Forefront Microsoft Part 3
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Forefront Microsoft Part 3

on

  • 215 views

 

Statistics

Views

Total Views
215
Views on SlideShare
215
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Slide Title: Title Slide <br /> Keywords: <br /> Key Message: Welcome to this Microsoft TechNet session Deploying Forefront Client Security, Part 1. <br /> Slide Builds: 0 <br /> Slide Script: <br /> Hello and welcome to this Microsoft TechNet session Deploying Forefront Client Security, Part 1. My name is {insert name}. This is part one of a two part session in which we explore how to prepare for and deploy Forefront Client Security. <br /> Slide Transition: Let us start this session by going into more detail about exactly what we will be covering. <br /> Slide Comment: <br /> Additional Information: <br />
  • Slide Title: What Will We Cover <br /> Keywords: What we will cover <br /> Key Message: In this session we will learn about the first steps to deploying FCS. <br /> Slide Builds: 2 <br /> Slide Script: <br /> In this session, we’ll have a short, high-level overview of Forefront Client Security (FCS), to see where it fits into enterprise security. <br /> [BUILD1] Before you can deploy FCS in your organization, you have to meet some minimum hardware requirements and have several software packages installed on the server and clients. We’ll go over what these requirements are in the order in which they need to be met. <br /> [BUILD2] For some of the software prerequisites, we’ll go into greater detail on where to get software, options to choose when installing prerequisites, and post-install configuration of prerequisite software to get your server and clients ready for a successful FCS deployment. By the end of this session, you’ll be able to prepare servers and clients for a deployment of FCS. <br /> Slide Transition: As with most TechNet sessions, some prior experience of Microsoft technologies or similar technologies is always helpful. Here’s a brief overview of what would be helpful, but not essential, for this session. <br /> Slide Comment: <br /> Additional Information: <br />
  • Today, infection by malicious software creates a costly problem for businesses. Gartner has estimated that 20-40% of help desk calls are related to spyware and in a recent Forrester survey asking about IT security risks that technology decision-makers are concerned about, 73% of firms rated viruses and worms as their top concern. <br /> Microsoft Forefront Client Security provides unified malware protection for business desktops, laptops and server operating systems that is easier to manage and control. Built on the same highly successful Microsoft protection technology already used by millions of people worldwide, Forefront Client Security helps guard against emerging threats such as spyware and rootkits as well as traditional threats such as viruses, worms and Trojan horses. By delivering simplified administration through central management and providing critical visibility into threats and vulnerabilities, Forefront Client Security helps you protect your business with greater confidence and efficiency. Forefront Client Security integrates with your existing infrastructure software, such as Active Directory, and complements other Microsoft security technologies for better protection and greater control. <br /> Unified Protection <br /> Microsoft Forefront Client Security delivers unified protection from current and emerging malware, so you can feel confident that your business systems are better protected against a broad range of threats. Through a single agent, Microsoft Forefront Client Security provides real-time detection and removal of spyware, rootkits, and other emerging threats as well as traditional attacks such as viruses and worms. <br /> Microsoft Forefront Client Security unified protection capabilities deliver: <br /> Protection technology already used by millions of people worldwide <br /> Forefront Client Security employs the same highly successful Microsoft protection technology already used in products such as Windows Live™ OneCare, Windows® Defender and Windows Live Safety Center. <br /> Effective threat response <br /> Forefront Client Security offers effective response through automated analysis of multiple data sources, backed by a 24/7 global security research organization. Microsoft’s advanced security analysis is powered by multiple data sources, including Dr. Watson, Hotmail®, Microsoft Exchange Hosted Services, Microsoft’s protection technologies, Web crawlers, community submissions, and industry collaboration. <br /> Defense-in-depth as part of a comprehensive security solution <br /> Forefront Client Security delivers defense-in-depth when combined with other security solutions such as Microsoft Antigen, Microsoft Internet Security & Acceleration (ISA) Server and Microsoft Exchange Hosted Services. <br /> Simplified Administration <br /> Microsoft Forefront Client Security provides simplified administration through central management, so you can protect your business with greater efficiency. With one console for simplified client security administration, Microsoft Forefront Client Security saves time and reduces complexity. Using familiar interfaces similar to those found in other Microsoft tools, the console can be used for both local and remote access to all administrative functions including configuration, signature updates, reporting and alerting. <br /> Microsoft Forefront Client Security simplified administration capabilities enable you to: <br /> Define one policy to manage client protection agent settings <br /> Forefront Client Security helps increase your efficiency through a single policy that configures the anti-spyware, anti-virus and state assessment technologies for one or more protected computers. New policies are created with preconfigured settings that can be easily tailored to the needs of your environment. Policies also include alert level settings that can be easily configured to specify the type and volume of alerts and events generated by different groups of protected machines. Policies can be deployed via Active Directory® or any existing software distribution system that you are familiar with. <br /> Deploy signatures and software faster <br /> Forefront Client Security enables faster signature and software deployment to desktops, laptops and server operating systems. The product is optimized for signature distribution through Windows Server™ Update Services (WSUS); however security administrators can also use any software distribution system to deploy Forefront Client Security signatures or software. Forefront Client Security agent software is designed to deploy as a single client package that includes all protection and management capabilities. <br /> Integrate with your existing infrastructure <br /> Forefront Client Security helps you gain greater control over your client security by integrating with your existing infrastructure software. Microsoft SQL Server is used by the Forefront Client Security event and reporting system. Active Directory® Group Policy or any other software distribution system can be used to deploy Forefront Client Security agent settings. <br /> Critical Visibility and Control <br /> Microsoft Forefront Client Security produces insightful prioritized security reports, so you have visibility and control over malware threats. A single dashboard snapshot of your current security status helps you understand where action is required. <br /> Microsoft Forefront Client Security critical visibility and control capabilities give you the ability to: <br /> View insightful reports <br /> Forefront Client Security helps you prioritize your time and focus on what’s most important now through easy to use insightful reports. Forefront Client Security reports give you the ability to examine real-time data and emerging trends. Each report is hyperlinked to enable you to connect directly to critical information. The reporting system within Forefront Client Security allows you to drill down from the summary dashboard to more detail as required, and to deliver executive reports that crisply communicate status to senior management. <br /> Stay informed with state assessment scans and security alerts <br /> Forefront Client Security provides the tools necessary to focus on key threats and potential vulnerabilities throughout your business. State assessment scans help you to determine which Forefront Client Security managed machines need patches or are configured insecurely. When threats are identified, insightful, prioritized information is delivered through security alerts that eliminate the need to search through volumes of data. <br /> Microsoft Forefront Client Security is designed for business customers who want one solution for real-time detection and removal of spyware, rootkits, and other emerging threats as well as traditional attacks such as viruses, worms and Trojan horses. An early beta version of Microsoft Forefront Client Security has been shipped to selected customers. Microsoft plans to make the public beta version of Microsoft Forefront Client Security available in Q4 of CY2006. The product is targeted for release to manufacture in the first half of CY2007. <br /> Microsoft Forefront Client Security will be available for purchase through Microsoft’s volume licensing programs. In addition, Forefront Client Security will be included in the upcoming Forefront Security Suite and Enterprise CAL Suite. Further pricing and licensing information, including further details of Microsoft volume licensing program benefits, will be announced at a later date. More general information about how to buy Forefront security products is available at: http://www.microsoft.com/forefront. <br /> Microsoft Forefront Client Security was previously known as Microsoft Client Protection. <br />
  • . <br />
  • Slide Title: Demonstration: Installing Client Prerequisites <br /> Keywords: <br /> Key Message: Demonstration <br /> Slide Builds: 0 <br /> Slide Script: <br /> In this demonstration, we will install and configure some of FCS prerequisites on client workstations. <br /> Slide Transition: Let’s take a quick look at what we’ll cover in part two of this session. <br /> Slide Comment: <br /> Additional Information: <br />
  • . <br />
  • . <br />
  • Slide Title: Install WSUS <br /> Keywords: Forefront Client Security, WSUS, Windows Server Update Services <br /> Key Message: Windows Server Update Services is required to distribute definitions to FCS clients. <br /> Slide Builds: 3 <br /> Slide Script: <br /> The FCS distribution role requires Windows Server Update Services with SP1 to be installed. During the installation process, on the Select Update Source page, verify that the Store Updates Locally check box is selected; you will need to store updates locally to distribute FCS definitions from the FCS server to FCS clients. <br /> [BUILD1] <br /> Also, during installation, on the Web Site Selection page, select Create a Microsoft Windows Server Update Services Web site. This option is required because FCS requires WSUS to use port 8530. <br /> [BUILD2] <br /> Before installing and configuring the FCS distribution role, you should configure the automatic approval rules for WSUS to allow for automatic distribution of updates. This will help speed the distribution of FCS definition updates by not requiring manual approval for each update. <br /> [BUILD3] <br /> After the installation is complete, start the WSUS console application in the Administrative Tools Group and perform a manual synchronization. If you use a proxy server on your network, you can specify the proxy server settings for WSUS after installing it. The first time you synchronize your WSUS server, it can take several hours. When WSUS has successfully synchronized, the prerequisite installation is complete, and you can move forward with installing the FCS Server. <br /> Slide Transition: Let’s see a demonstration of how to install some of the client prerequisites for FCS. <br /> Slide Comment: <br /> Additional Information: <br /> Configuring WSUS to use a Proxy Server <br /> FCS Deployment Guide <br />
  • Slide Title: Demonstration: Installing Client Prerequisites <br /> Keywords: <br /> Key Message: Demonstration <br /> Slide Builds: 0 <br /> Slide Script: <br /> In this demonstration, we will install and configure some of FCS prerequisites on client workstations. <br /> Slide Transition: Let’s take a quick look at what we’ll cover in part two of this session. <br /> Slide Comment: <br /> Additional Information: <br />
  • Slide Title: Understanding Policies <br /> Keywords: Forefront Client Security, FCS, Policies, Client Protection Console <br /> Key Message: In FCS, configurations are determined by the policies that an administrator sets. <br /> Slide Builds: 1 <br /> Slide Script: <br /> In FCS, configurations are determined by the policies that an administrator sets. Policies determine the state of the client computer, which clients are affected, the specific operations a scan performs, what information to report to the FCS server, and how often to report it. FCS stores and deploys policies as a collection of registry key settings. A policy can be applied domain-wide or to a particular organizational unit. <br /> The administrator uses the Forefront Client Security Console to create and edit policies. <br /> [BUILD1] <br /> Group Policy Management Console, GPMC, is a prerequisite for installing FCS, because Group Policies are the primary vehicle for deploying Forefront Client Security policies to client computers. When you create a policy, it is deployed as a Group Policy object, or GPO. You can edit, remove, or delete any GPOs that you have created. You can also export your policies as registry files if you need to deploy them through another program. <br /> A computer can only have one policy. If a new policy is applied to the OU, or domain of a computer that already has received an FCS policy, the first policy will be completely removed and replaced by the new policy. <br /> Because policies are an easily deployed .reg file, other deployment tools, such as Systems Management Server or third party tools, can also be used to deploy FCS policies. <br /> Slide Transition: Let’s take a more detailed look at the software prerequisites for FCS. <br /> Slide Comment: <br /> Additional Information: <br /> Forefront Client security help file <br /> Forefront Client Security Getting Started Guide <br />
  • Slide Title: Alerting and Reporting Architecture <br /> Keywords: MOM, alerts, reports, FCS, Forefront <br /> Key Message: FCS uses Microsoft Operations Manager Reporting to collect and view alerts and reports. <br /> Slide Builds: 5 <br /> Slide Script: <br /> FCS Reporting and Alerting server is responsible for collecting client alerts and generating administrative reports. It makes use of Microsoft Operations Manager 2005 as a platform for the collection of FCS data. The FCS security agent, which runs on desktop computers, mobile computers, and servers, includes not only an integrated antivirus/anti-spyware engine, but also a specially configured MOM Agent. <br /> [BUILD1] FCS anti-malware and state assessment services on the client will write events to the system log. <br /> [BUILD2] The MOM Agent monitors the system log and collects relevant data, sending it to the MOM server that is acting as the FCS Reporting server. <br /> [BUILD3] The MOM server places the data into the MOM database. Typical FCS data is stored in the event table, the alert table, and the state table. Long-term event and alert data, typically anything over 24 hours old, can be offloaded to the MOM DWH. This long-term data is still available for reports. <br /> [BUILD4] Reports are created in SQL Reporting Services. FCS ships with prebuilt XML report files that contain the SQL queries, source table definitions, and rendering directives with which to read the MOM data and build reports upon request. <br /> [BUILD5] The resulting reports are accessible through a Web browser. <br /> Slide Transition: Now we can configure our alert policy. <br /> Slide Comment: <br /> Additional Information: <br /> www.microsoft.com/mom <br /> FCS Deployment Guide <br />
  • Slide Title: Demonstration: Running and Reviewing Reports <br /> Keywords: <br /> Key Message: Demonstration <br /> Slide Builds: 0 <br /> Slide Script: <br /> In this demonstration, we will create and review reports. <br /> Slide Transition: This is what we have covered in this session. <br /> Slide Comment: <br /> Additional Information: <br />

Forefront Microsoft Part 3 Presentation Transcript

  • 1. Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist Microsoft Brasil
  • 2. • Overview • Architecture • Unified Protection • Simplified Administration • Visibility and Control • Additional Resources Agenda
  • 3. 3  Solução unificada contra virus e spyware  Construido usando como base tecnologia usada por milhões de usuários  Resposta a ameaças eficaz  Complementa as outras soluções de segurança Microsoft  Console única para administração de segurança  Definição de uma única política para as configurações de proteção de clientes  Distribuição de assinaturas e software de forma mais rápida  Integração com a infra estrutura existente  Um único painel de controle para visualização de ameaças e vulnerabilidades  Visualização de relatórios mais importantes  Permite que os administradores se mantenham informados sobre o estado de scannings, alertas de segurança Proteção unificada contra malware para desktops, laptops e servidores corporativos com gerenciamento e controle unificados
  • 4. Greater confidence Greater efficiency Greater control Proteção unificada contra malware para desktops, laptops e servidores corporativos com gerenciamento e controle unificados
  • 5. 5 Remove mostRemove most prevalent virusesprevalent viruses Remove allRemove all known virusesknown viruses Real-timeReal-time antivirusantivirus Remove allRemove all known spywareknown spyware Real-timeReal-time antispywareantispyware Central reportingCentral reporting and alertingand alerting CustomizationCustomization Forefront ClientForefront Client SecuritySecurity MSRTMSRT WindowsWindows DefenderDefender Windows LiveWindows Live Safety CenterSafety Center Windows LiveWindows Live OneCareOneCare IT InfrastructureIT Infrastructure IntegrationIntegration FOR INDIVIDUAL USERSFOR INDIVIDUAL USERS FOR BUSINESSESFOR BUSINESSES
  • 6. 6
  • 7. • One solution for spyware and virus protection • Built on protection technology used by millions worldwide • Effective threat response • Complements other Microsoft security products
  • 8. • One engine for virus and spyware protection – Also used in Windows Defender, OneCare, Antigen, Forefront Server Security products, MSRT, etc. – Simplified deployment and administration – Reduces conflict when detecting blended threats • Detection and removal capabilities include: – Real-time, scheduled or on-demand detection & removal – Comprehensive system cleaning for viruses and spyware, with checks to ensure system is fully functional after cleaning – Scanning dozens of archives and packers – Using tunneling signatures that bypass user-mode rootkits – Code emulation for behavior analysis and polymorphic viruses – Heuristic detections for new malware and variants
  • 9. • Kernel mode scanning – On-Access Mini Filter – Essential to any Malware protection – Malware must compromise kernel to evade – Malware is prevented from executing entirely • User mode scanning – System Configuration – Internet Explorer Add-ons – Internet Explorer Configurations – Internet Explorer Downloads – Services and Drivers – Application Execution – Application Registration – Windows Add-ons Antimalware – Real Time ScanningAntimalware – Real Time Scanning
  • 10.  Quick Scan – In memory processes – Targeted Directories * • User Profile • Desktop • System Directories • Program Files – Common Malware extensibility points * Full Scan – All aspects of Quick Scan – Full evaluation of local drives Antimalware – Scheduled ScanningAntimalware – Scheduled Scanning * Defined in Definition Update to respond to Malware evolution* Defined in Definition Update to respond to Malware evolution
  • 11. Demo • Using Forefront Client Security to Protect Client Computers •Simplified Administration DDemonstration
  • 12. Define security steady state Specify the ongoing security behavior of my clients Keep systems up-to-date Ensure that clients have the latest signatures View reports Determine the security state, now and over time Respond to alerts What critical security events require my attention?
  • 13. One console for simplified security administration One policy to manage client protection agent settings, e.g.: Choice of 3 integrated policy profile deployment methods: Microsoft Forefront Client Security Console (uses AD/GP) ADM file (uses AD/GP) Export to a file then use existing software distribution system Anti-spyware unknown actionAnti-spyware unknown action Alert levelAlert level Event and logging settingsEvent and logging settings SpyNet reporting on/offSpyNet reporting on/off Level of end-user UI shownLevel of end-user UI shown Scan scheduleScan schedule Real time protection on/offReal time protection on/off Signature update frequencySignature update frequency Anti-spyware signature overridesAnti-spyware signature overrides Security state assessment settingsSecurity state assessment settings
  • 14. Console deploys policy through use of Active Directory® Group Policy Objects Granularity at OU-level with exceptions using security groups Console creates GPO, sends to Sysvol, GP deploys profile Policy applied on host per AD default READ,READ, SAVESAVE GPOGPO
  • 15. Signature deployment optimized for Windows Server Update Services (WSUS) Can use any software distribution system Auto and manual approval of definitions Client Security installs an Update Assistant service to: Increase sync frequency between WSUS and Microsoft Update (MU) for definitions Support for roaming users Failover from WSUS to Microsoft Update MalwareMalware ResearchResearch MicrosoftMicrosoft UpdateUpdate WSUS + UpdateWSUS + Update AssistantAssistant Desktops, LaptopsDesktops, Laptops and Serversand Servers SyncSync SyncSync ®
  • 16. Install WSUS • Store updates locally • Create a WSUS Web site during installation—FCS requires WSUS to use port 8530 • Configure automatic approval • First synchronization can take several hours
  • 17. • One console for simplified security administration • Define one policy to manage client protection agent settings • Deploy signatures and software faster • Integrates with your existing infrastructure
  • 18. • Supported Platforms – Server • Windows 2003 Server/SP1 • Windows 2003 Server/R2 • Longhorn Server (at RTM) – Client • Windows 2000/SP4 + Rollup – Requires GDI+ QFE • Windows XP/SP2 – Requires Filter Manager QFE • Windows Vista – Business SKUs only
  • 19. • Server – Server Setup – Configuration Wizard • Client – Command line (no UI) – Use existing deployment technologies • Policy – AD – .reg file (client side tool) • Signatures – WSUS – SMS/others (RTM)
  • 20. Demo • Visibility and Control • Updating Signature Files • Using Policies to Manage Client Computers DDemonstration
  • 21. Understanding Policies Forefront Client Security Console Administrator creates& deploys policy Group Policy Management Console Clients
  • 22. 22  One dashboard for visibility into threats and vulnerabilities  View insightful reports  Stay informed with state assessment scans and security alerts
  • 23. Security SummarySecurity SummarySecurity SummarySecurity Summary
  • 24. 26 Malware outbreakMalware outbreak Malware protection disabledMalware protection disabled Malware detectedMalware detected Malware failed to removeMalware failed to remove Respond to Alerts Alerting Functionality Notificação e administração dos valores de incidentes incluindo: Controle do tipo de nivel de alertas & volume de alertas geradosControle do tipo de nivel de alertas & volume de alertas gerados 11 55443322 OutbreakOutbreak MalwareMalware removal failedremoval failed SignatureSignature update failedupdate failed Malware detectedMalware detected and removedand removed Signature updateSignature update failed (per min)failed (per min) Rich Data,Rich Data, High Value AssetsHigh Value Assets Critical Issues Only,Critical Issues Only, Low Value AssetsLow Value Assets
  • 25. Client (Host) Alerting and Reporting Architecture MOM Server SQL Server Reporting Services System Log MOM Agent •Event Table •Alerts Table •State Table
  • 26. 28 Viewing Reports Reporting Details Integração com MOM 2005 Uso SQL Reporting Services Demonstra o status da segurança contra malware na sua empresa Especifica point-in-time e over time Tipos de Relatorios Malware Threat(s)Malware Threat(s) Vulnerability SummaryVulnerability Summary Scan ResultsScan Results Historical InformationHistorical Information Summary ReportSummary Report DeploymentDeployment AlertsAlerts ComputersComputers
  • 27. Demo Running and Reviewing Reports View Security State Assessment report View Computer Detail report demonstration
  • 28. •CurrentCurrent •ClientClient •ServerServer •EdgeEdge •Dec 2006Dec 2006 •20072007++ •TBDTBD Security Product Roadmap Antigen Messaging Security Suite Microsoft®
  • 29. • Public beta available now! – Download at http://www.microsoft.com/clientsecurity – Community-based support at http://www.microsoft.com/technet/clientsecurity • Release To Manufacture planned for Q2 CY2007
  • 30. http://www.microsoft.com/isaserver/2006 http://www.microsoft.com/clientsecurityhttp://www.microsoft.com/clientsecurity http://www.microsoft.com/antigenhttp://www.microsoft.com/antigen Put your organization through a security auditPut your organization through a security audit Contact your Microsoft rep or reseller for informationContact your Microsoft rep or reseller for information and adviceand advice http://www.microsoft.com/forefronthttp://www.microsoft.com/forefront Download trial versions ofDownload trial versions of Register for beta information aboutRegister for beta information about
  • 31. Other Resources Technical Chats and WebcastsTechnical Chats and Webcasts http://www.microsoft.com/communities/chats/default.mspxhttp://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asphttp://www.microsoft.com/usa/webcasts/default.asp Microsoft Learning and CertificationMicrosoft Learning and Certification http://www.microsoft.com/learning/default.mspxhttp://www.microsoft.com/learning/default.mspx MSDN & TechNetMSDN & TechNet http://microsoft.com/msdnhttp://microsoft.com/msdn http://microsoft.com/technethttp://microsoft.com/technet Virtual LabsVirtual Labs http://www.microsoft.com/technet/traincert/virtuallab/rms.mspxhttp://www.microsoft.com/technet/traincert/virtuallab/rms.mspx
  • 32. © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.