WIXLIB

Implementing Messaging &Collaboration Security[Name][Designation]

The threat landscape Situation today!!!- About 90% of all emails are illegitimate- Emails have become the primary methods of theft- Exponentially growing Spam and illegitimate emails- Primary vector for propagation of threats- Phishing- Social Engineering Crackers are underground Change in Bring down Vs Own a system – CrackerCommerce Are we geared for this?

So Are you adequately covered?Traditionally, security is done differently for different situations Airport Security Model Change in flying experience Datacenter – Physical overdose, Logicaloversight Is the requirement for security the same atdesktop level and the server level? 1 policeman for 10,000 Citizens – What aboutthe President?

Security Vulnerabilities Still Exist Spam, viruses and phishing still plague inboxes Closer relationship between viruses and spam Companies ill-equipped to stay ahead of threatsCompliance is a Primary Concern Stiff penalties for E-mail misuse Need to store, find and produce information quickly Can't comply without policy and monitoring support 1 in 5 employers have had e-mail subpoenaed*Intense Pressure on IT to Improve Productivity Focus on value adding projects Make mission-critical systems more reliable Deployment must be secure, reliable, manageable, costeffective*2005 Electronic Monitoring & Surveillance Survey from American Management Association (AMA) and the ePolicy Institute

Legal,regulatory, andfinancial impactCost of digital leakage per year is measured in billionsIncreasing number and complexity of regulations,e.g. GLB, SOX, state-specific regulationsFailing to comply, or losing data, can lead to significant legalfees, fines, and/or jail timeDamage toimage andcredibilityDamage to public image and credibility with customersFinancial impact on company from lost sales or correctiveactionsLeaked e-mails or memos can be embarrassingLoss ofcompetitiveadvantageDisclosure of strategic plans, M&A info, etc. potentially leads toloss of revenue, market capitalizationLoss of research, analytical data, and other intellectual capitalPremature disclosure of competitive strategies or market moves

Security ChallengesEscalating ThreatsFragmented SecurityDifficult to Manageand DeployMore advancedMany point productsMultiple consolesApplication-orientedPoor interoperabilityMore frequentLack of integrationUncoordinated eventreporting & analysisDifficult OOB experienceProfit motivatedCost and complexityAccess ChallengesGrowing MobilityTraditional VPNsInadequateDifficult to EnforcePolicyMore users, locations,and devicesFull network connectivityincreases riskChanging legal andbusiness rulesIntranet / ExtranetaccessPoor integration withapps and servicesGranular policy ishard to deployLack of scalability

Secure Messaging & CollaborationWhat is the strategy? Through a combination of software andservices, Microsoft provides an effective andflexible email & collaboration protectionoffering to customers Combines four product offerings-Exchange Hosted Filtering ServicesForefront for Exchange/SharePoint/OCSISA Server 2006Intelligent Application Gateway

Controlled AccessExchange HostedFiltering ServicesExternal FirewallInternetOn-Premise SoftwareDMZCorporateNetworkInternal FirewallManaged ServicesAuthentication and AuthorizationMulti-Layer ProtectionOn Premise MessageHygiene ServicesISA Server2006Forefront forExchange/SharePointIn the cloud Protection Detect and prevent attacks & malicious before they touch your networkNetwork Edge ProtectionServices and on-premise software protect against spam and viruses before they penetrate the networkGateway ProtectionProtocol and application-layer inspection enable secure, remote access to Exchange /SharePoint serverControlled access to collaboration resources based on policyInternal Anti-virus ProtectionProtects against malicious threats, while enforcing e-mail content policies

Signature UpdatesSober.P Virus Detection TimeMay 2, 2005 rusF-SecureFortinetVirusBusterPandaeTrust- INOAntiVirNormanTrend MicroAVGAvastMcAfeeeTrust-VETSymantecJanuary 2005 UpdatesNo. Updates/Day16:3916:54Time of DayHour : Minute16:5617:19Kaspersky18.5Dr. -Secure1.4Panda1.3Ikarus1.1Symantec1.1Trend Micro1.017:2717:3818:1418:18Different 3321:3823:1524:38:00AV-Test.org May 2005AV-Test.org Feb. 2005Note: the chart (left) represents a single virusoutbreak only. It does not represent averageresponse times for the listed antivirus labs.

Signature Updates – HistoryMydoom.dll Detection TimeBagle.A Worm Detection TimeJanuary 26-27, 2004 (GMT)TrendMicro23:35Virusbuster0:05AVG0:15Jan 26Jan 27Time of DayHour : MinuteeTrust-INO1:20Sophos1:40eTrust-VET4:10Dr. 4:5020:3519:15Time of DayHour : ntecMcAfeeDr. Web2:30RAVNormanJanuary 18-19, 2004 (GMT)23:45Jan 18Jan 10:3010:3011:2511:3013:00Different EnginesAV-Test.org Jan 2004Note: these charts represents single virus outbreaks only. It does not represent average responsetimes for each listed antivirus labs.

Anti-virus mSingle Point of Single VendorSingle Engine

Anti-virus harePointMulti-vendorMulti-engine

Harnessing the Strength of Multiple EnginesForefront Server Securityproducts integrate and ship withindustry-leading antivirus scanengines fromEach scan job in a ForefrontServer Security product can runup to five enginessimultaneouslyInternal Messaging andCollaboration ServersABCDE

Industry Analyst PerspectiveGartner Magic Quadrant forE-Mail Security Boundary 2006 ** Magic Quadrant for E-Mail Security Boundary, 2006. Peter Firstbrook, ArabellaHallawell Publication Date: 25 September 2006/ID Number: G00142431

Optimized Performance ControlsACBDEngines used are notalways the same. They aredynamically allocatedfrom the available pool.BiasMax Certainty: uses all engines (100%)Favor Certainty: uses all available engines*Neutral: uses approximately 50% of available engines*Favor Performance: uses 25% of available engines*Max Performance: uses one engine for every scan*

Optimized Performance ControlsAEngines used are notalways the same. They aredynamically allocatedfrom the available pool.BBiasMax Certainty: uses all engines (100%)Favor Certainty: uses all available engines*Neutral: uses approximately 50% of available engines*Favor Performance: uses 25% of available engines*Max Performance: uses one engine for every scan*

Forefront Security for SharePointVirus Protection for Document Libraries- Real-time scanning of documents uploadedand downloaded from document library- Manual and scheduled scanning ofdocument ocumentContent Policy Enforcement- File filtering to block documents frombeing posted based on name match,file type or file extension- Content filtering by keywords withindocuments for inappropriate wordsand phrasesUsers

Forefront Security for LCS Detects and removes malware andviruses in instant message sessions- Protect conversations and filetransfers- Block clickable URLs Provides advanced content-filteringcapabilities for messages andattachments- Enforce content policies Keyword filtering in messagesand file transfers File filtering by type andextension- Enhances built-in LCS archivingby blocking inappropriate contentOutside IMClientsFirewallLiveCommunicationsServerMicrosoft OfficeCommunicatorWindowsMessenger Clients

Filtering in the CLoiudSolution OverviewA simple MX record is all ittakes to begin filteringReal-time Attack Prevention(RTAP) and DirectoryServices protect against thelargest attacksVirus filter delivers zero-dayprotection using multiple,complementary anti-virusenginesFlexible policy filter toenforce corporate email-usepoliciesHigh-accuracy spam filteringEmail queuing ensures mail isnever lost

Secure Remote AccessBusiness Need:Risk to Organization:ProtectInternal EmailCommunication The email infrastructure can be compromised if notprotected Email attacks can succeed by masquerading as legitimatetraffic, even when content appears to be encryptedSecure ExternalClient Access toEmail Hackers can attack the messaging system using standardclient protocols Native Outlook access to Exchange servers are not easilyprotected by traditional firewalls

Secure Application PublishingThe SolutionNeedsStrong Server ProtectionBetter Identity ControlSeamless AccessNew ISA Server 2006 FeaturesCustomized forms incl. mobile devices, alternative authN for non-browser appsRADIUS OTP, smart card support LDAP support for AD integration & other user directoriesNTLM, Kerberos & Kerberos Constrained Delegation supportIdle-based, session-based timeouts account for non-user trafficAutomatic link translation through global links tableSingle sign-onHigh PerformanceCookie-based NLB keeps session alive in case of fail-overEasy ManagementExchange, SharePoint publishing WizardsBetter UI for certificate managementIntranetWebServerExternalWebServerDMZISA arePointActiveDirectoryAdministrator21

Endpoint Detection and ApplicationIntelligence – Controlled AccessApplicationsKnowledge CenterSharePoint. . Application Aware Platform Application Definition Syntax/Language Application ModulesGeneric ionSecurityAuthorizationUser ExperienceSSL ific ApplicationsHigh-Availability, Management,Logging, Reporting, Multiple PortalsClientExchange/OutlookOWADevicesKnowledge CenterSharePointWindows. .Citrix

The way forward Security requirements are changing with the change inthe threat environment Defence in depth Integrated Solution

2007 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THISSUMMARY.

Edge Appendix Slides

Only packet headers are inspected- Application layer content appears as “black box”IP HeaderSource AddressDest. AddressTTLChecksumTCP HeaderSequence NumberSource PortDestination PortChecksumApplication Layer Content:?Forwarding decisions based on port numbersLegitimate traffic and application layer attacks useidentical portsExpected HTTP TrafficUnexpected HTTP TrafficInternetAttacksNon-HTTP TrafficCorporate Network

Deep Content Inspection: packet headers andapplication content are inspectedIP Header:Source Address,Dest. Address,TTL,ChecksumTCP Header:Sequence NumberSource Port,Destination Port,ChecksumApplication Layer Content: html head meta http-equiv "contenttype" content "text/html; charset UTF8" title MSNBC - MSNBC FrontPage /title link rel "stylesheet"Forwarding decisions based on contentOnly legitimate and allowed traffic is processedAllowed HTTP TrafficInternetProhibited HTTP TrafficAttacksNon-HTTP TrafficCorporate Network

E-mail Access: Traditional FirewallAllow: Port 25 (SMTP)Allow: Port 143 (IMAP)InternetAllow: Port 443 (SSL)Allow: Port 135 (RPC)Allow: Port 25Exchange Server Firewall rules open ports to allow traffic to andfrom mail server:- Incoming connections on email server for SMTP,IMAP, Outlook Web Access (using SSL)- Outgoing connections from email server forSMTP Limitation:- Control over what channels are opened, but no

Outlook Web AccessTraditional FirewallOWA TrafficInternetSSL TunnelPassword GuessingWeb Server AttacksExchange OWAServer (FE or CAS) Web traffic to OWA is encrypted- Standard SSL encryption- Security against eavesdropping and impersonation Limitation:- Default OWA implementation does not protect against applicationlayer attacksConcept of defense in depth requires inspectionof OWA traffic at firewall