Transcript SIA315 Help securely enable business by managing risk and empowering people Identity Highly Secure & Interoperable Platform Across on-premises & cloud from: Block Cost Siloed to: Enable Value Seamless.

SIA315
Help securely enable business by managing risk and empowering people
Identity
Highly Secure & Interoperable
Platform
Across on-premises & cloud
from:
Block
Cost
Siloed
to:
Enable
Value
Seamless
Enable more secure business collaboration from virtually anywhere and across devices, while
preventing unauthorized use of confidential information
PROTECT everywhere
ACCESS anywhere
• Secure, seamless access
• Protect sensitive information
in documents
• Best-in-class anti-malware
INTEGRATE and
EXTEND security
• Deep Microsoft SharePoint
and Office integration
• Standards-based
interoperability across
organizations and cloud
SIMPLIFY security,
MANAGE compliance
• Enterprise-wide visibility
• Easier partner
management
Secure Messaging
Secure Collaboration
Information Protection
Identity and Access Management
Secure Endpoint
Overview of Forefront Protection 2010 for SharePoint
SharePoint Integration
Forefront Scanning Types
Performance and Scalability Improvements
Product Demo
Questions
Risks
Feature Summary
Protection for MOSS 2010, SharePoint 2007 and Windows SharePoint Services
Multiple Antimalware Engines
Keyword and File Filtering
Scan RMS Protected Repositories
Restore Quarantined Files
Container : Zip, OpenXML, RAR, etc
Native 64-bit Implementation
Updated user interface
PowerShell Support

Rapid response
to new threats

Fail-safe protection
through redundancy

Diversity of antivirus
engines and heuristics
Less than 5 hours
5 to 24 hours
More than 24 hours
10/09
10/09
10/09
10/09
10/09
10/09
10/09
10/09
10/09
11/09
11/09
11/09
11/09
11/09
11/09
11/09
11/09
11/09
12/09
12/09
12/09
12/09
12/09
12/09
12/09
12/09
12/09
10/09
agent_itw140.ex_
autorun_itw798.ex_
kolab_itw35.ex_
kolab_itw36.ex_
kolab_itw37.ex_
kolab_itw42.ex_
kolabc_itw22.ex_
koobface_itw261.ex_
palevo_itw8.ex_
autoit!itw119.ex_
bezopi!itw3.ex_
kolab!itw43.ex_
kolab!itw44.ex_
kolab!itw45.ex_
onlinegames!itw824.ex_
palevo!itw14.ex_
taterf!itw48.ex_
vilsel!itw1.ex_
agent!itw142.ex_
kolab!itw49.ex_
koobface!itw279.ex_
koobface!itw280.ex_
onlinegames!itw829.ex_
onlinegames!itw830.ex_
taterf!itw56.ex_
taterf!itw57.ex_
vaklik!itw44.ex_
agent_itw140.ex_
0.00
0.00
20.80
0.00
0.00
4.50
0.00
1.15
0.00
0.00
2.23
1.83
5.63
0.00
4.77
0.00
0.00
0.00
9.12
0.00
4.20
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
501.30
39.40
0.00
0.00
0.00
122.48
190.82
445.72
0.00
0.00
20.67
3.98
15.88
0.00
0.00
0.00
459.00
566.68
285.40
15.88
422.32
121.53
0.00
0.00
10.40
29.47
389.68
555.72
0.00
0.00
0.00
8.82
0.00
59.72
207.05
21.10
179.37
50.28
0.00
0.00
0.00
6.38
0.00
0.00
55.40
0.00
0.00
28.07
** 0.00 denotes proactive detection
1 Source: AV-Test.org 2009 (www.av-test.org)
0.00
0.00
0.00
0.00
0.00
3512.65
145.42
0.00
0.00
147.57
0.00
40.37
138.67
0.00
364.03
2231.48
107.40
0.00
117.07
544.62
0.00
151.00
298.33
78.18
232.88
0.00
257.05
0.00
48.98
20.18
0.00
0.00
FPSP Deployment Infrastructure
Intranet
Extranet
Microsoft® SQL Server®
External SharePoint Users
Internet
Firewall
Web Application Servers
Internal
SharePoint Users
Malware
Inappropriate Content
Malware
Inappropriate Content
Web Front End
Web Front End
Upload
Scenario
1
SharePoint
Web Front-End Servers
2
3
4
SharePoint
Databases
Forefront Protection
for SharePoint
Download
Scenario
6
1
SharePoint
Web Front-End Servers
VSAPI
4
5
2
3
SharePoint
Databases
Forefront Protection
for SharePoint
Forefront
Traverses
SharePoint OM
1
2
SharePoint
Databases
3
Forefront
Scanning Process
4
Forefront Scanning Architecture
Scan Process
Workload
(SharePoint/Exchange/OCS)
Antimalware engine
adapters
File Navigators
Antivirus
Antispyware
Keyword
File Filtering
Engines
Quarantine and Actions
Scanning Types
Realtime Scan
Scan triggered through the SharePoint VSAPI
Scheduled Scan
Schedule can be set for off hours scanning of selected
SharePoint sites
OnDemand Scan
Immediate scanning of individual sites
Antimalware Scanning
Antivirus Scanning
Multi engines
Available with all 3 scanning types
Antispyware Scanning
Microsoft Antimalware Engine
Only available for Realtime scanning
Keyword Filtering
Searches documents for matches to keywords in selected
lists
Can be imported from an existing file
Actions: SkipDetect, Suspend, Delete
Syntax example
File Filtering
Filter by name, type, or size
 *.exe, *.doc, *>10mb
Filters can be combinations of size, name & type
Suggested files add to file list: EXE, COM, PIF, SCR, VBS, SHS, CHM
and BAT
Actions: SkipDetect, Suspend, Delete
Container behavior (zip, rar, etc)
Forefront scans within ZIP and other compressed formats and
deletes only the offending file
Custom deletion text
EXE
DOC
BMP
JPG
Container file before scan
Filter Rules: Delete *.exe
Quarantine
EXE
Quarantine
TXT
DOC
BMP
JPG
Container file after scan
Performance and Impact
Significant perf improvement over previous version
Seeing 14% reduction in scheduled scan completion.
Average less than 1 second per file overhead on file access
requests (upload and download).
65% speed improvement scanning Office 2007 document format
80% reduction in average upload time over previous release
Scalability Improvements
More efficiently normalizing strings for keyword filtering
Reductions in context switching during file navigation
More efficient use of machine resources to allow scanning
of larger files
Native 64-bit implementation takes advantage of systems
with more than 4GB of memory
PowerShell Interface
Forefronts UI is written on top of PowerShell
PowerShell is .Net based
With PowerShell 2.0 remote execution of cmdlets is supported
Rich, well organized set of cmdlets for interfacing with Forefront
Product
Cmdlets are designed in pairs.
Eg:
Get-FSSPAdvancedOptions
Set-FSSPAdvancedOptions
To check incidents for the last 48 hours:
$CheckTime = [DateTime]::Now.AddHours(-48)
Get-FsspIncident | ft RecipientNames, incidentcategory,
detectiontime| where {$_.detectiontime -ge $CheckTime}
RunspaceConfiguration rsConfig = RunspaceConfiguration.Create();
PSSnapInException snapInException = null;
PSSnapInInfo info = rsConfig.AddPSSnapIn(“FssPsSnapin”, out snapInException);
if (snapInException != null)
{
throw snapInException;
}
Runspace _runSpace = RunspaceFactory.CreateRunspace(rsConfig);
_runSpace.Open();
Object errorObject;
try
{
using (Pipeline pipeline = _runSpace.CreatePipeline(“GetFseProductInfo”))
{
Collection<PSObject> results = pipeline.Invoke();
switch (pipeline.PipelineStateInfo.State)
...
SharePoint VSAPI Interface
http://technet.microsoft.com/en-us/forefront/default.aspx
http://technet.microsoft.com/en-us/forefront/bb734828.aspx
http://go.microsoft.com/fwlink/?LinkID=111584
http://www.microsoft.com/forefront/protection-for-sharepoint/en/us/white-papers.aspx
http://technet.microsoft.com/en-us/evalcenter/bb738112.aspx
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=01bfa7c6-84be-478f-8b786875ad71a98b
Breakout & Interactive Sessions
SIA323 |Business Ready Security: Securely Collaborate with Partners and Employees Using
SharePoint, Microsoft Forefront, and Windows Server 2008 R2 Active Directory
SIA312 |Secure Collaboration: Install and Configure Remote Access for Microsoft SharePoint Server in
an Hour
SIA313 | Secure Collaboration: All You Need to Know about Extending Active Directory Rights
Management Services (AD RMS) Protected Content to External Parties
SIA315|Secure Collaboration: Microsoft Forefront Protection 2010 for SharePoint Deep Dive
SIA309-INT | Secure Collaboration: Protecting Your Microsoft SharePoint Server Using Microsoft
Forefront Business Ready Security
Hands-On Lab
SIA08-HOL | Secure Collaboration Solution: Business Ready Security with Microsoft Forefront and
Active Directory
Product Demo Station
Red SIA-4 | Microsoft Forefront Secure Collaboration Solution
Learn more about our solutions:
http://www.microsoft.com/forefront
Try our products:
http://www.microsoft.com/forefront/trial
www.microsoft.com/teched
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn
Sign up for Tech·Ed 2011 and save $500
starting June 8 – June 31st
http://northamerica.msteched.com/registration
You can also register at the
North America 2011 kiosk located at registration
Join us in Atlanta next year