Protegendo seus desktops e servidores com
o Microsoft Forefront Client Security
Visão Geral e Implementação Técnica – Parte 3
Ricardo Frois
Security Specialist
Microsoft Brasil
Agenda
• Overview
• Architecture
• Unified Protection
• Simplified Administration
• Visibility and Control
• Additional Resources
Proteção unificada contra malware para desktops, laptops e
servidores corporativos com gerenciamento e controle unificados











Solução unificada contra virus e spyware
Construido usando como base tecnologia usada por milhões de
usuários
Resposta a ameaças eficaz
Complementa as outras soluções de segurança Microsoft
Console única para administração de segurança
Definição de uma única política para as configurações de proteção
de clientes
Distribuição de assinaturas e software de forma mais rápida
Integração com a infra estrutura existente
Um único painel de controle para visualização de ameaças e
vulnerabilidades
Visualização de relatórios mais importantes
Permite que os administradores se mantenham informados sobre o
estado de scannings, alertas de segurança
3
Proteção unificada contra malware para desktops, laptops e
servidores corporativos com gerenciamento e controle unificados
Greater confidence
Greater efficiency
Greater control
FOR INDIVIDUAL USERS
FOR BUSINESSES
Forefront Client
Windows
Defender
MSRT
Remove most
prevalent viruses
Remove all
known viruses
Real-time
antivirus
Remove all
known spyware
Real-time
antispyware
Central reporting
and alerting
Customization
IT Infrastructure
Integration
5
Windows Live Windows Live
Safety Center
OneCare
Security
6
• One solution for spyware and virus protection
• Built on protection technology used by millions
worldwide
• Effective threat response
• Complements other Microsoft security products
•
One engine for virus and spyware protection
–
Also used in Windows Defender, OneCare, Antigen, Forefront Server Security products, MSRT,
etc.
•
–
Simplified deployment and administration
–
Reduces conflict when detecting blended threats
Detection and removal capabilities include:
–
Real-time, scheduled or on-demand detection & removal
–
Comprehensive system cleaning for viruses and spyware, with checks to ensure system is fully
functional after cleaning
–
Scanning dozens of archives and packers
–
Using tunneling signatures that bypass user-mode rootkits
–
Code emulation for behavior analysis and polymorphic viruses
–
Heuristic detections for new malware and variants
Antimalware – Real Time Scanning
•
Kernel mode scanning
• User mode scanning
–
On-Access Mini Filter
– System Configuration
–
Essential to any Malware
– Internet Explorer Add-ons
protection
– Internet Explorer
–
–
Malware must compromise
Configurations
kernel to evade
– Internet Explorer Downloads
Malware is prevented from
– Services and Drivers
executing entirely
– Application Execution
– Application Registration
– Windows Add-ons
Antimalware – Scheduled Scanning
 Quick Scan
– In memory processes
– Targeted Directories *
• User Profile
• Desktop
• System Directories
• Program Files
– Common Malware
extensibility points *
* Defined in Definition Update to respond to Malware evolution
Full Scan
– All aspects of Quick Scan
– Full evaluation of local
drives
Demo
Demonstration
• Using Forefront Client Security to Protect
Client Computers
•Simplified Administration
Define security steady state
Specify the ongoing security behavior of my clients
Keep systems up-to-date
Ensure that clients have the latest signatures
View reports
Determine the security state, now and over time
Respond to alerts
What critical security events require my attention?
One console for simplified security administration
One policy to manage client protection agent settings, e.g.:
Scan schedule
Real time protection on/off
Signature update frequency
Anti-spyware signature overrides
Security state assessment settings
Anti-spyware unknown action
Alert level
Event and logging settings
SpyNet reporting on/off
Level of end-user UI shown
Choice of 3 integrated policy profile deployment methods:
Microsoft Forefront Client Security Console (uses AD/GP)
ADM file (uses AD/GP)
Export to a file then use existing software distribution system
Console deploys policy through use of Active
Directory Group Policy Objects
®
GPO
READ,
SAVE
Granularity at OU-level with exceptions using
security groups
Console creates GPO, sends to Sysvol, GP
deploys profile
Policy applied on host per AD default
Malware
Research
Signature deployment optimized for Windows
®
Server Update Services (WSUS)
Microsoft
Update
Can use any software distribution system
Sync
Auto and manual approval of definitions
Client Security installs an Update Assistant service
WSUS + Update
Assistant
to:
Increase sync frequency between WSUS and
Microsoft Update (MU) for definitions
Sync
Support for roaming users
Failover from WSUS to Microsoft Update
Desktops, Laptops
and Servers
Install WSUS
• Store updates locally
• Create a WSUS Web site during
installation—FCS requires WSUS
to use port 8530
• Configure automatic approval
• First synchronization can take
several hours
• One console for simplified security
administration
• Define one policy to manage client protection
agent settings
• Deploy signatures and software faster
• Integrates with your existing infrastructure
•
Supported Platforms
– Server
•
•
•
Windows 2003 Server/SP1
Windows 2003 Server/R2
Longhorn Server (at RTM)
– Client
•
Windows 2000/SP4 + Rollup
– Requires GDI+ QFE
•
Windows XP/SP2
– Requires Filter Manager QFE
•
Windows Vista
– Business SKUs only
•
•
•
•
Server
–
Server Setup
–
Configuration Wizard
Client
–
Command line (no UI)
–
Use existing deployment technologies
Policy
–
AD
–
.reg file (client side tool)
Signatures
–
WSUS
–
SMS/others (RTM)
Demo
Demonstration
• Visibility and Control
• Updating Signature Files
• Using Policies to Manage Client Computers
Understanding Policies
Forefront Client Security Console
Administrator creates & deploys policy
Group Policy
Management Console
Clients

One dashboard for visibility
into threats and vulnerabilities

View insightful reports

Stay informed with state
assessment scans and security
alerts
22
Security Summary
Respond to Alerts
Alerting Functionality
Notificação e administração dos valores de incidentes
incluindo:
Malware detected
Malware outbreak
Malware failed to remove
Malware protection disabled
Controle do tipo de nivel de alertas & volume de alertas gerados
Critical Issues Only,
Low Value Assets
Outbreak
1
2
Malware
removal failed
3
4
5
Rich Data,
High Value Assets
Signature
Malware detected Signature update
update failed
and removed
failed (per min)
26
Alerting and Reporting Architecture
Client (Host)
System Log
MOM Server
•Event Table
•Alerts Table
•State Table
MOM Agent
SQL Server
Reporting
Services
Viewing Reports
Reporting Details
Integração com MOM 2005
Uso SQL Reporting Services
Demonstra o status da segurança contra malware na
sua empresa
Especifica point-in-time e over time
Tipos de Relatorios
Summary Report
Malware Threat(s)
Deployment
Vulnerability Summary
Alerts
Scan Results
Computers
Historical Information
28
Demo
demonstration
Running and Reviewing Reports
View Security State Assessment report
 View Computer Detail report

Security Product Roadmap
•Current
•Dec 2006
•2007+
•Client
•Server
Microsoft®
Antigen
Messaging Security Suite
•Edge
•TBD
• Public beta available now!
– Download at
http://www.microsoft.com/clientsecurity
– Community-based support at
http://www.microsoft.com/technet/clientsecurity
• Release To Manufacture planned for
Q2 CY2007
Put your organization through a security audit
http://www.microsoft.com/forefront
Download trial versions of
http://www.microsoft.com/isaserver/2006
http://www.microsoft.com/antigen
Register for beta information about
http://www.microsoft.com/clientsecurity
Contact your Microsoft rep or reseller for information
and advice
Other Resources
Technical Chats and Webcasts
http://www.microsoft.com/communities/chats/default.mspx
http://www.microsoft.com/usa/webcasts/default.asp
Microsoft Learning and Certification
http://www.microsoft.com/learning/default.mspx
MSDN & TechNet
http://microsoft.com/msdn
http://microsoft.com/technet
Virtual Labs
http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx
© 2006 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Download

Deploying Forefront Client Security, Part 1