Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Microsoft Forefront Threat Management Gateway 2010 PowerPoint Presentation
Download Presentation
Microsoft Forefront Threat Management Gateway 2010

Microsoft Forefront Threat Management Gateway 2010

988 Views Download Presentation
Download Presentation

Microsoft Forefront Threat Management Gateway 2010

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

    1. Microsoft Forefront Threat Management Gateway 2010 Sandro Galdava http://sandro.community.ge/

    2. Microsoft Forefront Product Family Management Protection and Access Protection Identity Based Access

    3. Management Products Forefront Identity Manager Old name Identity Lifecycle Manager. Is identity management by providing powerful end user self-service capabilities Forefront Protection Manager Forefront Server Security Management Console The new Forefront Server Security Management Console allows administrators to easily manage Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Antigen, providing a Web-based console to centralize configuration and operation, automate the download and distribution of signature and scan engine updates.

    4. Protection and Access Protection Forefront Client Security Forefront Protection 2010 for Exchange Servers Forefront Security for SharePoint Servers Forefront Security for Office Communication Server Forefront Threat Management Gateway

    5. Identity Based Access Forefront Unified Access Gateway New Generation of Intelligent Application Gateway

    7. Whats new Windows Server 2008, Windows Server 2008 R2, and Native 64-Bit Support Web Antivirus and Antimalware Support Enhanced User Interface, Management, and Reporting URL Filtering HTTPS Inspection Network Intrusion Prevention SIP Filter TFTP Filter Network Functionality Enhancements

    8. Forefront TMG Editions Medium Business Edition Included in Windows Essential Business Server Standard Edition Enterprise Edition

    9. System Requirements

    10. Licensing Per CPU based URL Filtering and Malware Inspection definitions per user based

    11. Edition Comparison

    12. Main Functionality Firewall Web Client Protection Email Protection NIS Secure Web Publishing VPN Server Multi-layer Web Security

    13. Whats new Multi-layer Web Security Integrates URL filtering, antimalware inspection, intrusion prevention, application- and network-layer firewalls, and HTTP/HTTPS inspection in a single solution. Forefront Threat Management Gateway Web Protection Service Provides antimalware updates for the integrated Microsoft AV engine and access to Microsoft Reputation Services for URL filtering. URL Filtering Correlation URL security decisions are more accurate as they are based on reputation information from multiple vendors and internal Microsoft security data. Network Inspection System (NIS) Provides signature-based intrusion prevention for web-based threats seeking to exploit known vulnerabilities. Updates for NIS are included in the base server license.

    14. Firewall VoIP Traversal (SIP) Enhanced NAT ISP Link Redundancy (only 2 ISP Providers)

    15. Traffic Filtering Windows Filtering Platform (WFP) Integration Integration with NDIS TMG further improves network security and traffic flow efficiency by inserting a network driver interface specification (NDIS) filter into the network stack. This component provides traffic filtering at network layer 2 and, when TMG policies allow, also provides a fast-path for traffic directly between network interfaces. Traffic filtering mechanisms to layer 2 through the use of a Network Driver Interface Specification (NDIS) driver SA server performed quite well as an application-level firewall in a great many deployments, the lack of support for IPv6 or non-IP protocol filtering at network layer 3 caused many firewall administrators to consider ISA 2006 an incomplete firewall solution.

    16. Traffic Filtering TFTP Filtering TFTP FilterTFTP is generally used by BootP clients to download an operating system Web Antivirus and Anti-Malware Support The HTTP Malware filter is a Web filter that intercepts traffic between the client and Web server. The content of this traffic is stored in memory or on disk, depending on the size of the content. The TMG MPEngine (Microsoft Malware Protection Engine) scans the content before it is delivered to the client.

    17. ISP Link Redundancy

    18. Network Inspection System (NIS) Traffic can be inspected for exploits of Microsoft vulnerabilities. Based on protocol analysis, NIS enables blocking of classes of attacks while minimizing false positives. Protections can be updated as needed. Based on subscription. No critical requirement to install updates a.s.a.p..

    19. Network Inspection System (NIS) Is a new traffic analysis mechanism included in TMG. NIS is built on network protocol analysis work done by Microsoft Research on the Generic Application-Level Protocol Analyzer (GAPA). Although NIS is able to discover invalid traffic based on static signatures. NIS operations are driven by signature definitions. Security bulletins are dowloaded separetly

    20. Network Inspection System (NIS)

    21. Malware Inspection The primary goals of TMG Malware Inspection are: Minimize the threat imposed by Web-sourced malware Provide malware defense for hosts in TMG-protected networks Minimize the impact on TMG performance Provide a mechanism that is reliable and flexible

    22. Malware Inspection Inbound and outbound Web traffic is inspected for viruses and malware, including archived folders. Encrypted folders can be blocked. For large files, users are trickled the file to assure them the file is being downloaded.

    23. Malware Inspection

    24. Malware Inspection

    25. HTTPS Inspection HTTPS-encrypted sessions can be inspected for malware or exploits. Specific groups of sitessuch as banking sitescan be excluded from inspection for privacy reasons. Users of the TMG Firewall Client can be notified of the inspection.

    26. HTTPS Inspection

    27. HTTPS Inspection

    28. HTTPS Inspection

    29. URL Filtering Destination URLs are examined for compliance with corporate policy and for malicious potential of destination Web site. Forefront TMG uses Microsoft Reputation Services for URL filtering, combining multiple sources to increase coverage of URLs and categorization. Sites can be categorized in two or more category. More harmful takes precedence.

    30. URL Filtering

    31. Microsoft Reputation Services

    32. URL Filtering

    33. E-mail security Forefront TMG provides central management for Exchange and Forefront Protection 2010 for Exchange when located on the same server. Forefront TMG does not include either Exchange or Forefront Protection 2010 for Exchange. Both must be purchased and installed separately. Blocks E-Mail Attachments with Malicious Code, E-Mail Attachments with Malicious Code, E-Mail Attachments with Malicious Code

    34. Publishing Like ISA Server 2006, TMG provides two types of publishing scenarios: Web Publishing Web Publishing is dependent on the Web Proxy filter Server Publishing Server Publishing may use one of any of the remaining application filters

    35. Publishing Rules Microsoft Exchange Server 2010 publishing option Microsoft Sharepoint Office Sharepoint 2010 publishing option IP PBX publishing (SIP) And more, more, more

    36. Publishing

    37. Enhanced Network Address Translation (NAT) Forefront TMG now enables you to specify individual e-mail servers that can be published on a 1-to-1 NAT basis. Using an alternate IP address for outbound traffic. Many domains only allow mail from specific IP addresses. One major feature that was missing in ISA Server was the use of an alternate IP address for outbound traffic. If for some reason the Mail Exchange (MX) record of a domain was registered toa different IP address than the default IP address on the external interface of your ISA firewall, the mail would be sent only using the default IP address, causing the remote domain to reject the e-mail. Many domains only allow mail from specific IP addresses. One major feature that was missing in ISA Server was the use of an alternate IP address for outbound traffic. If for some reason the Mail Exchange (MX) record of a domain was registered toa different IP address than the default IP address on the external interface of your ISA firewall, the mail would be sent only using the default IP address, causing the remote domain to reject the e-mail.

    38. Enhanced Voice over IP support Forefront TMG includes SIP traversal, enabling simpler deployment of Voice over IP within the network.

    39. VPN Site-to-site VPN Remote access VPN Inspection of VPN traffic VPN quarantine SecureNAT for VPN clients SecureNAT for VPN clients Integration with Network Policy Server and NAP Direct Access is in UAG SSL VPN (SSTP)

    40. Better Management Enterprise policy Policy can be assigned to gateways, arrays, or enterprise-wide. Real-time monitoring and reporting Report creation and publishing Reports can be designed for specific needs and then published locally or to a network file share. External logging Can be installed before joining to the domain

    41. Forefront TMG Console

    42. Forefront TMG Reports Based on Microsoft SQL Reporting Services More human friendly

    43. Forefront TMG Reports

    44. Forefront TMG Reports

    45. Compare TMG with ISA Server 2006 and TMG MBE