Edge Security and AccessMicrosoft Forefront Edge Security and Access
Why should we be more secure?Why should we be more secure?
What is Microsoft Forefront Security Suite ?What is Microsoft Forefront Security Suite ?→ → OverviewOverview
Forefront for clientForefront for client→ → OverviewOverview
Forefront for serverForefront for server→ → Forefront for Exchange and SharePoint server 2007Forefront for Exchange and SharePoint server 2007
Forefront for EdgeForefront for Edge→ → IAG Server (Intelligent Application Gateway Server)IAG Server (Intelligent Application Gateway Server)
Exchange Hosted ServicesExchange Hosted Services
Why should we be more Why should we be more secure ?secure ?
Cybercrime is a real threat.Cybercrime is a real threat.
Hackers are interested in gathering information Hackers are interested in gathering information (Credit card details, individual details...) => (Credit card details, individual details...) => Fraudulous use of credit cards and or personal Fraudulous use of credit cards and or personal individual details for identity theft...individual details for identity theft...
Cyber crime affects individuals, customers, insurance Cyber crime affects individuals, customers, insurance companies, companies image and long term companies, companies image and long term existence.existence.
Hackers are not kids anymore.Hackers are not kids anymore.
Hackers are a lot smarter than you think. They are Hackers are a lot smarter than you think. They are organised crime organisations, they have an in depth organised crime organisations, they have an in depth knowledge in programming, Windows, Unix, Linux, knowledge in programming, Windows, Unix, Linux, Network and they will use any opened door to gain Network and they will use any opened door to gain access.access.
Social engineering is an easy way to gather Social engineering is an easy way to gather information as many employees will give out information as many employees will give out information if they find their interlocutor pleasant and information if they find their interlocutor pleasant and nice.nice.
We can never win against the threat, this is a We can never win against the threat, this is a perpetual fight.perpetual fight.
Over 60% of the people who were asked to provide their Over 60% of the people who were asked to provide their companycompany
login’s password gave it out to a guy who just asked them login’s password gave it out to a guy who just asked them gently !gently !
(INFOSEC 2007)(INFOSEC 2007)
Consequences for affected companies :Consequences for affected companies :
Loss of productivity, loss of data, termination or resignation ofLoss of productivity, loss of data, termination or resignation of
employees, increased insurance cost, long-term loss of business,employees, increased insurance cost, long-term loss of business,
loss of significant business/profitloss of significant business/profit
Companies are not securing their data as they should be...Companies are not securing their data as they should be...
75% of security investment focused here
Network Attacks Application Attacks
75% of attacks focused here
54,87454,874
4,7184,718
3,1793,179
978978
In the last 6 months of In the last 6 months of 2006:2006:
Mobiles
PDAs
Laptops
•Were left in taxis, in London alone…
Memory Sticks
Source: Pointsec
English Revenue and Customs admits theft of 13,000 civil English Revenue and Customs admits theft of 13,000 civil servants personal information. Tax Credit system had to servants personal information. Tax Credit system had to be shut down to halt the fraud. £15m was stolen. – Dec 05be shut down to halt the fraud. £15m was stolen. – Dec 05
A printing firm contracted by Marks & Spencers in the UK A printing firm contracted by Marks & Spencers in the UK has had a laptop stolen putting 26,000 employees at risk has had a laptop stolen putting 26,000 employees at risk for identity theft – May 2007.for identity theft – May 2007.
Employee of Nationwide Building Society has their laptop Employee of Nationwide Building Society has their laptop stolen from home containing account information for 11m stolen from home containing account information for 11m customers. – Aug 06 (Fined £1m for this…)customers. – Aug 06 (Fined £1m for this…)
Although the scientist downloaded about 15 times more Although the scientist downloaded about 15 times more data than the second most active user, no alarm bells rang data than the second most active user, no alarm bells rang until after he submitted his resignation from DuPont, the until after he submitted his resignation from DuPont, the company behind Kevlar, Teflon, and hundreds of other company behind Kevlar, Teflon, and hundreds of other brands and trademarks. brands and trademarks. The value of the stolen information is set at 400 million USD – Feb 2007.
The price of stolen The price of stolen informationinformation
FOREFRONT SECURITY SUITEFOREFRONT SECURITY SUITE
What is Forefront Security What is Forefront Security Suite ?Suite ?
Forefront for clientForefront for clientSecure Windows clients (Desktops and file servers) Secure Windows clients (Desktops and file servers)
againstagainstspywares, viruses...spywares, viruses...
Forefront for serverForefront for serverSecure Exchange/SharePoint servers against viruses, Secure Exchange/SharePoint servers against viruses,
spam,spam,worms in order to deliver clean emails and documents.worms in order to deliver clean emails and documents.
Forefront for edgeForefront for edgeInter network communications protection to insure Inter network communications protection to insure
security ofsecurity ofinformation and application between clients and servers.information and application between clients and servers.
Forefront for clientsForefront for clients
Integrated antivirus and antispyware engine, Integrated antivirus and antispyware engine, delivering real-time protection from and delivering real-time protection from and scheduled scanning for viruses, spyware, and scheduled scanning for viruses, spyware, and other threats. other threats.
Central management system, generating reports Central management system, generating reports and alerts on the security status of their and alerts on the security status of their environment.environment.
State assessment or scans for determining which State assessment or scans for determining which managed computers need patches or are managed computers need patches or are configured insecurely.configured insecurely.
Forefront for ExchangeForefront for Exchange
Anti Spam, Anti Virus and Anti Worm protection Anti Spam, Anti Virus and Anti Worm protection for Exchange server.for Exchange server.
Can run 5 different anti virus engines at the Can run 5 different anti virus engines at the same time reducing the risk because we do not same time reducing the risk because we do not depend on one vendor only.depend on one vendor only.
Filter the Spam with rules (Keywords or Filter the Spam with rules (Keywords or combination) and automated antivirus signature combination) and automated antivirus signature updates.updates.
Internet
A
B
C
D
E
Exchange Server/ Windows-based
SMTP Server
• Distributed protection
• Performance tuning
• Content filtering
• Central management
Forefront enginesForefront engines
VirusBusterVirusBuster
SophosSophos
NormanNorman
Microsoft Anti MalwareMicrosoft Anti Malware
KasperskyKaspersky
CA VETCA VET
CA InoculateCA Inoculate
Authentium CommandAuthentium Command
AhnLabAhnLab
All engines are independent from each other.All engines are independent from each other.
Updates are made available from Microsoft website, 15 mn after Updates are made available from Microsoft website, 15 mn after they have been sent from the partners.they have been sent from the partners.
Forefront for SharepointForefront for Sharepoint
Scan uploaded and downloaded Scan uploaded and downloaded documents before they are saved documents before they are saved against worms, malicious code, against worms, malicious code, viruses.viruses.
IAG SERVERIAG SERVER
IAG ServerIAG ServerIntelligent Application Gateway ServerIntelligent Application Gateway Server
SSL-based application access with SSL-based application access with endpoint security management.endpoint security management.
IAG ServerIAG ServerIntelligent Application Gateway ServerIntelligent Application Gateway Server
Browser based access.Browser based access.
Block malicious traffic and attacks Block malicious traffic and attacks (No network traffic)(No network traffic)
Drive policy compliance (Limit Drive policy compliance (Limit exposure and liability, better ROI)exposure and liability, better ROI)
IAG ServerIAG ServerIntelligent Application Gateway ServerIntelligent Application Gateway Server
Remote machine profilingRemote machine profilingDetermine the health status of the remote machine and dynamically give access Determine the health status of the remote machine and dynamically give access
accordingly.accordingly.
Cache wiperCache wiperClear browser cache, disk cache and overwrite 7 times the clusters where the file Clear browser cache, disk cache and overwrite 7 times the clusters where the file
was initiallywas initiallydownloaded. downloaded. It is impossible to recover a file after this process.It is impossible to recover a file after this process.
Authentification vendorsAuthentification vendorsWorks with 60 different vendors such as Radius, RSA SecureID...Works with 60 different vendors such as Radius, RSA SecureID...
Network integrationNetwork integrationSharePoint 2003/2007, OWA, Dynamics, ActiveSync, Terminal-Services, Citrix, SAP,
LotusDomino, WebSphere and many more…
Network isolationNetwork isolationNo network connectivity between the remote user and the remote No network connectivity between the remote user and the remote
server/service.server/service.The remote client does have an IP address (Unless this is required by IP Phone The remote client does have an IP address (Unless this is required by IP Phone
or anyor anyother application/device that requires an IP address)other application/device that requires an IP address)
OverviewOverview
Intelligent Application Gateway
External
Firewall
Port 443
LDAP Oracle
Exchange Server
SharePoint Server
Partners
IBM / Lotu
sSAP
Web
Active Directo
ry
SSL VPN connectivity and endpoint security verification
Exchange Hosted Exchange Hosted ServicesServices
Exchange Hosted ServicesExchange Hosted Services
TraditionalTraditional
HostedHosted
SMTPSMTPE-mail E-mail storestore
Virus (<1%)Virus (<1%)Spam (70%)Spam (70%)
Legitimate(30Legitimate(30%)%)
SMTPSMTPE-mail E-mail storestore
Virus (<1%)Virus (<1%)Spam (70%)Spam (70%)
Legitimate(30Legitimate(30%)%)
Why outsource AV & AntiSpam?Why outsource AV & AntiSpam?
Manage cost Manage cost and and
complexitycomplexity
Secure, protect Secure, protect and complyand comply
Inbox value and Inbox value and accessaccess
No HW/SW to install No HW/SW to install and manage and manage
Outsource routine IT Outsource routine IT managementmanagement
Predictable Predictable subscription based subscription based serviceservice
Scalable at no Scalable at no additional costadditional cost
Eliminate threats Eliminate threats before they reach before they reach the networkthe network
Policy-compliant Policy-compliant infrastructureinfrastructure
Service-based e-mail Service-based e-mail archiving for rapid archiving for rapid deployment deployment
Eliminate spam and Eliminate spam and viruses from the e-viruses from the e-mail stream to boost mail stream to boost productivityproductivity
Reliable e-mail Reliable e-mail availability and availability and continuity systemscontinuity systems
Recover from Recover from unplanned outages or unplanned outages or disastersdisasters
End-user accessEnd-user access
Easy recoveryEasy recovery
Infrastructure SLAsInfrastructure SLAs99.999% network uptime99.999% network uptime
< 2 minute delivery< 2 minute delivery
Accuracy SLAsAccuracy SLAs100% virus detection and blocking100% virus detection and blocking
95% spam effectiveness95% spam effectiveness
1:250,000 false positive ratio1:250,000 false positive ratio
Service Level AgreementService Level Agreement
Any questions ?Any questions ?
Please do not hesitate to contact Please do not hesitate to contact meme
[email protected]@MICROSOFT.COM