protegendo seus desktops e servidores com o microsoft forefront client security visão geral e...
TRANSCRIPT
![Page 1: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/1.jpg)
Protegendo seus desktops e servidores com o Microsoft Forefront Client Security
Visão Geral e Implementação Técnica – Parte 3
Ricardo Frois
Security Specialist
Microsoft Brasil
![Page 2: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/2.jpg)
• Overview
• Architecture
• Unified Protection
• Simplified Administration
• Visibility and Control
• Additional Resources
Agenda
![Page 3: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/3.jpg)
3
Solução unificada contra virus e spyware Construido usando como base tecnologia usada por
milhões de usuários Resposta a ameaças eficaz Complementa as outras soluções de segurança Microsoft
Console única para administração de segurança Definição de uma única política para as configurações de
proteção de clientes Distribuição de assinaturas e software de forma mais
rápida Integração com a infra estrutura existente
Um único painel de controle para visualização de ameaças e vulnerabilidades
Visualização de relatórios mais importantes Permite que os administradores se mantenham informados
sobre o estado de scannings, alertas de segurança
Proteção unificada contra malware para desktops, laptops e servidores corporativos com gerenciamento e controle unificados
![Page 4: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/4.jpg)
Greater confidence
Greater efficiency
Greater control
Proteção unificada contra malware para desktops, laptops e servidores corporativos com gerenciamento e controle unificados
![Page 5: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/5.jpg)
5
Remove most Remove most prevalent viruses prevalent viruses
Remove all Remove all known known
viruses viruses Real-time Real-time antivirusantivirus
Remove all Remove all known known
spywarespywareReal-time Real-time antispywareantispyware
Central reporting Central reporting and alertingand alerting
CustomizationCustomization
Forefront Forefront ClientClient
SecuritySecurityMSRT MSRT Windows Windows DefenderDefender
Windows Windows Live Safety Live Safety
Center Center
Windows Windows Live Live
OneCare OneCare
IT Infrastructure IT Infrastructure IntegrationIntegration
FOR INDIVIDUAL USERSFOR INDIVIDUAL USERS FOR FOR BUSINESSESBUSINESSES
![Page 6: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/6.jpg)
6
![Page 7: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/7.jpg)
• One solution for spyware and virus protection
• Built on protection technology used by millions
worldwide
• Effective threat response
• Complements other Microsoft security products
![Page 8: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/8.jpg)
• One engine for virus and spyware protection
– Also used in Windows Defender, OneCare, Antigen, Forefront Server Security products, MSRT,
etc.
– Simplified deployment and administration
– Reduces conflict when detecting blended threats
• Detection and removal capabilities include:
– Real-time, scheduled or on-demand detection & removal
– Comprehensive system cleaning for viruses and spyware, with checks to ensure system is fully
functional after cleaning
– Scanning dozens of archives and packers
– Using tunneling signatures that bypass user-mode rootkits
– Code emulation for behavior analysis and polymorphic viruses
– Heuristic detections for new malware and variants
![Page 9: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/9.jpg)
• Kernel mode scanning– On-Access Mini Filter
– Essential to any Malware
protection
– Malware must compromise
kernel to evade
– Malware is prevented from
executing entirely
• User mode scanning– System Configuration
– Internet Explorer Add-ons
– Internet Explorer
Configurations
– Internet Explorer Downloads
– Services and Drivers
– Application Execution
– Application Registration
– Windows Add-ons
Antimalware – Real Time ScanningAntimalware – Real Time Scanning
![Page 10: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/10.jpg)
Quick Scan– In memory processes– Targeted Directories *
• User Profile• Desktop• System Directories• Program Files
– Common Malware extensibility points *
Full Scan
– All aspects of Quick Scan
– Full evaluation of local
drives
Antimalware – Scheduled ScanningAntimalware – Scheduled Scanning
* Defined in Definition Update to respond to Malware evolution* Defined in Definition Update to respond to Malware evolution
![Page 11: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/11.jpg)
Demo
• Using Forefront Client Security to Protect Client Computers
•Simplified Administration
DDemonstration
![Page 12: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/12.jpg)
Define security steady state
Specify the ongoing security behavior of my clients
Keep systems up-to-date
Ensure that clients have the latest signatures
View reports
Determine the security state, now and over time
Respond to alerts
What critical security events require my attention?
![Page 13: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/13.jpg)
One console for simplified security administration
One policy to manage client protection agent settings, e.g.:
Choice of 3 integrated policy profile deployment methods:
Microsoft Forefront Client Security Console (uses AD/GP)
ADM file (uses AD/GP)
Export to a file then use existing software distribution system
Anti-spyware unknown Anti-spyware unknown actionaction
Alert levelAlert level
Event and logging settingsEvent and logging settings
SpyNet reporting on/offSpyNet reporting on/off
Level of end-user UI shownLevel of end-user UI shown
Scan scheduleScan schedule
Real time protection on/offReal time protection on/off
Signature update frequencySignature update frequency
Anti-spyware signature Anti-spyware signature overridesoverrides
Security state assessment Security state assessment settingssettings
![Page 14: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/14.jpg)
Console deploys policy through use of Active
Directory® Group Policy Objects
Granularity at OU-level with exceptions using
security groups
Console creates GPO, sends to Sysvol, GP
deploys profile
Policy applied on host per AD default
READ,READ,
SAVESAVEGPOGPO
![Page 15: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/15.jpg)
Signature deployment optimized for Windows
Server Update Services (WSUS)
Can use any software distribution system
Auto and manual approval of definitions
Client Security installs an Update Assistant service
to:
Increase sync frequency between WSUS and
Microsoft Update (MU) for definitions
Support for roaming users
Failover from WSUS to Microsoft Update
Malware Malware ResearchResearch
Microsoft Microsoft UpdateUpdate
WSUS + WSUS + Update Update AssistantAssistant
Desktops, Laptops Desktops, Laptops and Serversand Servers
SyncSync
SyncSync
®
![Page 16: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/16.jpg)
Install WSUS
• Store updates locally
• Create a WSUS Web site during installation—FCS requires WSUS to use port 8530
• Configure automatic approval
• First synchronization can take several hours
![Page 17: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/17.jpg)
• One console for simplified security
administration
• Define one policy to manage client protection
agent settings
• Deploy signatures and software faster
• Integrates with your existing infrastructure
![Page 18: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/18.jpg)
• Supported Platforms
– Server• Windows 2003 Server/SP1
• Windows 2003 Server/R2
• Longhorn Server (at RTM)
– Client• Windows 2000/SP4 + Rollup
– Requires GDI+ QFE
• Windows XP/SP2– Requires Filter Manager QFE
• Windows Vista– Business SKUs only
![Page 19: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/19.jpg)
• Server
– Server Setup
– Configuration Wizard
• Client
– Command line (no UI)
– Use existing deployment technologies
• Policy
– AD
– .reg file (client side tool)
• Signatures
– WSUS
– SMS/others (RTM)
![Page 20: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/20.jpg)
Demo
• Visibility and Control
• Updating Signature Files
• Using Policies to Manage Client Computers
DDemonstration
![Page 21: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/21.jpg)
Understanding Policies
Forefront Client Security Console
Administrator creates & deploys policy
Group Policy Management Console
Clients
![Page 22: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/22.jpg)
22
One dashboard for visibility into threats and vulnerabilities
View insightful reports
Stay informed with state assessment scans and security alerts
![Page 23: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/23.jpg)
Security SummarySecurity SummarySecurity SummarySecurity Summary
![Page 24: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/24.jpg)
![Page 25: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/25.jpg)
![Page 26: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/26.jpg)
26
Malware outbreakMalware outbreak
Malware protection disabledMalware protection disabled
Malware detectedMalware detected
Malware failed to removeMalware failed to remove
Respond to AlertsAlerting Functionality
Notificação e administração dos valores de incidentes
incluindo:
Controle do tipo de nivel de alertas & volume de alertas Controle do tipo de nivel de alertas & volume de alertas geradosgerados
11 55443322
OutbreakOutbreak Malware Malware removal removal
failedfailed
Signature Signature update update failedfailed
Malware Malware detected and detected and
removedremoved
Signature Signature update failed update failed
(per min)(per min)
Rich Data,Rich Data,High Value AssetsHigh Value Assets
Critical Issues Only,Critical Issues Only,Low Value Assets Low Value Assets
![Page 27: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/27.jpg)
Client (Host)
Alerting and Reporting Architecture
MOM Server SQL Server ReportingServices
System Log
MOM Agent
•Event Table
•Alerts Table
•State Table
![Page 28: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/28.jpg)
28
Viewing ReportsReporting Details
Integração com MOM 2005
Uso SQL Reporting Services
Demonstra o status da segurança contra malware na
sua empresa
Especifica point-in-time e over time
Tipos de Relatorios
Malware Threat(s)Malware Threat(s)
Vulnerability SummaryVulnerability Summary
Scan ResultsScan Results
Historical InformationHistorical Information
Summary ReportSummary Report
Deployment Deployment
AlertsAlerts
ComputersComputers
![Page 29: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/29.jpg)
Demo
Running and Reviewing Reports
View Security State Assessment reportView Computer Detail report
demonstration
![Page 30: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/30.jpg)
•CurrentCurrent
•ClientClient
•ServerServer
•EdgeEdge
•Dec 2006Dec 2006 •20072007++
•TBDTBD
Security Product Roadmap
AntigenMessaging Security Suite
Microsoft®
![Page 31: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/31.jpg)
• Public beta available now!
– Download at
http://www.microsoft.com/clientsecurity
– Community-based support at
http://www.microsoft.com/technet/clientsecurity
• Release To Manufacture planned for
Q2 CY2007
• Will be available through Microsoft’s
volume licensing programs
![Page 32: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/32.jpg)
http://www.microsoft.com/isaserver/
2006
http://www.microsoft.com/clientsecurityhttp://www.microsoft.com/clientsecurity
http://www.microsoft.com/antigenhttp://www.microsoft.com/antigen
Put your organization through a security auditPut your organization through a security audit
Contact your Microsoft rep or reseller for information Contact your Microsoft rep or reseller for information and adviceand advice
http://www.microsoft.com/forefronthttp://www.microsoft.com/forefront
Download trial versions ofDownload trial versions of
Register for beta information aboutRegister for beta information about
![Page 33: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/33.jpg)
Other Resources
Technical Chats and WebcastsTechnical Chats and Webcastshttp://www.microsoft.com/communities/chats/http://www.microsoft.com/communities/chats/default.mspx default.mspx
http://www.microsoft.com/usa/webcasts/http://www.microsoft.com/usa/webcasts/default.aspdefault.asp
Microsoft Learning and CertificationMicrosoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspxhttp://www.microsoft.com/learning/default.mspx
MSDN & TechNet MSDN & TechNet http://microsoft.com/msdnhttp://microsoft.com/msdn
http://microsoft.com/technethttp://microsoft.com/technet
Virtual LabsVirtual Labshttp://www.microsoft.com/technet/traincert/http://www.microsoft.com/technet/traincert/virtuallab/rms.mspxvirtuallab/rms.mspx
![Page 34: Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist](https://reader036.vdocuments.site/reader036/viewer/2022070305/551402b2550346dd488b49c7/html5/thumbnails/34.jpg)
© 2006 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.