Securing Communication And Collaboration Torgeir Bergsvik

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    Forefront Security for Office Communications Server provides layered protection for OCS 2007 Enterprise Edition (and OCS 2007 R2), integrating with Access Edge, Director and Front-end server roles for enterprise-wide security. The integration with the Access Edge role allows Forefront Security for Office Communications Server to protect federated and public IM connections as well as remote users, which we’ll talk about in detail in our next slide.

    Title: Using Network Access Protection Talking Points: Let’s look in more depth in how Network Access Protection works. Network Access Protection works with agents in the Windows XP SP2 or Windows Vista client operating systems. The client environment includes the System Health Agents (SHAs), a Quarantine Agent (QA) and an Enforcement Client (EC). The Secure Hash Algorithm (SHA) checks the state of a client and declares its health. Each SHA is defined for a system health requirement or a set of system health requirements. For example, there might be an SHA for antivirus signatures and an SHA for operating system updates. [BUILD1] Try to Connect to a Network: When a Windows client computer connects though DHCP, a VPN, or a router, the system health validators state what the computer’s health is. [BUILD2] System Health Agent: The access device then forwards the network access request on to the NPS.The NPS includes the System Health Validator (SHV) and the Quarantine Server (QS). The QS coordinates the SHVs which certify declarations made by health agents.Active Directory stores user and computer accounts and their network access properties for authenticated network access. The NPS itself does not make the authentication decision, but evaluates the connection and then forwards the credentials on to Active Directory.[BUILD3] Remediation Server: If a computer is not compliant, it is sent to a restricted network, where the remediation servers can apply security updates or whatever else is needed to enable compliance. Remediation servers consist of servers, services, or other resources that a noncompliant computer on the restricted network can access. These resources might store the most recent software updates or components needed to make the computer comply with health requirements. For example, a secondary DNS server, an antivirus signature file server, and a software update server could all be remediation servers. [BUILD4] Computer that meets Health Policy: If a client is compliant, then the system is given access to the corporate network. Additional Information:http://www.microsoft.com/windowsserver2008/default.mspxwww.microsoft.com/technet/Add-301.ppt , Add-302.ppt

    The primary components of the NAP solution consist of the following: NAP Client System Health Agents and System Health ValidatorsComponents of the NAP infrastructure known as system health agents (SHAs) and system health validators (SHVs) provide health state tracking and validation. Windows Vista and Windows XP Service Pack 3 include a Windows Security Health Validator SHA that monitors the settings of the Windows Security Center. Windows Server 2008 includes a corresponding Windows Security Health Validator SHV. NAP is designed to be flexible and extensible. It can interoperate with any vendor’s software that provides SHAs and SHVs that use the NAP API.  Enforcement Components and MethodsComponents of the NAP infrastructure known as enforcement clients (ECs) and enforcement servers (ESs) require health state validation and enforce limited network access for noncompliant computers for specific types of network access or communication. Windows Vista, Windows XP Service Pack 3, and Windows Server 2008 include NAP support for the following types of network access or communication:Internet Protocol security (IPsec)-protected trafficIEEE 802.1X-authenticated network connectionsRemote access VPN connectionsDynamic Host Configuration Protocol (DHCP) address configurationsWindows Vista and Windows Server 2008 also include NAP support for Terminal Server (TS) Gateway connections.These types of network access or communication are known as NAP enforcement methods. Administrators can use them separately or together to limit the access or communication of noncompliant computers. Network Policy Server (NPS) in Windows Server 2008, the replacement for Internet Authentication Service (IAS) in Windows Server 2003, acts as a health policy server for all of these NAP enforcement methods.  System Health Servers Also known as, Health Registration Authorities, provide current system health state for NAP health policy servers. For example, a health requirement server for an antivirus program tracks the latest version of the antivirus signature file. NPSNPS is a Remote Authentication Dial-In User Service (RADIUS) server and proxy in Windows Server 2008. As a RADIUS server, NPS provides authentication, authorization, and accounting (AAA) services for various types of network access. For authentication and authorization, NPS uses Active Directory to verify user or computer credentials and obtain user or computer account properties when a computer attempts an 802.1X-authenticated connection or a VPN connection. NPS also acts as a NAP health policy server. Administrators define system health requirements in the form of health policies on the NPS server. NPS servers evaluate health state information provided by NAP clients to determine health compliance, and for non-compliance, the set of remediation actions that must be done by the NAP client to become compliant. Remediation serversComputers that contain health update resources that NAP clients can access to remediate their noncompliant state. Examples include antivirus signature distribution servers and software update servers.

    Favorites, Groups & Events

    Securing Communication And Collaboration Torgeir Bergsvik - Presentation Transcript

    1. Securing communication and collaboration
      Karl BjarneWestbye, Microsoft
      Solution Specialist – Security & Management
    3. Forefront Anti-Spam flow
      Incoming Internet E-mail
      Forefront DNSBL
      1
      Connection filtering
      1
      Connection Filtering
      2
      SMTP Filtering
      Backscatter
      2
      Protocol filtering
      Content
      Filtering
      3
      Administrator Quarantine
      Mailbox / Store
      3
      Cloudmark Fingerprinting
      Content filtering
      User Inbox
      User Junk E-mail Folder
    4. Firewall
      Hybrid Messaging Security
      On-Premise Software
      Internet
      Spam policy
      Mail
      Spam policy
      FOSE Gateway
      Full Management Policy
      SMTP
      Mail
      Exchange Hub
      Mailbox Server
      Exchange Edge
      Antivirus and anti-spam protection for Exchange Server 2007/2010 Server Roles
    5. Forefront Online Security for Exchange
      100%
      Known VirusProtection
      98%
      SpamDetection
      1:250,000
      False Positive Ratio
      Spam and VirusFiltering Effectiveness
      Cloudprotectiondemo
      Filtering Network Performance
      Network Uptime
      99.999%
      Rapid E-mail Delivery
      < 1 Minute Average Delivery
    6. TMG Value Proposition
      Comprehensive
      Integrated
      Simplified
    7. TMG New Feature Drill Down
      7
    8. TMG Product "Stack"
      Built on a solid foundation, Windows Server 2008 platform
      Forefront Threat Management Gateway Subscription Services
      Web Anti-Virus
      Based on MSAV engine
      Other Services TBA
    9. How UAG Is Built
      Both use Windows Server for:
      • SSTP VPN
      • TS Gateway
      UAG leverages TMG for:
      • Logging & Reporting
      • Policy & Array Infra.
      • Layer-3 Firewall
      • IPSec VPN
      +7
    10. Incorporates multiple scanning engines from industry-leading partners into a single solution to detect viruses and spyware faster and more effectively than single engine solutions.
      Integrated
      Security
      Comprehensive Protection
      Simplified Management
      • Multiple engine antimalware
      • File and keyword filtering
      Coming Soon:
      • Antispyware (MSAV engine)
      • Hybrid antispam protection with 99%+ detection and .04% false positives
      • Scanning of rights-managed content (Exchange 2010 only)
      • Intelligent engine selection
      • Integration with Exchange 2007
      Coming Soon:
      • Integration with Exchange 2010
      • One-click provisioning of Forefront Online Security for Exchange
      • Automated updating
      Coming Soon:
      • Integration with Forefront Protection Manager
      • Dashboard with drill-down reporting
      • Fast response to security incidents
      • Unified quarantine across Exchange clusters
    11. Integrated security
      Internet
      Exchange Mailbox Server
      Exchange Mailbox Server
      Multi-engine
      Manager
      Client Machines
      Microsoft AV
      Server Applications
      Exchange Front End
    12. The Multiple Engine Advantage
      = More than 24 hours
      = 5 to 24 hours
      = Less than 5 hours
      Response time1 (in hours)
      The Microsoft multiple-engine solution
      Other single-engine solutions
      Rapid response to new threats
      Fail-safe protection through redundancy
      Diversity of antivirus engines and heuristics
      * Includes beta signatures
      ** 0.00 denotes proactive detection
      1 Source: AV-Test.org 2007 (www.av-test.org)
    13. Prevent users from uploading or downloading documents containing malware, out-of-policy content, or sensitive information to SharePoint libraries.
      Integrated
      Security
      Comprehensive Protection
      Simplified Management
      • Multiple engine antimalware
      • File and keyword filtering
      • Scanning of rights-managed content
      Coming Soon:
      • Antispyware (MSAV engine)
      • Intelligent engine selection
      • Integration with MOSS 2007
      Coming Soon:
      • Integration with MOSS 14
      • Automated updating
      Coming Soon:
      • Integration with Forefront Protection Manager
      • Dashboard with drill-down reporting
      • Fast response to security incidents
      • Unified quarantine across webfarms
    14. Forefront Security for SharePoint
      Virus Protection for Document Libraries
      • Real-time scanning of documents uploadedand downloaded from document library
      • Manual and scheduled scanning of document library
      SQL Document Library
      Document
      SharePoint Server
      Document
      Content Policy Enforcement
      • File filtering to block documents frombeing posted based on name match, file type or file extension
      • Content filtering by keywords withindocuments for inappropriate words and phrases
      Users
    15. Beskytt sharepointdemo
      Forefront Security for Sharepoint
    16. Prevent users from sending instant messages malware, out-of-policy content, or sensitive information.
      Integrated
      Security
      Comprehensive Protection
      Simplified Management
      • Multiple engine antimalware
      • File and keyword filtering
      • Automated updating
      • IM notifications for out-of-policy activity
      • Built-in administrator console
      • Intelligent engine selection
      • Integration with OCS 2007 (multiple server roles)
      • Support for federated and public IM
    17. OCS 2007 Enterprise Integration
      FSOCS protects each instance of Standard Edition, Front End, Director and Access Edge server roles, with support for OCS 2007 and OCS 2007 R2.
      Federated (Trusted) Organization
      Access Edge Server
      Director Server
      Front-End Server
      Internet
      Public IM Networks
      Internal Users
      Remote Users
    18. Integrated malware protection for laptops, desktops, and file servers that simplifies control and improves visibility for endpoint security.
      Simplified Administration
      Unified Protection
      Critical Visibility & Control
      • Manage from a single role-based console.
      • Rapid update deployment
      • Integration with Windows Vista
      Coming Soon:
      • Integration with Windows 7
      • Unified antivirus, antispyware, host firewall management, and vulnerability detection
      Coming Soon:
      • Vulnerability remediation
      • External device control
      • Single dashboard for visibility into threats, vulnerabilities and configuration risks
      • Vulnerability assessment
      Coming Soon:
      • Integration with Forefront Protection Manager
      • Fast response to security incidents
      • New vulnerability checks
    19. Beskytt OSdemo
      Forefront Client Security
    20. Forefront Client - Reporting Capabilities
      Summary Report
      • Key information on security state for taking action against threats,
      • Snapshot of the top trends and issues in the environment.
      • Launch point for other reports, allowing the administrator to drill down into details as much as needed.
      • Ability to review:
      • Deployment Status: How many machines are up to date or not up to date with the latest signatures
      • Top issues and issue history: Categorized by type along with history of issues
      • Top Threats and threat history: Types of threats, their severity and how many machines a specific threat has affected.
      • Top alerts and alert history: Key alerts impacting environment
      • Top vulnerabilities and vulnerability history: Through state assessment scans
    21. What is Microsoft NAP?An extensible compliance definition, validation, remediation and reporting frameworkthat can limit access if required
      Compliance Definition
      Define custom health policies (collections of “compliance checks”) that are relevant to the definition of machine “compliance”.
      Validation
      NAP assesses the compliance state of machines against an administrator-defined health compliance policy. Validation triggers: resource access attempt, periodic time-basis, client-side compliance check state monitoring.
      Remediation
      NAP can drive machines to automatically “remediate” or correct their compliance deviations, often without user-intervention.
      Reporting
      NAP stores compliance state and context data from the NAP framework and NAP extensions in a common database for analysis, reporting and other purposes.
      Access Control
      Machine compliance state, as evaluated by NAP, can be used to limit access to various resources.
      Extensible Framework
      The NAP framework is extensible - enabling MS and 3rd parties to extend compliance checks, remediation, compliance data transport/access control technologies and non-MS NAP clients.
    22. Remediation
      Servers
      Example: Patch
      Restricted
      Network
      Corporate Network
      Using Network Access Protection
      Security
      Policy Servers
      such as: Patch, AV
      3
      1
      2
      Not policy compliant
      4
      DHCP, VPN
      Switch/Router
      Windows
      Client
      NPS
      Policy compliant
      5
      If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4)
      DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)
      Network Policy Server (NPS) validates against IT-defined health policy
      If policy compliant, client is granted full access to corporate network
      Client requests access to network and presents current health state
      2
      3
      4
      5
      1
    23. NAP Components
      System Health
      Servers
      Remediation
      Servers
      Health policy
      Updates
      Network
      Access
      Requests
      Health
      Statements
      Client
      NPS Policy Server(RADIUS)
      (SHA)
      MS SHA, SMS
      (SHA)
      3rd Parties
      Health
      Certificate
      System Health Validator
      NAP Agent
      802.1x Switches
      Policy Firewalls
      SSL VPN Gateways
      Certificate Servers
      (EC)
      (DHCP, IPsec,
      802.1X, VPN)
      (EC)
      3rd Party EAP
      VPN’s
      NAP Server
    24. "Forefront Protection Suite"
      Anintegrated security suite that deliverscomprehensive protection across endpoint, application servers, and the edge that is easier to manage and control.
      Forefront Protection Manager
      Unified Management
      In-Depth Investigation
      Enterprise-Wide Visibility
      Security Assessment Sharing (SAS)
      Network Edge
      Client &Server OS
      Server Applications
      Third-Party Partner
      Solutions
      Other Microsoft Solutions
      Active Directory
      Network Access
      Protection
    25. Security management with FPM
    26. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
      The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
    SlideShare Zeitgeist 2009

    + Tommy PedersenTommy Pedersen Nominate

    custom

    91 views, 0 favs, 1 embeds more stats

    I denne sesjonen vil vi gå igjennom hvordan du sik more

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 91
      • 81 on SlideShare
      • 10 from embeds
    • Comments 0
    • Favorites 0
    • Downloads 6
    Most viewed embeds
    • 10 views on http://blogs.technet.com

    more

    All embeds
    • 10 views on http://blogs.technet.com

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    What's New

    © 2009 SlideShare Inc. All rights reserved.