Microsoft Security

Microsoft IrelandMicrosoft IrelandMichael RIVA, MCSE: Security, MCTMichael RIVA, MCSE: Security, MCT

Partner Technical SpecialistPartner Technical SpecialistV2.1 – Sep 2007V2.1 – Sep 2007

OverviewOverview Microsoft Forefront Edge Security and AccessMicrosoft Forefront Edge Security and Access

Why should we be more secure?Why should we be more secure?

What is Microsoft Forefront Security Suite ?What is Microsoft Forefront Security Suite ?→ → OverviewOverview

Forefront for clientForefront for client→ → OverviewOverview

Forefront for serverForefront for server→ → Forefront for Exchange and SharePoint server 2007Forefront for Exchange and SharePoint server 2007

Forefront for EdgeForefront for Edge→ → IAG Server (Intelligent Application Gateway Server)IAG Server (Intelligent Application Gateway Server)

Exchange Hosted ServicesExchange Hosted Services

Why should we be more Why should we be more secure ?secure ?

Cybercrime is a real threat.Cybercrime is a real threat.

Hackers are interested in gathering information Hackers are interested in gathering information (Credit card details, individual details...) => (Credit card details, individual details...) => Fraudulous use of credit cards and or personal Fraudulous use of credit cards and or personal individual details for identity theft...individual details for identity theft...

Cyber crime affects individuals, customers, insurance Cyber crime affects individuals, customers, insurance companies, companies image and long term companies, companies image and long term existence.existence.

Hackers are not kids anymore.Hackers are not kids anymore.

Hackers are a lot smarter than you think. They are Hackers are a lot smarter than you think. They are organised crime organisations, they have an in depth organised crime organisations, they have an in depth knowledge in programming, Windows, Unix, Linux, knowledge in programming, Windows, Unix, Linux, Network and they will use any opened door to gain Network and they will use any opened door to gain access.access.

Social engineering is an easy way to gather Social engineering is an easy way to gather information as many employees will give out information as many employees will give out information if they find their interlocutor pleasant and information if they find their interlocutor pleasant and nice.nice.

We can never win against the threat, this is a We can never win against the threat, this is a perpetual fight.perpetual fight.

Over 60% of the people who were asked to provide their Over 60% of the people who were asked to provide their companycompany

login’s password gave it out to a guy who just asked them login’s password gave it out to a guy who just asked them gently !gently !

(INFOSEC 2007)(INFOSEC 2007)

Consequences for affected companies :Consequences for affected companies :

Loss of productivity, loss of data, termination or resignation ofLoss of productivity, loss of data, termination or resignation of

employees, increased insurance cost, long-term loss of business,employees, increased insurance cost, long-term loss of business,

loss of significant business/profitloss of significant business/profit

Companies are not securing their data as they should be...Companies are not securing their data as they should be...

75% of security investment focused here

Network Attacks Application Attacks

75% of attacks focused here

54,87454,874

4,7184,718

3,1793,179

978978

In the last 6 months of In the last 6 months of 2006:2006:

Mobiles

PDAs

Laptops

•Were left in taxis, in London alone…

Memory Sticks

Source: Pointsec

English Revenue and Customs admits theft of 13,000 civil English Revenue and Customs admits theft of 13,000 civil servants personal information. Tax Credit system had to servants personal information. Tax Credit system had to be shut down to halt the fraud. £15m was stolen. – Dec 05be shut down to halt the fraud. £15m was stolen. – Dec 05

A printing firm contracted by Marks & Spencers in the UK A printing firm contracted by Marks & Spencers in the UK has had a laptop stolen putting 26,000 employees at risk has had a laptop stolen putting 26,000 employees at risk for identity theft – May 2007.for identity theft – May 2007.

Employee of Nationwide Building Society has their laptop Employee of Nationwide Building Society has their laptop stolen from home containing account information for 11m stolen from home containing account information for 11m customers. – Aug 06 (Fined £1m for this…)customers. – Aug 06 (Fined £1m for this…)

Although the scientist downloaded about 15 times more Although the scientist downloaded about 15 times more data than the second most active user, no alarm bells rang data than the second most active user, no alarm bells rang until after he submitted his resignation from DuPont, the until after he submitted his resignation from DuPont, the company behind Kevlar, Teflon, and hundreds of other company behind Kevlar, Teflon, and hundreds of other brands and trademarks. brands and trademarks. The value of the stolen information is set at 400 million USD – Feb 2007.

The price of stolen The price of stolen informationinformation

FOREFRONT SECURITY SUITEFOREFRONT SECURITY SUITE

What is Forefront Security What is Forefront Security Suite ?Suite ?

Forefront for clientForefront for clientSecure Windows clients (Desktops and file servers) Secure Windows clients (Desktops and file servers)

againstagainstspywares, viruses...spywares, viruses...

Forefront for serverForefront for serverSecure Exchange/SharePoint servers against viruses, Secure Exchange/SharePoint servers against viruses,

spam,spam,worms in order to deliver clean emails and documents.worms in order to deliver clean emails and documents.

Forefront for edgeForefront for edgeInter network communications protection to insure Inter network communications protection to insure

security ofsecurity ofinformation and application between clients and servers.information and application between clients and servers.

Forefront for clientsForefront for clients

Integrated antivirus and antispyware engine, Integrated antivirus and antispyware engine, delivering real-time protection from and delivering real-time protection from and scheduled scanning for viruses, spyware, and scheduled scanning for viruses, spyware, and other threats. other threats.

Central management system, generating reports Central management system, generating reports and alerts on the security status of their and alerts on the security status of their environment.environment.

State assessment or scans for determining which State assessment or scans for determining which managed computers need patches or are managed computers need patches or are configured insecurely.configured insecurely.

Forefront for ExchangeForefront for Exchange

Anti Spam, Anti Virus and Anti Worm protection Anti Spam, Anti Virus and Anti Worm protection for Exchange server.for Exchange server.

Can run 5 different anti virus engines at the Can run 5 different anti virus engines at the same time reducing the risk because we do not same time reducing the risk because we do not depend on one vendor only.depend on one vendor only.

Filter the Spam with rules (Keywords or Filter the Spam with rules (Keywords or combination) and automated antivirus signature combination) and automated antivirus signature updates.updates.

Internet

A

B

C

D

E

Exchange Server/ Windows-based

SMTP Server

• Distributed protection

• Performance tuning

• Content filtering

• Central management

Forefront enginesForefront engines

VirusBusterVirusBuster

SophosSophos

NormanNorman

Microsoft Anti MalwareMicrosoft Anti Malware

KasperskyKaspersky

CA VETCA VET

CA InoculateCA Inoculate

Authentium CommandAuthentium Command

AhnLabAhnLab

All engines are independent from each other.All engines are independent from each other.

Updates are made available from Microsoft website, 15 mn after Updates are made available from Microsoft website, 15 mn after they have been sent from the partners.they have been sent from the partners.

Forefront for SharepointForefront for Sharepoint

Scan uploaded and downloaded Scan uploaded and downloaded documents before they are saved documents before they are saved against worms, malicious code, against worms, malicious code, viruses.viruses.

IAG SERVERIAG SERVER

IAG ServerIAG ServerIntelligent Application Gateway ServerIntelligent Application Gateway Server

SSL-based application access with SSL-based application access with endpoint security management.endpoint security management.

IAG ServerIAG ServerIntelligent Application Gateway ServerIntelligent Application Gateway Server

Browser based access.Browser based access.

Block malicious traffic and attacks Block malicious traffic and attacks (No network traffic)(No network traffic)

Drive policy compliance (Limit Drive policy compliance (Limit exposure and liability, better ROI)exposure and liability, better ROI)

IAG ServerIAG ServerIntelligent Application Gateway ServerIntelligent Application Gateway Server

Remote machine profilingRemote machine profilingDetermine the health status of the remote machine and dynamically give access Determine the health status of the remote machine and dynamically give access

accordingly.accordingly.

Cache wiperCache wiperClear browser cache, disk cache and overwrite 7 times the clusters where the file Clear browser cache, disk cache and overwrite 7 times the clusters where the file

was initiallywas initiallydownloaded. downloaded. It is impossible to recover a file after this process.It is impossible to recover a file after this process.

Authentification vendorsAuthentification vendorsWorks with 60 different vendors such as Radius, RSA SecureID...Works with 60 different vendors such as Radius, RSA SecureID...

Network integrationNetwork integrationSharePoint 2003/2007, OWA, Dynamics, ActiveSync, Terminal-Services, Citrix, SAP,

LotusDomino, WebSphere and many more…

Network isolationNetwork isolationNo network connectivity between the remote user and the remote No network connectivity between the remote user and the remote

server/service.server/service.The remote client does have an IP address (Unless this is required by IP Phone The remote client does have an IP address (Unless this is required by IP Phone

or anyor anyother application/device that requires an IP address)other application/device that requires an IP address)

OverviewOverview

Intelligent Application Gateway

External

Firewall

Port 443

LDAP Oracle

Exchange Server

SharePoint Server

Partners

IBM / Lotu

sSAP

Web

Active Directo

ry

SSL VPN connectivity and endpoint security verification

Exchange Hosted Exchange Hosted ServicesServices

Exchange Hosted ServicesExchange Hosted Services

TraditionalTraditional

HostedHosted

SMTPSMTPE-mail E-mail storestore

Virus (<1%)Virus (<1%)Spam (70%)Spam (70%)

Legitimate(30Legitimate(30%)%)

SMTPSMTPE-mail E-mail storestore

Virus (<1%)Virus (<1%)Spam (70%)Spam (70%)

Legitimate(30Legitimate(30%)%)

Why outsource AV & AntiSpam?Why outsource AV & AntiSpam?

Manage cost Manage cost and and

complexitycomplexity

Secure, protect Secure, protect and complyand comply

Inbox value and Inbox value and accessaccess

No HW/SW to install No HW/SW to install and manage and manage

Outsource routine IT Outsource routine IT managementmanagement

Predictable Predictable subscription based subscription based serviceservice

Scalable at no Scalable at no additional costadditional cost

Eliminate threats Eliminate threats before they reach before they reach the networkthe network

Policy-compliant Policy-compliant infrastructureinfrastructure

Service-based e-mail Service-based e-mail archiving for rapid archiving for rapid deployment deployment

Eliminate spam and Eliminate spam and viruses from the e-viruses from the e-mail stream to boost mail stream to boost productivityproductivity

Reliable e-mail Reliable e-mail availability and availability and continuity systemscontinuity systems

Recover from Recover from unplanned outages or unplanned outages or disastersdisasters

End-user accessEnd-user access

Easy recoveryEasy recovery

Infrastructure SLAsInfrastructure SLAs99.999% network uptime99.999% network uptime

< 2 minute delivery< 2 minute delivery

Accuracy SLAsAccuracy SLAs100% virus detection and blocking100% virus detection and blocking

95% spam effectiveness95% spam effectiveness

1:250,000 false positive ratio1:250,000 false positive ratio

Service Level AgreementService Level Agreement

Any questions ?Any questions ?

Please do not hesitate to contact Please do not hesitate to contact meme

V-MiRiVA@MICROSOFT.COMV-MiRiVA@MICROSOFT.COM