Forefront Security for Exchange Server/SharePoint 之建置與管理

Forefront Security for Exchange Server/SharePoint

Forefront Security for Exchange Server/SharePoint

1Forefront Server Security Forefront Security for Exchange/SharePointForefront Server Security Forefront Server Security Forefront Server Security ()Forefront Security for Exchange Server Forefront Server Microsoft Antigen Forefront Security for SharePoint Forefront Security Exchange Server 2007 Exchange Microsoft AntigenForefront Server Security ()Forefront Security Forefront Security for Exchange Server Microsoft IP spam phishing Forefront Server Security ()Forefront Security for Exchange Server Forefront Security QuarantiningExtensive loggingCentralized update management

Forefront Security Forefront Security Forefront Security for Exchange Server Exchange 2007 Signature engine Forefront Security Forefront SecurityExchange 2007 Exchange Server 2007 Exchange Server 2003 mailboxhub transportclient access edge transport Forefront Exchange client access server Forefront Exchange 2007

Mailbox, hub and edge serversForefront mailbox Hub transport server mailbox edge transport Mail Edge transport server Mailbox, hub and edge servers

Mailbox and edge servers (no hub protection)Forefront mailbox mailbox servers Forefront mailbox servers Forefront edge transport mailbox edge transport Mailbox and edge servers (no hub protection)

Mailbox servers (no hub or edge protection) hub edge mailbox servers Forefront mailbox servers Malware IDS / IPSExchange 2003 Forefront Security Exchange Server 2003 Forefront Security Exchange edge transport server Exchange 2003 FE Servers mailbox servers Microsoft AntigenForefront Antigen email gatewaysExchange 2003 infrastructure

Forefront Forefront Security Exchange 2007 mailbox servers Forefront Security Exchange 2007 edge servers outbound Forefront Exchange hub servers ForefrontHub servers hub transport mailbox hub edge transport servers AV engines Forefront Security Forefront SecurityWARNING: Out of the box, Forefront is operational! Forefront Forefront Exchange AV engines AV enginesForefront Security MS AV engine engines MS AV TIPCA Inoculate is being discontinuedSelect CA Vet or other AV engine if it is one of the four random choice mailbox servers Real-time (four processes) set aside by default for background scans Manual mailboxes public folders mailbox servers n Scan on Scanner UpdateTIPDo not adjust scan jobs settings on mailbox servers unless necessary Public folder serversPublic folder servers Forefront Public folder hub edge servers high volume servers 10 AV enginesForefront Security Quarantining transport mailbox serversMax Certainty = five engines, Max Performance = one engineFavor Certainty (four engines) is the defaulSignature engine Forefront updatesForefront Security AV signatures engines anti-spam Forefront Security Microsoft Forefront servers MicrosoftForefront Security Forefront Security Microsoft Forefront Security serversForefront Security mailbox hub servers AD Domain member serversForefront Security edge servers Microsoft central servers edge servers proxy server AV engines signature

8/27/2007 6:20 PM 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Forefront Security servers round-robin

8/27/2007 6:20 PM 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Forefront Security

Forefront SecurityForefront Security Forefront Server Security Management Console 8/27/2007 6:20 PM 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.35Security Management ConsoleFSSMC Antigen Forefront serversServers Managed systems member servers FSSMC Agents managed systems edge transport servers fault tolerance8/27/2007 6:20 PM 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.36Centralizing Update DistributionFSSMC Microsoft engines signatures signature FSSMC Forefront Security servers FSSMC MicrosoftFSSMC 8/27/2007 6:20 PM 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.37Centralizing ConfigurationFSSMC Forefront Antigen Forefront8/27/2007 6:20 PM 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.38Other jobs and packagesFSSMC Software updatesReport collectionManual scansProduct activationNo MOM 2005/2007 Pack support yet8/27/2007 6:20 PM 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.39Centralized ReportingFSSMC Exchange servers quarantine information, SMTP messages processed, etc.8/27/2007 6:20 PM 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.40Forefront Security for SharePointHow Do Viruses Get To SharePoint?Today, viruses arrive primarily by accident not designUser uploads document with embedded payloadPossibly malicious user activity Risks in an extranet deploymentWindows XP user maps a network drive to \\server\sites\teamsiteIf a user is infected by a virus that attempts to propagate to network shares, then the virus can propagate to SharePoint sites

SQL document librarySharePoint Portal ServerUsers42 Why SharePoint Antivirus?File Server AV does not provide the level of protection needed to prevent SharePoint-related infectionsDesktop AV is not enough to solve the problemDesktop AV may detect infection within the cached copy, but cannot clean the stored copy in the document libraryForefront Security for SharePoint cleans the document in the library, ensuring all posted and downloaded documents are safeSignature distribution is often slow and problematic, and never contains five scanning engines43

UsersInternet

MalwareInapp. Content

Extranet

Indexing Server

Web Front End

SQL Back End

UsersMalwareInapp. Content

Management

Firewall44 Forefront Antivirus ScanningForefront provides two scan jobs:Realtime Scan Job Scans any files being uploaded to or downloaded from SharePointWorks with web browser or any other application accessing SharePointProvides proactive protection Manual Scan Job Scans all or part of SharePoint document library on demandScans can be scheduledCan be used to scan with engines different than Real-time scan job45Forefront Security for SharePoing SP1 Available AugForefront Security for SharePoint SP1 fixes:Eliminated User Impersonation IssuesIncreased Size of Files that may be Uploaded from 128MB to 2GBModified Manual Scanning ProcessCorrected Settings to Prevent SharePoint CrashEnabled the Proper Filtering of Non-ASCII KeywordsAdded Soft Block for Installing Forefront Security for SharePoint on a Box that has Forefront Security for ExchangeRemoved CA InoculateIT Engine due to CA Engine ConsolidationQ & A