Protegendo seus desktops e servidores com o Microsoft Forefront Client Security

Visão Geral e Implementação Técnica - Parte 1

Ricardo Frois

Security Specialist

Microsoft Brasil

• FCS Overview

• FCS Prerequisites

• Prerequisite installation and configuration

Agenda

Level 200

• Familiarity with Microsoft Operations Manager

• Familiarity with Microsoft SQL Server

• Experience with network security

Helpful Experience

Guidance

Developer Tools

SystemsManagementActive Directory Active Directory

Federation Services Federation Services (ADFS)(ADFS)

Identity

Management

Content

Services

Client and Server OS

Server Applicatio

ns

Edge

Network Access Protection (NAP)

A Comprehensive Security Solution

•InternetInternet

•AA

•BB

•CC

•DD

•EE

•Exchange Server/ Exchange Server/ Windows-based Windows-based SMTP ServerSMTP Server

• Distributed protectionDistributed protection

• Performance tuningPerformance tuning

• Content filteringContent filtering

• Central managementCentral management

•Gartner Magic Quadrant forGartner Magic Quadrant for•E-Mail Security Boundary 2006 * E-Mail Security Boundary 2006 *

•* * Magic Quadrant for E-Mail Security Boundary, 2006. Peter Firstbrook, Arabella Hallawell Magic Quadrant for E-Mail Security Boundary, 2006. Peter Firstbrook, Arabella Hallawell Publication Date: 25 September 2006/ID Number: G00142431Publication Date: 25 September 2006/ID Number: G00142431

6

Remove most Remove most prevalent viruses prevalent viruses

Remove all Remove all known known

viruses viruses Real-time Real-time antivirusantivirus

Remove all Remove all known known

spywarespywareReal-time Real-time antispywareantispyware

Central reporting Central reporting and alertingand alerting

CustomizationCustomization

Forefront Forefront ClientClient

SecuritySecurityMSRT MSRT Windows Windows DefenderDefender

Windows Windows Live Safety Live Safety

Center Center

Windows Windows Live Live

OneCare OneCare

IT Infrastructure IT Infrastructure IntegrationIntegration

FOR INDIVIDUAL USERSFOR INDIVIDUAL USERS FOR FOR BUSINESSESBUSINESSES

7

Solução unificada contra virus e spyware Construido usando como base tecnologia usada por

milhões de usuários Resposta a ameaças eficaz Complementa as outras soluções de segurança Microsoft

Console única para administração de segurança Definição de uma única política para as configurações de

proteção de clientes Distribuição de assinaturas e software de forma mais

rápida Integração com a infra estrutura existente

Um único painel de controle para visualização de ameaças e vulnerabilidades

Visualização de relatórios mais importantes Permite que os administradores se mantenham informados

sobre o estado de scannings, alertas de segurança

Proteção unificada contra malware para desktops, laptops e servidores corporativos com gerenciamento e controle unificados

Greater confidence

Greater efficiency

Greater control

Proteção unificada contra malware para desktops, laptops e servidores corporativos com gerenciamento e controle unificados

• Reviewing FCS

• Installing Prerequisites

Agenda

Hardware Prerequisites

Domain Controller133 Mhz

128 MB RAM2GB available

disk space

FCS ServerMinimum750 Mhz

512 MB RAM80GB available

disk spaceDVD-ROM

FCS Client

500 Mhz256 MB RAM

350MB available disk space

Software Prerequisites

SQL Server 2005 + Reporting Services

Windows Software Update Services

Group Policy Management Console

.NET Framework 2.0

MMC 3.0

IIS 6.0Installed with FCS

Hotfixes for MOM and SQL

Microsoft Operations Manager 2005 SP1

Microsoft Operations Manager Reporting

Demo

Installing Software Prerequisites

Review Installed Prerequisites Review Reporting Services

Configuration Install .NET Framework 2.0

demonstration

Understanding Policies

Forefront Client Security Console

Administrator creates & deploys policy

Group Policy Management Console

Clients

Install and Configure IIS

Configure your Server Wizard

Add Application Server Role (IIS)

Enable FrontPage Server Extensions

Enable ASP.NET

Install SQL Server 2005

Install new or use existing SQL Server with Service Pack 1

Existing SQL Server cannot contain OnePoint or SystemCenterReporting databases

Install Database Engine and Reporting Services

Use Windows Authentication whenever possible on SQL Server 2005.

Install GPMC, .NET, and MMC

GPMC SP1• Required for management server role• Download from Microsoft

.NET Framework 2.0• Required for management server role• Usually already installed

MMC 3.0• Required for management server role• Included with Windows Server 2003 R2

Install WSUS

• Store updates locally

• Create a WSUS Web site during installation—FCS requires WSUS to use port 8530

• Configure automatic approval

• First synchronization can take several hours

18

Demo

• Using Forefront Client Security to Protect Client Computers

• Updating Signature Files

• Using Policies to Manage Client Computers

DDemonstration

• Supported Platforms

– Server• Windows 2003 Server/SP1• Windows 2003 Server/R2• Longhorn Server (at RTM)

– Client• Windows 2000/SP4 + Rollup

– Requires GDI+ QFE

• Windows XP/SP2– Requires Filter Manager QFE

• Windows Vista– Business SKUs only

21

One dashboard for visibility into threats and vulnerabilities

View insightful reports

Stay informed with state assessment scans and security alerts

22

Viewing ReportsReporting Details

Integração com MOM 2005

Uso SQL Reporting Services

Demonstra o status da segurança contra malware na

sua empresa

Especifica point-in-time e over time

Tipos de Relatorios

Malware Threat(s)Malware Threat(s)

Vulnerability SummaryVulnerability Summary

Scan ResultsScan Results

Historical InformationHistorical Information

Summary ReportSummary Report

Deployment Deployment

AlertsAlerts

ComputersComputers

23

Malware outbreakMalware outbreak

Malware protection disabledMalware protection disabled

Malware detectedMalware detected

Malware failed to removeMalware failed to remove

Respond to AlertsAlerting Functionality

Notificação e administração dos valores de incidentes

incluindo:

Controle do tipo de nivel de alertas & volume de alertas Controle do tipo de nivel de alertas & volume de alertas geradosgerados

11 55443322

OutbreakOutbreak Malware Malware removal removal

failedfailed

Signature Signature update update failedfailed

Malware Malware detected and detected and

removedremoved

Signature Signature update failed update failed

(per min)(per min)

Rich Data,Rich Data,High Value AssetsHigh Value Assets

Critical Issues Only,Critical Issues Only,Low Value Assets Low Value Assets

Security SummarySecurity SummarySecurity SummarySecurity Summary

•CurrentCurrent

•ClientClient

•ServerServer

•EdgeEdge

•Dec 2006Dec 2006 •20072007++

•TBDTBD

Security Product Roadmap

AntigenMessaging Security Suite

Microsoft®

• Public beta available now!

– Download at

http://www.microsoft.com/clientsecurity

– Community-based support at

http://www.microsoft.com/technet/clientsecurity

• Release To Manufacture planned for

Q2 CY2007

• Will be available through Microsoft’s

volume licensing programs

http://www.microsoft.com/isaserver/

2006

http://www.microsoft.com/clientsecurityhttp://www.microsoft.com/clientsecurity

http://www.microsoft.com/antigenhttp://www.microsoft.com/antigen

Put your organization through a security auditPut your organization through a security audit

Contact your Microsoft rep or reseller for information Contact your Microsoft rep or reseller for information and adviceand advice

http://www.microsoft.com/forefronthttp://www.microsoft.com/forefront

Download trial versions ofDownload trial versions of

Register for beta information aboutRegister for beta information about

Other Resources

Technical Chats and WebcastsTechnical Chats and Webcastshttp://www.microsoft.com/communities/chats/http://www.microsoft.com/communities/chats/default.mspx default.mspx

http://www.microsoft.com/usa/webcasts/http://www.microsoft.com/usa/webcasts/default.aspdefault.asp

Microsoft Learning and CertificationMicrosoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspxhttp://www.microsoft.com/learning/default.mspx

MSDN & TechNet MSDN & TechNet http://microsoft.com/msdnhttp://microsoft.com/msdn

http://microsoft.com/technethttp://microsoft.com/technet

Virtual LabsVirtual Labshttp://www.microsoft.com/technet/traincert/http://www.microsoft.com/technet/traincert/virtuallab/rms.mspxvirtuallab/rms.mspx

© 2006 Microsoft Corporation. All rights reserved.

This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

•Magic Quadrant Disclaimer Magic Quadrant Disclaimer

This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Microsoft. Go to: Gartner report is available upon request from Microsoft. Go to: www.microsoft.com/forefront www.microsoft.com/forefront

•The Magic Quadrant noted on slide 10 is copyrighted September 25, 2006, by The Magic Quadrant noted on slide 10 is copyrighted September 25, 2006, by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular research, including any warranties of merchantability or fitness for a particular purpose. purpose.