1 / 27

Antigen “Varna” elektronska pošta

Antigen “Varna” elektronska pošta. Gašper Mozetič , MCT , MCSE + Security System Engineer SRC.SI d.o.o. gasper.mozetic@src.si. Nevarnosti oz. grožnje.

mckenzie-english
Télécharger la présentation

Antigen “Varna” elektronska pošta

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Antigen“Varna” elektronska pošta Gašper Mozetič, MCT, MCSE+SecuritySystem Engineer SRC.SI d.o.o. gasper.mozetic@src.si

  2. Nevarnosti oz. grožnje Self-replicating, malicious code that attaches itself to an application program or other executable system component and leaves no obvious signs of its presence. Virus Software that sends information about your Web surfing habits to its Web site. Spy ware is often installed without the user’s knowledge or explicit permission in combination with a free download Spyware Any software application or program in which advertising banners are displayed or Pop-up windows appear while the program is running. Adware Is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords. Phishing Kraj, datum 2

  3. Next for SecuritySo what products is Microsoft working on now? • Secure Messaging with Antigen and ForeFront • Network Access Protection • ISA Server 2006

  4. Windows VistaInternet Explorer 7.0 Social Engineering Protections Phishing Filter and Colored Address Bar Dangerous Settings Notification Secure defaults for International Domain Names (IDN) Protection From Exploits Unified URL Parsing Code quality improvements (SDL) ActiveX Opt-in Protected Mode to prevent malicious software

  5. Microsoft Antigen Antivirus, anti-spam, and content-filtering product Advanced protection Multiple scan engines at multiple layers Availability and Control Integration with MS Exchange and Windows based SMTP servers Secure Content Helps eliminate inappropriate language and dangerous attachments form internal an external communications

  6. E-mail Server Security Microsoft Antigen for Exchange Microsoft Antigen for SMTP Gateways Microsoft Antigen Spam Manager Collaboration Server Security Antigen for SharePoint Antigen for Windows SharePoint Services Antigen for Instant Messaging Security Management Microsoft Antigen Enterprise Manager Versions of Antigen

  7. Antigen Solutions IM and Documents Server Optimization LayeredDefenses Content Control Live Communications Server Viruses Worms Spam SharePoint Server E-mail ISA Server Exchange Servers Windows SMTP Server 7

  8. E-mail Antivirus Approaches • Single Vendor Solution • Same scan engine, heuristics • technology and signature files on all server and client platforms • Dependent on one AV lab for scan engine updates during virus or worm outbreaks • Queuing and delay during engine updates on mission critical servers (i.e. Exchange) • Multi-vendor Solution • Different scan engines, heuristics • technologies and signature files on server and client platforms • High acquisition and maintenance cost • Added filtering complexity AV AV AV AV AV AV AV AV AV AV AV AV AV Exchange Exchange Exchange AV AV AV Internet Viruses Worms Spam ISA Servers Windows SMTP Servers Problem:Single Point of Failure Problem:Management/Cost

  9. Multiple Engine Management Antivirus Antispam AV AV Policy Mgt AV Central Mgmt AV One vendor, multiple technologies Internet Exchange Server/Windows SMTP Server

  10. Microsoft AntigenWhat is Antigen? Antigen for SMTP/Exchange On-premise, server-based mail scanning software Provides antivirus, anti-spam, content and file filtering Multiple complementary technologies used Complete end user control Protection against internal threats and virus propagation

  11. Detects and removes viruses in e-mail messages and attachments Scans at SMTP stack (most processing intensive scans) Scans real-time at Exchange information Store Provides on-demand and scheduled scans of information store Uses Microsoft-approved virus scanning API integration for Exchange 2000 and 2003 Provides advanced content-filtering capabilities for messages and attachments Integrates file filtering, keyword filtering and anti-spam at the SMTP routing level Protects Exchange Server 5.5, 2000, and 2003 Internet ISA Server Exchange Site 1 Exchange Front End Exchange Site 2 Exchange Public Folder Server Exchange Mailbox Server Microsoft AntigenAntigen for Exchange

  12. Antigen Multiple Engine Manager (MEM) Bias Settings Scan Engine 2 Scan Engine 2 Scan Engine 3 Scan Engine 1 Scan Engine 4 Scan Engine 4 • Max Certainty: uses all engines (100%) • Favor Certainty: uses 75% of available engines • Neutral:uses approx. 50% of available engines • Favor Performance: uses 25% of available engines • Max Performance: uses one engine for every scan • Max Certainty:uses all engines (100%) • Favor Certainty: uses 75% of available engines • Neutral: uses approximately 50% of available engines • Favor Performance: uses 25% of available engines • Max Performance: uses one engine for every scan * Engines used are not always the same. They are dynamically allocated from the available pool.

  13. Scanning Performance Scanning at both the SMTP Stack and Exchange Store SMTP: Provide maximum scanning protection (Max Certainty bias) Exchange Store: Balance security with performance (Neutral bias) In-memory scanning Dynamic allocation of application memory improves server efficiency Eliminates the burdensome process of spooling data to disk for virus scanning Ability to increase number of available processes (scanning threads)

  14. Microsoft AntigenOverview • All Antigen products integrate multiple antivirus engines from 3rd party vendors. Four engines provided as part of base cost. • Kaspersky Lab • Norman Data Defense* • Sophos* • Virus Busters • MS Antivirus Engine • AhnLabs • Authentium Command • CA InoculateIT* • CA VET* *Default engines

  15. Microsoft AntigenSignature Updates Sober.P Virus Detection TimeMay 2, 2005 (GMT) January 2005 Updates Time of DayHour : Minute Antigen Engines AV-Test.org Feb. 2005 Note: the chart (left) represents a single virus outbreak only. It does not represent average response times for the listed antivirus labs. AV-Test.org May 2005

  16. Ensure protection against latest threats Multiple Engines, seamless updates Provide minimum Exchange server performance overhead/mail latency Bias settings, in-memory scanning Provide integrated antivirus/anti-spam/ content filtering functionality Antigen/ASM/IMF integration Alert administrators to outbreaks and failures SEM and MOM Antigen E-mail Security Goals

  17. Layered anti-spam Multi-engine anti-virus Customized content and policy enforcement Real-time attack prevention Active Message Continuity E-mail Filtering Message Archive Secure E-mail ForeFrontE-mail Complexity Requires Flexibility Full e-mail encryption No public and private key management Gateway, policy-based e-mail encryption Uninterrupted e-mail accessibility Rapid recovery from unplanned disasters and network outages 30-day historical e-mail store Interception-based message archiving Customized report generation for demonstrating compliance Fully-indexed, searchable archive Rapid deployment to meet deadlines or immediate needs

  18. Client & Server OS Edge Server Applications Microsoft Forefront provides greater protection and control over the security of your business’ network infrastructure by providing: A comprehensive line of information protection and access control products Integration with your existing IT infrastructure Simplified deployment, management, and analysis Technical and industry guidance

  19. & Network Access Protection

  20. Extranet Web Server External Web Site DMZ ISA 2006 Appliance Internal Network Attacker Internet Administrator ISA Server 2006Web Access Protection External Attack Resilience Internal Attack Resilience Minimal Downtime Remediation Measures Better Management

  21. ISA Server 2006Flood Mitigation

  22. Network Access Protection IPSec-based NAP Walk-through Quarantine Zone Boundary Zone Protected Zone DHCP May I have a DHCP address? May I have a health certificate? Here’s my SoH. Here you go. Client ok? Yes. Issue health certificate. No! Needs updates. Here’s your health certificate. You don’t get a health certificate! Get updates! Health Registration Authority IAS Client I need updates. X  Accessing the network Here you go. Remediation Server

  23. 2008 Previous Current H2 2006 H1 2007 H2 2007+ Client Server Edge Kraj, datum 25

  24. Microsoft Security Resources • Antigen and ForeFront • http://www.microsoft.com/securemessaging • Network Access Protection Beta • http://www.microsoft.com/technet/itsolutions/network/nap/beta.mspx • ISA Server 2006 Beta • http://www.microsoft.com/isaserver/2006/

More Related