Your SlideShare is downloading. ×
0
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Exchange Conference (Philadelphia) - Exchange 2007 Security

4,493

Published on

Exchange 2007 Security session from Exchange Conference in Philadelphia, PA on February 7, 2008.

Exchange 2007 Security session from Exchange Conference in Philadelphia, PA on February 7, 2008.

Published in: Technology
1 Comment
2 Likes
Statistics
Notes
  • you can also go to http://www.cursul.eu and see the rate your country currency related to others like eur / usd
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
4,493
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
354
Comments
1
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • 06/01/09 08:41 © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
  • Transcript

    • 1. Understanding Security and Exchange Server 2007 Harold Wong [email_address] blogs.technet.com/haroldwong
    • 2. Agenda <ul><li>Messaging security </li></ul><ul><ul><li>Antivirus </li></ul></ul><ul><ul><li>Anti-spam </li></ul></ul><ul><li>Security enhancements with ISA Server 2006 </li></ul><ul><li>Securing messages in transit </li></ul>
    • 3. Security Threats to E-Mail <ul><li>The most common way for viruses to enter an organization is through e-mail </li></ul><ul><li>Spam volume continues to trend upward over time </li></ul><ul><li>Phishing scams have become more sophisticated and successful in a short period of time </li></ul>“… antivirus experts at SoftScan said that 89.5 per cent of all viruses scanned were classified as phishing malware” - Clement James, “Virus Levels Soar in August,” IT News.com.au, September 5, 2006 “ Spammers now generate an estimated 55 billion messages per day... A year ago that number was 30billion..” - Robert McMillian, “Spam’s New Image,” CIO.com, August 15, 2006
    • 4. Choices for Exchange Message Filtering <ul><li>Exchange Hosted Filtering </li></ul><ul><ul><li>Anti-spam and antivirus protection in the cloud </li></ul></ul><ul><ul><li>SLA backed e-mail security performance </li></ul></ul><ul><li>Exchange Server 2007 Edge Transport server role </li></ul><ul><ul><li>Anti-spam and antivirus protection in the perimeter </li></ul></ul><ul><ul><li>Features customized and controlled on-premise </li></ul></ul>Antivirus Filtering Anti-spam Filtering
    • 5. Comprehensive Antivirus, Anti-Spam Protection Choice: Hosted e-mail security <ul><li>Choices for Network Edge Protection </li></ul><ul><ul><li>Internet-based services protect against spam and viruses before they penetrate the network </li></ul></ul><ul><li>Comprehensive Enterprise-class Hosted Services for E-mail Security and Management </li></ul><ul><ul><li>Service for e-mail security with performance backed by SLAs </li></ul></ul><ul><li>Simplify E-mail Administration </li></ul><ul><ul><li>Offloading e-mail security allows IT to focus on other initiatives </li></ul></ul>Firewall Mailbox Server Hub Transport Server Client Access Server SMTP Internet + On-Premise Software
    • 6. Features of Exchange Hosted Services Active Protection <ul><li>Protection against the latest threats before they reach your network </li></ul><ul><li>Manage regulatory compliance requirements </li></ul><ul><li>Provide e-mail that’s always available </li></ul>Enterprise-Class Reliability <ul><li>Global network of tier-one data centers that meet security audit standards </li></ul><ul><li>Service availability and performance backed by SLAs </li></ul><ul><li>Dedicated expertise and 24/7 network monitoring </li></ul>Simplified E-mail Administration <ul><li>Dedicate IT resources to other projects </li></ul><ul><li>Activate services quickly with no additional equipment or software </li></ul><ul><li>Integrate with your existing e-mail infrastructure </li></ul>
    • 7. Exchange Hosted Filtering Anti-spam, Antivirus, Content and Policy Enforcement, Disaster Recovery <ul><li>Only requires a simple MX record change </li></ul><ul><li>Performance and uptime SLA </li></ul><ul><li>Active multi-layer spam and virus protection </li></ul><ul><li>Multi-engine virus filtering (Symantec, Trend Micro, Kaspersky Labs, Sophos) </li></ul><ul><li>Flexible policy filter to enforce any e-mail-use rules </li></ul><ul><li>E-mail queuing helps ensure mail is never lost </li></ul>
    • 8. Protection with Hosted Services <ul><li>Full e-mail encryption </li></ul><ul><li>No public and private key management </li></ul><ul><li>Gateway, policy-based e-mail encryption </li></ul><ul><li>Uninterrupted e-mail accessibility </li></ul><ul><li>Rapid recovery from unplanned disasters and network outages </li></ul><ul><li>Thirty-day rolling historical e-mail store </li></ul><ul><li>E-mail retention for help with compliance and e-discovery </li></ul><ul><li>Customized report generation for help demonstrating compliance </li></ul><ul><li>Fully indexed, searchable archive </li></ul><ul><li>Real-time threat prevention features </li></ul><ul><li>Multi-layer anti-spam and antivirus </li></ul><ul><li>Customized content and policy enforcement </li></ul>
    • 9. Comprehensive Antivirus, Anti-Spam Protection Choice: On-premise protection <ul><li>Choices for Network Edge Protection </li></ul><ul><ul><li>On-premise software protects against spam and viruses before they penetrate the network </li></ul></ul><ul><li>Local Control of Data </li></ul><ul><ul><li>Antivirus, anti-spam and security policies can be customized to meet the needs of the organization </li></ul></ul><ul><li>Built-in Protection </li></ul><ul><ul><li>Protection for your data and your network that can expand as the organization grows </li></ul></ul>Firewall SMTP Internet + On-Premise Software Mailbox Server Hub Transport Server Client Access Server Edge Transport Server
    • 10. The Edge Transport Server Role <ul><li>Consistent Exchange management experience </li></ul><ul><li>Perimeter deployment </li></ul><ul><li>Not joined to Active Directory (AD) </li></ul><ul><ul><li>Limited AD information transferred securely from the Hub Transport server </li></ul></ul><ul><ul><li>Utilizes information from AD for recipient filtering </li></ul></ul><ul><li>High availability for SMTP </li></ul><ul><li>Secure SMTP configuration </li></ul><ul><ul><li>Address rewriting </li></ul></ul><ul><ul><li>Relay control </li></ul></ul><ul><ul><li>Smarthost </li></ul></ul><ul><ul><li>Transport Layer Security (TLS) </li></ul></ul>
    • 11. Features Unique to Edge Transport <ul><li>Recipient Filtering based on AD information </li></ul><ul><li>Outlook Safe Lists propagated to Edge </li></ul><ul><li>Administrator managed spam quarantine </li></ul>
    • 12. Highly Available Messaging With Exchange Server 2007 <ul><li>Poison message detection </li></ul><ul><li>SMTP back-pressure </li></ul><ul><li>ESE backed queues </li></ul>
    • 13. Exchange 2007 Antivirus Support Native Scanning Infrastructure <ul><li>Multiple third-party antivirus vendors support Exchange Server 2007 </li></ul><ul><ul><li>Symantec </li></ul></ul><ul><ul><li>Trend Micro </li></ul></ul><ul><ul><li>Kasperksy Lab </li></ul></ul><ul><ul><li>GFI Software </li></ul></ul><ul><ul><li>McAfee </li></ul></ul><ul><li>VSAPI to enable scanning messages in the store </li></ul><ul><li>Antivirus Stamp to minimize unnecessary rescanning </li></ul>Example of an Antivirus Stamp: X-MS-Exchange-Organization-AVStamp-Mailbox: VSKing;5;0;info VSKing: AV vendor name  (8 characters) 5: Vendor version  (32-bit unsigned integer) 0 (VIRSCAN_NO_VIRUS): Virus status (32-bit unsigned integer) Info: Optional Virus info (128 byte string)
    • 14. Forefront Security for Exchange Server Antivirus Features <ul><li>Forefront server security solutions help businesses protect </li></ul><ul><li>their messaging servers against viruses and worms </li></ul>Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against e-mail and collaboration threats Advanced Protection Tight integration with Microsoft Exchange, Windows-based SMTP, SharePoint and Live Communications Servers maximizes availability and management control Availability &amp; Control Ensures organizations can eliminate inappropriate language and dangerous attachments from internal and external communications Secure Content
    • 15. Anti-spam Feature Comparison by Exchange Release Anti-spam Feature Exchange 2003 RTM Exchange 2003 SP1 Exchange 2003 SP2 Exchange 2007 RTM IP Allow And Deny Lists Yes Yes Yes Yes IP DNS Block Lists Yes Yes Yes Yes Recipient Filtering Yes Yes Yes Yes Sender Filtering Yes Yes Yes Yes Content Filtering (Smartscreen) Yes Yes Yes Content Filter Updates (Smartscreen) Bi-weekly Daily Sender ID Yes Yes IP Safe Lists (aka Bonded Sender) Yes Outlook Postmark Validation Yes Protocol Analysis Data Gathering Yes Protocol Analysis Sender Reputation Yes Open Proxy Validation Yes Dynamic Spam Data Update Service Yes Per User/OU Spam Settings Yes Admin Quarantine Yes Automatic DNS block lists Yes
    • 16. How Spam is Filtered Connection filtering Real Time Block Lists Global accept / deny and exception lists SMTP Filtering Layer Sender and Recipient Filtering Sender ID SMTP Command Tar-pitting Content Filtering Outlook Safe List Aggregation Anti-Spam/Anti-Phishing SCL Per-user/OU Spam preferences International Domain Support Outlook Postmark Validation Quarantine and Spam Reporting Incoming Internet E-mail Outlook Mailbox Inbox Junk E-mail 1 Connection Filtering 3 Content Filtering 2 Sender &amp; Recipient Filtering 1 2 3 1 3 2
    • 17. Robust Anti-Spam Reporting <ul><li>Performance counters </li></ul><ul><li>Exchange Management Shell data feeds </li></ul><ul><li>Microsoft Operations Manager graphical displays </li></ul>
    • 18. Forefront Security for Exchange Server Updates: Anti-Spam <ul><li>Continuous stream of spam and virus filter updates </li></ul><ul><ul><li>Published on the Microsoft Update (MU) infrastructure </li></ul></ul><ul><ul><li>No administrator intervention required to keep Edge filters fresh </li></ul></ul><ul><ul><li>Windows Server Update Service supported </li></ul></ul><ul><li>Updates include </li></ul><ul><ul><li>Daily IMF content filter updates </li></ul></ul><ul><ul><li>Multiple intra-day IP reputation updates </li></ul></ul><ul><ul><li>Multiple intra-day spam signatures </li></ul></ul>
    • 19. Security enhancements with Internet Security and Acceleration Server 2006
    • 20. Securing Exchange Server 2007 with ISA Server 2006 External Web Server Intranet Web Server Exchange Active Directory SharePoint Administrator DMZ User Internet ISA 2006 Appliance HEAD QUARTERS Internal Network Integrated Security Improved idle-based time-outs for session mgmt NEW Smartcards &amp; one-time password support NEW Customized logon forms for most devices &amp; apps NEW LDAP authentication for Active Directory NEW Authentication delegation (NTLM, Kerberos) NEW Efficient Management Web publishing load balancing NEW Exchange &amp; SharePoint publishing tools NEW Enhanced certificate administration NEW Fast, Secure Access Single sign-on for multiple resource access NEW Automatic translation of embedded internal links NEW
    • 21. Enhancing Exchange Server 2007 Security DMZ Ready <ul><li>Exchange Server 2007 CAS must be in DMZ and must be domain member </li></ul><ul><li>Lower security and higher TCO </li></ul>Pre-authentication <ul><li>None </li></ul><ul><li>External packets from unknown source reach the servers </li></ul>Feature Without ISA With ISA Server <ul><li>Only ISA Server in DMZ </li></ul><ul><li>Can operate in Workgroup (auth via LDAP / RADIUS) </li></ul><ul><li>OWA </li></ul><ul><li>Outlook/RPC/HTTP </li></ul><ul><li>Mobile / ActiveSync (Mobile with Cert) </li></ul>Authentication strength <ul><li>Single factor (username+password) </li></ul><ul><li>3rd party solutions (SecureId) </li></ul><ul><li>Two factor (credentials + certificate/OTP) </li></ul><ul><li>SecureID </li></ul>Access to links (from OWA &amp; from Outlook) <ul><li>SharePoint documents (ReadOnly) </li></ul><ul><li>SharePoint Document library (ReadOnly) </li></ul><ul><li>No access to other web applications </li></ul><ul><li>UNC </li></ul><ul><li>Full access to all SharePoint capabilities (documents, document libraries, calendar, admin etc) </li></ul><ul><li>Access to other web applications </li></ul><ul><li>UNC (same) </li></ul>Content / traffic inspection Load balancing an array of OWA <ul><li>None (Forefront inspects only SMTP) </li></ul><ul><li>Yes (HTTP) </li></ul><ul><li>NLB (IP based only) or external LB device for cookie based LB </li></ul><ul><li>IP and Cookie based LB are part of ISA </li></ul>
    • 22. Pre-Authentication Basics <ul><li>Supports proxy of Outlook Anywhere (RPC/HTTP), Outlook Web Access, and Exchange ActiveSync </li></ul><ul><li>Ensure no un-authenticated HTTP traffic reaches the intranet </li></ul><ul><li>Pre-authentication is done by a reverse proxy in the perimeter network </li></ul><ul><li>Numerous authentication choices </li></ul>Client Access Server Firewall ISA 2006 Firewall HTTPS Mailbox Server Active Directory
    • 23. Confidential Messaging Features in Exchange 2007 <ul><li>Client Features </li></ul><ul><li>Client to Server </li></ul><ul><li>Server to Server </li></ul><ul><li>Server to Perimeter </li></ul><ul><li>Perimeter to Perimeter </li></ul>Clients Internal Network Perimeter Network Internet Perimeter Network
    • 24. Security and Exchange Server 2007 <ul><li>Exchange Server 2007 provides improved security out of the box </li></ul><ul><li>Message filtering is enhanced with </li></ul><ul><ul><li>Forefront Security for Exchange Server </li></ul></ul><ul><ul><li>Exchange Hosted Filtering </li></ul></ul><ul><li>ISA Server 2006 helps provide secure client access </li></ul>
    • 25. &nbsp;
    • 26. Appendix June 1, 2009
    • 27. Security Environment <ul><li>Need for filtering </li></ul><ul><ul><li>Viruses </li></ul></ul><ul><ul><li>Spam </li></ul></ul><ul><ul><li>Phishing </li></ul></ul><ul><li>Need for security </li></ul><ul><ul><li>Compliance </li></ul></ul><ul><ul><li>Confidentiality </li></ul></ul>
    • 28. Enterprise Topology Enterprise Network Other SMTP Servers Routing Hygiene Routing Policy I N T E R N E T Applications OWA Protocols ActiveSync, POP, IMAP, RPC / HTTP … Programmability Web services, Web parts Mailbox Public Folders Voice Messaging Fax PBX or VoIP Edge Transport Hub Transport Client Access Mailbox Unified Messaging
    • 29. EdgeSync Overview <ul><li>Edge Server Features depend on data in Active Directory </li></ul><ul><li>Edge Servers MUST operate in perimeter networks </li></ul><ul><li>EdgeSync </li></ul><ul><ul><li>Publishes outbound to Edge Servers </li></ul></ul><ul><ul><li>Subscribes an Edge Server to an AD Site </li></ul></ul><ul><ul><li>Configures Security and Routing </li></ul></ul>
    • 30. The New Edge Transport Server Role Feature Rich Perimeter E-mail Defense <ul><li>Industry-leading anti-spam technology </li></ul><ul><li>Comprehensive antivirus protection with Microsoft Forefront Security for Exchange Server </li></ul><ul><li>Consistent Administration </li></ul><ul><ul><li>EdgeSync allows management alongside AD connected servers </li></ul></ul><ul><ul><li>Local administration through the Exchange Management Console or the Exchange Management Shell </li></ul></ul>
    • 31. EdgeSync Published Data <ul><li>Recipient SMTP Addresses </li></ul><ul><ul><li>Used to reject mail at the edge destined to non-existent addresses </li></ul></ul><ul><ul><li>Includes primaries / contacts / proxies </li></ul></ul><ul><ul><li>Addresses are one-way hashed to protect from exposure </li></ul></ul><ul><li>Outlook Safe Senders </li></ul><ul><ul><li>Users safe sender lists </li></ul></ul><ul><ul><li>Applied per recipient (one persons safe sender is not another’s) </li></ul></ul><ul><ul><li>A message from a safe sender to a recipient will bypass anti-spam content </li></ul></ul><ul><ul><li>Does NOT bypass IP blocklists </li></ul></ul>
    • 32. Subscribing Edge Servers <ul><li>A “Subscription” is created on the Edge box </li></ul><ul><li>The Subscription is imported on a HUB Server </li></ul><ul><ul><li>In the Site with best network connectivity to the perimeter network </li></ul></ul><ul><ul><li>The HUB will provision certificates to secure Edge to BH connection </li></ul></ul><ul><ul><li>Routing is configured </li></ul></ul><ul><li>On an hourly schedule, the Hub Server publishes recipient data to Edge Server </li></ul><ul><ul><li>Data is hashed to prevent leakage </li></ul></ul>
    • 33. Forefront Security for Exchange Server 2007 Incremental background scanning <ul><li>Periodic scanning of the store with updated signatures provides another layer of security </li></ul><ul><li>Incremental Background Scanning combines security and performance considerations </li></ul><ul><li>Various background scanning options </li></ul><ul><ul><li>Scan all messages </li></ul></ul><ul><ul><li>Scan only messages delivered in the past 1, 2, 3, 4, 5, 7, 30 days </li></ul></ul><ul><ul><li>Scan only messages with attachments </li></ul></ul><ul><ul><li>Scan only messages that have never been scanned before </li></ul></ul>
    • 34. Antivirus Antivirus stamp <ul><li>X-header protected by the Header Firewall </li></ul><ul><li>AV vendors stamp scan result and consult stamps generated upstream to decide if to skip AV scanning on current server </li></ul><ul><li>Example: </li></ul><ul><li>X-MS-Exchange-Organization-AVStamp-Mailbox: </li></ul><ul><li>VSKing;5;0;info </li></ul><ul><li>VSKing: AV vendor name  (8 characters) </li></ul><ul><li>5: Vendor version  (32-bit unsigned integer) </li></ul><ul><li>0 (VIRSCAN_NO_VIRUS): Virus status (32-bit unsigned integer) </li></ul><ul><li>Info: Optional Virus info (128 byte string) </li></ul>
    • 35. Managing Exchange Anti-spam <ul><li>Configuration </li></ul><ul><ul><li>Setting Actions for SCL levels </li></ul></ul><ul><ul><li>Setting Remote Edge Server Lists </li></ul></ul><ul><ul><li>Per-recipient/OU anti-spam configuration </li></ul></ul><ul><ul><li>Ability to configure exceptions/bypassed recipients </li></ul></ul><ul><li>Diagnostics and monitoring </li></ul><ul><ul><li>Spam Stamp </li></ul></ul><ul><ul><li>Intuitive UI part of ESM for most common tasks </li></ul></ul><ul><ul><li>Events, alerts, reporting via MOM </li></ul></ul><ul><ul><li>ExBPA tool will help IT Pros keep up with best practices </li></ul></ul>
    • 36. Configuring SCL thresholds <ul><li>Set Actions based on the SCL level assigned to a message </li></ul><ul><li>Thresholds can be set on a per-recipient basis </li></ul>
    • 37. Spam Quarantine <ul><li>Messages over a set SCL are delivered to a Spam Quarantine Store </li></ul><ul><ul><li>Exchange 2007 mailbox </li></ul></ul><ul><li>Send Again and Search </li></ul><ul><ul><li>Delivered as NDRs, allowing “send again” functionality </li></ul></ul><ul><ul><li>Quarantine Viewed/Searched with Outlook / OWA </li></ul></ul><ul><ul><li>Message is placed in the original format in the mail stream. </li></ul></ul><ul><li>Quarantine is admin managed, no end-user view </li></ul><ul><ul><li>OWA/Outlook junk folder is for end users </li></ul></ul>
    • 38. Monitoring Antispam Activity <ul><li>Performance counters </li></ul><ul><ul><li>Messages Per SCL level </li></ul></ul><ul><ul><li>Total Messages sent to Quarantine, Deleted, Rejected </li></ul></ul><ul><ul><li>Aggregated in Exchange 2007 Server MOM </li></ul></ul><ul><li>Reports </li></ul><ul><ul><li>Hit Rate for Block Lists </li></ul></ul><ul><ul><li>Top spam sender domain, top spam sending IP </li></ul></ul><ul><ul><li>Top targeted domain/recipient </li></ul></ul>
    • 39. Connection Filtering <ul><li>IP allow lists, IP deny lists </li></ul><ul><ul><li>Block or allow connections before accepting message content </li></ul></ul><ul><ul><li>Supports public deny and allow list providers </li></ul></ul><ul><ul><li>Overrides all other spam features </li></ul></ul><ul><ul><li>Received Chain Analysis - Can be configured to operate behind mail relays </li></ul></ul><ul><ul><ul><li>Requires message headers be accepted </li></ul></ul></ul><ul><li>Microsoft IP Reputation Service </li></ul><ul><ul><li>Sender Reputation built from Hotmail Data </li></ul></ul><ul><ul><li>Distributed via Microsoft Updates Packages </li></ul></ul>
    • 40. Internet Sender Authentication <ul><li>Sender ID and DKIM (formerly Domain Keys) detect spoofing </li></ul><ul><li>Detecting spoofing helps detect spam and phishing </li></ul><ul><li>Sender ID and DKIM provide internet scale authentication for business-to-consumer messaging </li></ul>
    • 41. Sender Id <ul><li>Identify forged mail from Sender Id compliant domains </li></ul><ul><ul><li>Identifies likely sender with Purported Responsible Address (PRA) algorithm </li></ul></ul><ul><ul><li>Queries Domain Name Servers (DNS) for the Sender Id record, which returns the list of acceptable outbound mail servers IP Addresses </li></ul></ul><ul><ul><li>Checks incoming IP against acceptable list </li></ul></ul><ul><ul><li>Mail from other IPs considered a fail </li></ul></ul><ul><li>Admins may configure to </li></ul><ul><ul><li>Reject message </li></ul></ul><ul><ul><li>Tag and Pass - Contributes to Content Filtering Score </li></ul></ul>
    • 42. Protocol Filtering <ul><li>Recipient filtering </li></ul><ul><ul><li>EdgeSync maintains the recipient list on the Edge server </li></ul></ul><ul><ul><li>Multi-forest deployments require that addresses be synched to forest to which Edge servers are “subscribed” </li></ul></ul><ul><li>Protocol analysis </li></ul><ul><ul><li>Learns locally from the connections and messages that are seen on the specific server </li></ul></ul><ul><ul><li>Builds server local reputation and blocking targeted spam attacks. </li></ul></ul><ul><ul><ul><li>Based on average spam rating, open proxy checks, protocol anomalies </li></ul></ul></ul>
    • 43. Intelligent Message Filter v3.0 <ul><li>Machine learning </li></ul><ul><ul><li>Generates a Spam Confidence Level (SCL) value based on Message Characteristics </li></ul></ul><ul><li>Authenticated domain reputation </li></ul><ul><ul><li>Very good and very bad domains </li></ul></ul><ul><ul><li>Catch spammers that use Sender Id </li></ul></ul><ul><li>Spam signatures </li></ul><ul><ul><li>block specific spam campaigns. </li></ul></ul><ul><ul><li>Effective against minispam </li></ul></ul><ul><li>Outlook E-mail postmark validation </li></ul><ul><ul><li>Aka Presolved Puzzle Validation </li></ul></ul><ul><ul><li>Increase deliverability of Outlook email </li></ul></ul>
    • 44. Intelligent Message Filter v3.0 <ul><li>Anti-phishing </li></ul><ul><ul><li>Most critical phishing attacks/complaints aggregated from Hotmail and a number of 3rd party reputation services leveraged on Edge (via MU) </li></ul></ul><ul><ul><li>Phishing Confidence Level stamped on Edge, is used by OWA/Outlook 2007 to drive Junk Folder user experience </li></ul></ul><ul><ul><li>Links are disabled </li></ul></ul><ul><ul><li>Content is “flattened” </li></ul></ul><ul><li>Custom weight lists </li></ul><ul><ul><li>good and “naughty” words </li></ul></ul><ul><ul><li>Affect the score set by the filter </li></ul></ul><ul><ul><li>Used rarely for tuning </li></ul></ul>
    • 45. <ul><li>Client authenticating to ISA </li></ul><ul><li>Forms Based Authentication: username and password </li></ul><ul><li>Two-factor authentication: certificates or SecurID One- Time-Passwords </li></ul><ul><li>HTTP standards: Basic, NTLM, Negotiate </li></ul><ul><li>Authentication providers </li></ul><ul><li>AD (Windows) when ISA is a domain member </li></ul><ul><li>AD (LDAP) when ISA is not a domain member </li></ul><ul><li>RADIUS – limited support for groups </li></ul><ul><li>RADIUS for One-Time- Passwords </li></ul><ul><li>RSA SecurID (w/ Authentication Manager) </li></ul>ISA 2006 Pre-Authentication Mobile Client Web Client User Directory ISA 2006 Array Web Server 1 2 3 FBA SecurID Client Certificate Basic NTLM Negotiate Basic NTLM Negotiate SecurID KCD AD (Windows) AD (LDAP) RADIUS Server SecurID Server
    • 46. <ul><li>ISA authenticating to Web </li></ul><ul><li>Server (eg. OWA, EAS) </li></ul><ul><li>Basic/NTLM/Negotiate </li></ul><ul><li>SecurID </li></ul><ul><li>Kerberos Constrained Delegation </li></ul><ul><li>Single Sign On </li></ul><ul><li>No need for additional sign-on to Web server </li></ul><ul><li>Published web sites must share DNS suffix and be published through the same ISA array </li></ul><ul><li>Client must support cookies </li></ul>ISA 2006 Pre-Authentication (Contd.) Mobile Client Web Client User Directory ISA 2006 Array Web Server 1 2 3 FBA SecurID Client Certificate Basic NTLM Negotiate Basic NTLM Negotiate SecurID KCD AD (Windows) AD (LDAP) RADIUS Server SecurID Server

    ×