Antigen Varna elektronska pota

1
AntigenVarna elektronska pota
Gaper Mozetic, MCT, MCSESecuritySystem
Engineer SRC.SI d.o.o. gasper.mozetic_at_src.si
2
Nevarnosti oz. gronje
Self-replicating, malicious code that attaches
itself to an application program or other
executable system component and leaves no obvious
signs of its presence.
Virus
Software that sends information about your Web
surfing habits to its Web site. Spy ware is often
installed without the users knowledge or
explicit permission in combination with a free
download
Spyware
Any software application or program in which
advertising banners are displayed or Pop-up
windows appear while the program is running.
Adware
Is a form of Internet fraud that aims to steal
valuable information such as credit cards, social
security numbers, user IDs and passwords.
Phishing
Kraj, datum
2
3
Next for SecuritySo what products is Microsoft
working on now?

• Secure Messaging with Antigen and ForeFront
• Network Access Protection
• ISA Server 2006

4
Windows Vista Internet Explorer 7.0

• Social Engineering Protections
• Phishing Filter and Colored Address Bar
• Dangerous Settings Notification
• Secure defaults for International Domain Names
  (IDN)

• Protection From Exploits
• Unified URL Parsing
• Code quality improvements (SDL)
• ActiveX Opt-in
• Protected Mode to prevent malicious software

5
Microsoft Antigen

• Antivirus, anti-spam, and content-filtering
  product
• Advanced protection
• Multiple scan engines at multiple layers
• Availability and Control
• Integration with MS Exchange and Windows based
  SMTP servers
• Secure Content
• Helps eliminate inappropriate language and
  dangerous attachments form internal an external
  communications

6
Versions of Antigen

• E-mail Server Security
• Microsoft Antigen for Exchange
• Microsoft Antigen for SMTP Gateways
• Microsoft Antigen Spam Manager
• Collaboration Server Security
• Antigen for SharePoint
• Antigen for Windows SharePoint Services
• Antigen for Instant Messaging
• Security Management
• Microsoft Antigen Enterprise Manager

7
Antigen Solutions
Live Communications Server
Viruses Worms Spam
SharePoint Server
E-mail
ISA Server
Exchange Servers
Windows SMTP Server
7
8
E-mail Antivirus Approaches
Internet
Viruses Worms Spam
ISA Servers
Windows SMTP Servers
Problem Single Point of Failure
Problem Management/Cost
9
Multiple Engine Management
One vendor, multiple technologies
Internet
Exchange Server/Windows SMTP Server
10
(No Transcript)
11
Microsoft Antigen What is Antigen?

• Antigen for SMTP/Exchange
• On-premise, server-based mail scanning software
• Provides antivirus, anti-spam, content and file
  filtering
• Multiple complementary technologies used
• Complete end user control
• Protection against internal threats and virus
  propagation

12
Microsoft Antigen Antigen for Exchange

• Detects and removes viruses in e-mail messages
  and attachments
• Scans at SMTP stack (most processing intensive
  scans)
• Scans real-time at Exchange information Store
• Provides on-demand and scheduled scans of
  information store
• Uses Microsoft-approved virus scanning API
  integration for Exchange 2000 and 2003
• Provides advanced content-filtering capabilities
  for messages and attachments
• Integrates file filtering, keyword filtering and
  anti-spam at the SMTP routing level
• Protects Exchange Server 5.5, 2000, and 2003

13
Antigen Multiple Engine Manager (MEM) Bias
Settings
Engines used are not always the same.
They are dynamically allocated from the
available pool.
14
Scanning Performance

• Scanning at both the SMTP Stack and Exchange
  Store
• SMTP Provide maximum scanning protection (Max
  Certainty bias)
• Exchange Store Balance security with performance
  (Neutral bias)
• In-memory scanning
• Dynamic allocation of application memory improves
  server efficiency
• Eliminates the burdensome process of spooling
  data to disk for virus scanning
• Ability to increase number of available processes
  (scanning threads)

15
Microsoft Antigen Overview

• All Antigen products integrate multiple antivirus
  engines from 3rd party vendors. Four engines
  provided as part of base cost.

• Kaspersky Lab
• Norman Data Defense
• Sophos
• Virus Busters

• MS Antivirus Engine
• AhnLabs
• Authentium Command
• CA InoculateIT
• CA VET

Default engines
16
Microsoft Antigen Signature Updates
Sober.P Virus Detection TimeMay 2, 2005 (GMT)
January 2005 Updates
Time of DayHour Minute
Antigen Engines
AV-Test.org Feb. 2005
Note the chart (left) represents a single virus
outbreak only. It does not represent average
response times for the listed antivirus labs.
AV-Test.org May 2005
17
Antigen E-mail Security Goals

• Ensure protection against latest threats
• Multiple Engines, seamless updates
• Provide minimum Exchange server performance
  overhead/mail latency
• Bias settings, in-memory scanning
• Provide integrated antivirus/anti-spam/ content
  filtering functionality
• Antigen/ASM/IMF integration
• Alert administrators to outbreaks and failures
• SEM and MOM

18
(No Transcript)
19
ForeFront E-mail Complexity Requires Flexibility

• Full e-mail encryption
• No public and private key management
• Gateway, policy-based e-mail encryption

• Uninterrupted e-mail accessibility
• Rapid recovery from unplanned disasters and
  network outages
• 30-day historical e-mail store

• Interception-based message archiving
• Customized report generation for demonstrating
  compliance
• Fully-indexed, searchable archive
• Rapid deployment to meet deadlines or immediate
  needs

• Layered anti-spam
• Multi-engine anti-virus
• Customized content and policy enforcement
• Real-time attack prevention

20

• Microsoft Forefront provides greater protection
  and control over the security of your business
  network infrastructure by providing
• A comprehensive line of information protection
  and access control products
• Integration with your existing IT infrastructure
• Simplified deployment, management, and analysis
• Technical and industry guidance

21

Network Access Protection
22
ISA Server 2006 Web Access Protection
External Attack Resilience
Internal Attack Resilience
Minimal Downtime
Remediation Measures
Better Management
23
ISA Server 2006 Flood Mitigation
24
Network Access Protection IPSec-based NAP
Walk-through
Quarantine Zone
Boundary Zone
Protected Zone
DHCP
May I have a DHCP address?
May I have a health certificate? Heres my SoH.
Here you go.
Client ok?
Yes. Issue health certificate.
No! Needs updates.
Heres your health certificate.
You dont get a health certificate! Get updates!
Health Registration Authority
IAS
Client
I need updates.
X
?
Accessing the network
Here you go.
Remediation Server
25
Previous
Current
H2 2006
H1 2007
H2 2007
Client
Server
Edge
Kraj, datum
25
26
Microsoft Security Resources

• Antigen and ForeFront
• http//www.microsoft.com/securemessaging
• Network Access Protection Beta
• http//www.microsoft.com/technet/itsolutions/netwo
  rk/nap/beta.mspx
• ISA Server 2006 Beta
• http//www.microsoft.com/isaserver/2006/

27
(No Transcript)