säkerhet och compliance för e-post och realtidskommunikation brjann brekkan

Säkerhet och compliance för e-post och

realtidskommunikation

Brjann Brekkan

Agenda

Del 1Del 1Security 101 – Common terminologySecurity 101 – Common terminologyMicrosoft Secure MessagingMicrosoft Secure Messaging

Del 2Del 2Solutions from Microsoft on Secure Solutions from Microsoft on Secure MessagingMessaging

Agenda Del 1

Security 101 – Common terminologySecurity 101 – Common terminologyTransport of messagesTransport of messagesValidate Domain IdentityValidate Domain IdentityValidate Senders IDValidate Senders IDProtect InformationProtect InformationMalwareMalware

Microsoft Secure MessagingMicrosoft Secure MessagingMicrosoft Exchange Hosted ServicesMicrosoft Exchange Hosted ServicesMicrosoft Antigen solutionsMicrosoft Antigen solutionsMicrosoft ISA ServerMicrosoft ISA ServerMicrosoft Exchange ServerMicrosoft Exchange ServerMicrosoft Live Communication ServerMicrosoft Live Communication Server

Transport of messages

Message to Message to [email protected]@brekkan.com from [email protected] [email protected] names ; brekkan.comDomain names ; brekkan.comDNS Records ; MX and SIPDNS Records ; MX and SIPbrekkan.com brekkan.com exchange:1231380561.pamx1.hotmaiexchange:1231380561.pamx1.hotmail.coml.com

Mail is sent cleartext – Postcard !Mail is sent cleartext – Postcard !

mailto:[email protected]

Validate identity

[email protected]@brekkan.com receives email receives emailbrekkan.com server maybe validates brekkan.com server maybe validates sending serversending serverReverse DNS lookup Reverse DNS lookup Microsoft has solution called Sender Microsoft has solution called Sender IDID

DNS Based solution to validate sending DNS Based solution to validate sending serverserver

Well known domains, partners, Well known domains, partners, customers?customers?

Certificate validation between Mail Certificate validation between Mail serversservers


Validate senders ID

[email protected]@brekkan.com receives email receives [email protected]@microsoft.com has signed has signed email with Certificate based solutionemail with Certificate based [email protected] client validates [email protected] client validates certificate used to sign emailcertificate used to sign emailSender can also choose to encrypt Sender can also choose to encrypt emailemailTechnologies: Technologies:

S/MIMES/MIMEPGP PGP



Protect Information

Emails and IM contain informationEmails and IM contain informationProtect in transportProtect in transport

EncryptEncryptBetween clientsBetween clientsBetween serversBetween servers

SignSignMessageMessage

Protect after transportProtect after transportInformation Rights Managent / Digital Information Rights Managent / Digital Rights Management / Rights Management Rights Management / Rights Management ServicesServicesEFSEFS

Differentiates permissions by Differentiates permissions by recipientrecipient

Feature Comparison (S/MIME and IRM)

S/MIME S/MIME signingsigning

S/MIME S/MIME encryptionencryptionFeatureFeature

Authenticates the recipientAuthenticates the recipient

Can encrypt contentCan encrypt content

Protects against content Protects against content tamperingtampering

Offers content expirationOffers content expiration

Controls content reading, Controls content reading, forwarding, saving, modifying, or forwarding, saving, modifying, or printing by recipientprinting by recipient

NoNo

NoNo

Yes *Yes *

NoNo

NoNo

NoNo

NoNo

YesYes

No **No **

NoNo

NoNo

NoNo

YesYes

YesYes

YesYes

YesYes

YesYes

YesYes

IRMIRM

* S/MIME digital signatures do not prevent content tampering, but do indicate to the recipient if tampering was done after the signature was applied.

** S/MIME encryption helps prevent unauthorized access to encrypted data, but it does not prevent tampering of the encrypted information.

Capable of using a smart card for Capable of using a smart card for key storagekey storage

YesYes YesYes NoNo

What if email / IM is malware

Virus - don’t click...Virus - don’t click...Spam – don’t let through...Spam – don’t let through...Phising – learn what it is and filter it...Phising – learn what it is and filter it...... ... ... ...

Be Careful Out There !Be Careful Out There !

Antivirus and antispam protection Antivirus and antispam protection needed !needed !

Multilayered protection to Multilayered protection to protect from encrypted malware !protect from encrypted malware !

Summary of Security 101

Transport is not secure by default – Transport is not secure by default – yetyetIdentity validation is not part of SMTPIdentity validation is not part of SMTP

Enterprise IM is different Enterprise IM is different Todays technologies work but can be Todays technologies work but can be easiereasierProtect your information everywhereProtect your information everywhereAntivirus and Antispam and Antivirus and Antispam and Antiphising and well .. Anti Malware Antiphising and well .. Anti Malware is neededis needed

Today’s Challenges

“Most viruses are designed to propagate themselves through e-mail… In 2005, 86% of viruses used e-mail as a self-propagation medium…”

-- The Radicati Group, Inc., E-mail Security: Appliances, Software and Services, 2005 - 2009

900 million viruses and 52.4 billion spam messages are sent per day. Virus traffic has increased by 80% in 2005!

-- The Radicati Group, Inc., E-mail Security: Appliances, Software and Services, 2005 - 2009

In 2004, 78% of enterprises hit by viruses, and 37% reported unauthorized access to information

--2004 CSI and FBI Computer Crime and Security Survey

Agenda part 1

Security 101 – Common terminologySecurity 101 – Common terminologyTransport of messagesTransport of messagesValidate Domain IdentityValidate Domain IdentityValidate Senders IDValidate Senders IDProtect InformationProtect InformationMalwareMalware

Microsoft Secure MessagingMicrosoft Secure MessagingMicrosoft Exchange Hosted ServicesMicrosoft Exchange Hosted ServicesMicrosoft Antigen solutionsMicrosoft Antigen solutionsMicrosoft ISA ServerMicrosoft ISA ServerMicrosoft Exchange ServerMicrosoft Exchange ServerMicrosoft Live Communication ServerMicrosoft Live Communication Server

Au

then

ticati

on

an

d A

uth

ori

zati

on

Au

then

ticati

on

an

d A

uth

ori

zati

on

Hosted ServicesHosted Services

Corporate Corporate NetworkNetwork

Exte

rnal

Exte

rnal

Fir

ew

all

Fir

ew

all

ISA ISA ServerServer

Inte

rnal

Inte

rnal

Fir

ew

all

Fir

ew

all

DMZDMZ

On-Premise On-Premise SoftwareSoftware

Antigen for Antigen for ExchangeExchange

Antigen for SMTP Antigen for SMTP GatewaysGateways

Advanced Spam Advanced Spam ManagerManager

Microsoft Microsoft Exchange Hosted Exchange Hosted

ServicesServices

InternetInternet

Microsoft Secure Messaging

Microsoft Secure Messaging SolutionsMicrosoft Secure Messaging Solutions

Provide customers with Provide customers with choicechoice in how they deploy, manage their messaging in how they deploy, manage their messaging infrastructureinfrastructure

Offers a Offers a full, multi-layer solutionfull, multi-layer solution made up of on-premise software and hosted made up of on-premise software and hosted servicesservices

Offer software and services that run Offer software and services that run better togetherbetter together with Microsoft Exchange with Microsoft Exchange

About FrontBridge TechnologiesAbout FrontBridge TechnologiesPrivately-held company based in Los Angeles, CaliforniaPrivately-held company based in Los Angeles, CaliforniaLeading provider of managed messaging services Leading provider of managed messaging services Addresses corporate e-mail compliance, security, and Addresses corporate e-mail compliance, security, and availability availability Offers managed services for Microsoft Exchange, Lotus Offers managed services for Microsoft Exchange, Lotus Domino, and other SMTP-compliant e-mail serversDomino, and other SMTP-compliant e-mail servers

Customer BenefitsCustomer BenefitsNo upfront capital investmentNo upfront capital investmentMinimizes IT managementMinimizes IT managementAids in regulatory complianceAids in regulatory complianceProtection from viruses, spamProtection from viruses, spam

Customer BenefitsCustomer BenefitsNo upfront capital investmentNo upfront capital investmentMinimizes IT managementMinimizes IT managementAids in regulatory complianceAids in regulatory complianceProtection from viruses, spamProtection from viruses, spam

August 2005 acquisition as part of Microsoft’s comprehensive approach for providing customers with greater flexibility and choice in how their

messaging and collaboration solutions are delivered

FrontBridge Acquisition

Rapid deployment and easy Rapid deployment and easy provisioning provisioning Rapid response and scale to address Rapid response and scale to address threatsthreatsComprehensive set of servicesComprehensive set of services

Au

then

ticati

on

an

d A

uth

ori

zati

on

Au

then

ticati

on

an

d A

uth

ori

zati

on



Exte

rnal

Exte

rnal

Fir

ew

all

Fir

ew

all


Inte

rnal

Inte

rnal

Fir

ew

all

Fir

ew

all

Perimeter Perimeter Network Network

Software on the Software on the PremisesPremises




InternetInternet


Exchange Services

Provides Provides CHOICECHOICE in how customers deploy, manage their messaging in how customers deploy, manage their messaging infrastructureinfrastructure

Exchange offers both on-premise Exchange offers both on-premise ANDAND hosted e-mail through service hosted e-mail through service providersproviders

Hosted Services Hosted Services COMPLEMENTCOMPLEMENT any Exchange mailbox any Exchange mailbox

HOSTED EXCHANGEHOSTED EXCHANGE(through service (through service

providers)providers)

Complementary ServicesComplementary ServicesChoice for MessagingChoice for Messaging

Hosted Services Network Infrastructure

Hosted services provisioned across a reliable network Hosted services provisioned across a reliable network infrastructureinfrastructure

SLA uptime guarantees of 99.999 percentSLA uptime guarantees of 99.999 percent

Services activated with simple mail exchange record redirectServices activated with simple mail exchange record redirect

Requires minimal IT administration; centralized controlRequires minimal IT administration; centralized control

Scalability without additional cost; can handle all message volume Scalability without additional cost; can handle all message volume variationsvariations

Helps free local loop, customer’s servers, and bandwidth from Helps free local loop, customer’s servers, and bandwidth from unwanted trafficunwanted traffic

Delivers legitimate messages to customer’s siteDelivers legitimate messages to customer’s site

Au

then

ticati

on

an

d A

uth

ori

zati

on

Au

then

ticati

on

an

d A

uth

ori

zati

on



Exte

rnal

Exte

rnal

Fir

ew

all

Fir

ew

all


Inte

rnal

Inte

rnal

Fir

ew

all

Fir

ew

all

DMZDMZ






ServicesServices

InternetInternet






Antigen Solutions

Live Live Communications Communications

ServerServer

SharePoint SharePoint ServerServer

Exchange ServersExchange Servers


Windows SMTP Windows SMTP ServerServer

VirusesViruses

WormsWorms

SpamSpam

Stop viruses at the network edge on ISA server and SMTP Stop viruses at the network edge on ISA server and SMTP GatewaysGateways

Protect Exchange 5.5, 2000, and 2003 from viruses and Protect Exchange 5.5, 2000, and 2003 from viruses and provideprovidecontent filteringcontent filtering

Reduce spam on ISA Server, Exchange and Windows SMTP Reduce spam on ISA Server, Exchange and Windows SMTP servers with Antigen’s Advanced Spam Manager option servers with Antigen’s Advanced Spam Manager option Protect Live Communications Server 2005 with antivirus and Protect Live Communications Server 2005 with antivirus and content scanningcontent scanningProtect SharePoint document libraries from viruses and Protect SharePoint document libraries from viruses and unwanted contentunwanted content

IM and IM and DocumentsDocuments

E-E-mailmail

LayeredLayeredDefenseDefense

ss

Server Server OptimizationOptimization

Content Content ControlControl

Au

then

ticati

on

an

d A

uth

ori

zati

on

Au

then

ticati

on

an

d A

uth

ori

zati

on



Exte

rnal

Exte

rnal

Fir

ew

all

Fir

ew

all


Inte

rnal

Inte

rnal

Fir

ew

all

Fir

ew

all

DMZDMZ






ServicesServices

InternetInternet






Using Exchange and ISA Server Together

Exchange Client Access Scenarios:Exchange Client Access Scenarios:OWAOWAOMA, ActiveSyncOMA, ActiveSyncRPC/HTTPRPC/HTTP

ISA Server 2004 provides additional ISA Server 2004 provides additional security to the above scenarios:security to the above scenarios:

Application layer inspectionApplication layer inspectionAuthentication solutionsAuthentication solutionsFirewall protectionFirewall protectionLogging and MonitoringLogging and MonitoringRPC filtering (for Exchange 2000)RPC filtering (for Exchange 2000)

More secure e-mail access for remote users

Improved manageability and ease of use

Exchange is better protected from malicious attacks

Microsoft® ISA Server 2004: an advanced application-layer firewall, Web cache, and virtual private network (VPN)

Secure Publishing of Exchange on the Internet using ISA Server 2004

Protect IT assets while providing employees with connectivity to Exchange, the Web and corporate network

New Version of Firewall Solution Improves E-mail Security for World’s Largest Software Company

“ISA Server 2004 has a vastly improved administrative user interface that makes it far easier to view and

manage access policies.”

Michael Ward, Senior Systems Engineer, Connectivity Services, Microsoft IT

Au

then

ticati

on

an

d A

uth

ori

zati

on

Au

then

ticati

on

an

d A

uth

ori

zati

on



Exte

rnal

Exte

rnal

Fir

ew

all

Fir

ew

all


Inte

rnal

Inte

rnal

Fir

ew

all

Fir

ew

all

DMZDMZ






ServicesServices

InternetInternet






The Server and Client

Exchange ServerExchange ServerOutlookOutlookLive Communication ServerLive Communication ServerOffice CommunicatorOffice Communicator

Exchange 2003 Security Features

Secure Default SettingsSecure Default SettingsSome services turned off by default to reduce Some services turned off by default to reduce attack surface (e.g. OMA, POP3, etc.)attack surface (e.g. OMA, POP3, etc.)

Anti-spamAnti-spamExternal content blockingExternal content blocking in OWA and Outlook in OWA and Outlook 20032003DLs can require authenticated submissionDLs can require authenticated submissionReal time Blackhole list supportReal time Blackhole list supportAnti-Spam Partner IntegrationAnti-Spam Partner Integration

Kerberos Authentication for Outlook 2003Kerberos Authentication for Outlook 2003Single Sign-on, including with Multi-Forest Single Sign-on, including with Multi-Forest implementationsimplementations

Forms-Based Authentication for OWAForms-Based Authentication for OWATimeout, Forced LogoffTimeout, Forced Logoff

S/MIME Support for OWAS/MIME Support for OWA

Gateway Server Transport

Exchange Server 2003

Mailbox ServerStore

JunkMail

Folder

JunkMail

Folder

Inbox

Exchange 2003 OWA

Outlook 2003

SCL = Spam Confidence Level

Exchange/Outlook Anti-Spam IntegrationExchange/Outlook Anti-Spam Integration

Spam?

UserSafe & Junk

Senders

Exchange IMF

ISV Solutions

Allow/Deny Lists

Real-Time Block Lists

Recipient & Sender Filtering

Message + SCL

Spam?

UserSafe & Junk

Senders

Inbox

UserSafe & Junk

SendersSMTP

Message

Outlook Security features

Anti Spam integration with Exchange Anti Spam integration with Exchange ServerServerNo active content run in inboxNo active content run in inboxPicturesPicturesRPC / HTTPSRPC / HTTPSS/MIMES/MIMEInformation Rights Management Information Rights Management supportsupport

Secure Instant Messaging

Live Communication ServerLive Communication ServerOffice CommunicatorOffice Communicator

Secure IMSecure IMAD AuthenticationAD AuthenticationArchivingArchivingAnti Virus APIAnti Virus API3rd party for higher compliance 3rd party for higher compliance demandsdemands

Across Across NetworksNetworks

Across Across DevicesDevices

Application Application IntegrationIntegration

CalendariCalendaringng

Web & Video Web & Video ConferencingConferencing

InstantInstantMessagingMessaging

& VoIP& VoIP

E-MailE-Mail

Team Team WorkspacesWorkspaces

Identity Identity & Presence& Presence

End User Value:End User Value:Unified familiar experienceUnified familiar experienceRich-presence; multimodalRich-presence; multimodalFrom any device,From any device,

any applicationany application

IT Manager Value:IT Manager Value:Infrastructure simplificationInfrastructure simplificationSecure CommunicationSecure CommunicationConsolidationConsolidationLow TCOLow TCO

ISV & Developer Value:ISV & Developer Value:Standards-based platformStandards-based platformRich API’s & Web servicesRich API’s & Web servicesDeveloper toolsDeveloper tools

Integrated CommunicationsIntegrated Communications

Agenda part 2

Solutions from MicrosoftSolutions from MicrosoftMicrosoft Exchange Hosted ServicesMicrosoft Exchange Hosted ServicesMicrosoft AntigenMicrosoft AntigenMicrosoft ISA ServerMicrosoft ISA ServerThe server itselfThe server itself


Au

then

ticati

on

an

d A

uth

ori

zati

on

Au

then

ticati

on

an

d A

uth

ori

zati

on



Exte

rnal

Exte

rnal

Fir

ew

all

Fir

ew

all


Inte

rnal

Inte

rnal

Fir

ew

all

Fir

ew

all






InternetInternet


Spam, viruses, Spam, viruses, and phishing and phishing plague inboxesplague inboxes

Organizations Organizations have difficulty have difficulty staying ahead of staying ahead of messaging threatsmessaging threats

Active Active ProtectionProtection

Regulatory Regulatory compliance critical compliance critical in many industriesin many industries

Stiff penalties for Stiff penalties for e-mail misusee-mail misuse

1 in 5 employers 1 in 5 employers has had e-mail has had e-mail subpoenaed*subpoenaed*

Confident Confident ComplianceCompliance

Reduce Cost and Reduce Cost and ComplexityComplexity

Business Challenges

*2005 Electronic Monitoring & Surveillance Survey from American Management Association (AMA) and the ePolicy Institute*2005 Electronic Monitoring & Surveillance Survey from American Management Association (AMA) and the ePolicy Institute

Compliance Compliance RequiremeRequireme

ntsntsNetwork Network infrastructure infrastructure crowded with point crowded with point solutionssolutions

Need for reliable Need for reliable and cost-effective and cost-effective systemssystems

IT IT Infrastructure Infrastructure

ComplexityComplexity

Rising Security Rising Security VulnerabilitiesVulnerabilities

Active Active ProtectionProtection

Confident Confident ComplianceCompliance

Reduced Cost and Reduced Cost and ComplexityComplexity

Help eliminate Help eliminate threats before threats before they reach your they reach your networknetwork

Provide e-mail Provide e-mail that’s always that’s always availableavailable

Scale at no Scale at no additional cost to additional cost to protect against protect against threatsthreats

Manage Manage regulatory regulatory compliance compliance requirements requirements

Govern use of the Govern use of the e-mail system e-mail system and help prevent and help prevent misusemisuse

Respond quickly Respond quickly to litigation to litigation requestsrequests

Activate quickly Activate quickly with a simple mail with a simple mail exchange record exchange record change change

Integrate with Integrate with your existing e-your existing e-mail mail infrastructureinfrastructure

Deploy quickly Deploy quickly without up-front without up-front capital capital investmentinvestment

Hosted Service Benefits

Microsoft Exchange Hosted Services

Real-time threat prevention featuresReal-time threat prevention features

Multi-layer anti-spam and anti-virusMulti-layer anti-spam and anti-virus

Customized content and policy enforcementCustomized content and policy enforcement

E-mail retention for help with compliance and e-discoveryE-mail retention for help with compliance and e-discovery

Customized report generation for help demonstrating Customized report generation for help demonstrating compliancecompliance

Fully indexed, searchable archiveFully indexed, searchable archive

Full e-mail encryption Full e-mail encryption

No public and private key managementNo public and private key management

Gateway, policy-based e-mail encryptionGateway, policy-based e-mail encryption

Uninterrupted e-mail accessibilityUninterrupted e-mail accessibility

Rapid recovery from unplanned disasters and network Rapid recovery from unplanned disasters and network outagesoutages

Thirty-day rolling historical e-mail storeThirty-day rolling historical e-mail store

Hosted Filtering

Only requires a simple MX record Only requires a simple MX record

Real-time Attack Prevention (RTAP) and Directory Services protect against large Real-time Attack Prevention (RTAP) and Directory Services protect against large attacksattacks

Comprehensive virus filter delivers day-zero protection using multiple, anti-virus Comprehensive virus filter delivers day-zero protection using multiple, anti-virus enginesengines

Flexible policy filter to enforce any email-use rulesFlexible policy filter to enforce any email-use rules

Strong spam filtering effectivenessStrong spam filtering effectiveness

E-mail queuing helps ensure mail is never lostE-mail queuing helps ensure mail is never lost

Spam Quarantine

Policy Filter

Jelly Belly CandyCompany OverviewCompany Overview

Number one gourmet jelly bean companyNumber one gourmet jelly bean companyChallengeChallenge

70% of inbound email was spam, slowing their Exchange Server 70% of inbound email was spam, slowing their Exchange Server performance performance

SolutionSolutionImplemented Hosted Filtering to reduce the load on Exchange serverImplemented Hosted Filtering to reduce the load on Exchange server

ResultsResultsMore than 95% of spam stopped with zero false positivesMore than 95% of spam stopped with zero false positives15,000 viruses stopped every month15,000 viruses stopped every monthSaved more than 2 GB of storage per monthSaved more than 2 GB of storage per month

““The implementation The implementation was so easy - a simple was so easy - a simple MX record change and MX record change and reconfiguring our reconfiguring our firewall was all it took to firewall was all it took to see a dramatic decrease see a dramatic decrease in the amount of spam in the amount of spam we were receiving.”we were receiving.”

Gary Praegitzer, Gary Praegitzer, Network AdministratorNetwork Administrator

http://www.jellybelly.com/

Hosted Filtering Benefits

A more secure, reliable messaging A more secure, reliable messaging experienceexperienceActive protection features help guard Active protection features help guard against e-mail threatsagainst e-mail threatsDisaster recovery helps ensure Disaster recovery helps ensure business business e-mail deliverye-mail deliveryHassle-free deployment and Hassle-free deployment and maintenancemaintenance

Archive repository benefits from upstream spam and virus protection Archive repository benefits from upstream spam and virus protection featuresfeatures

Full text indexing of e-mail and attachments, IM and Bloomberg mailFull text indexing of e-mail and attachments, IM and Bloomberg mail

HR/Legal can search all message streams and tag, forward, export HR/Legal can search all message streams and tag, forward, export contentcontent

Compliance tools for supervising, escalating, tracking messagesCompliance tools for supervising, escalating, tracking messages

Admin tools for message restoration, communication during an outageAdmin tools for message restoration, communication during an outage

Users can access message archive via the web for real time email Users can access message archive via the web for real time email functionalityfunctionality

Hosted Archive

Powerful E-Discovery

End-User Productivity

Brecek and Young AdvisorsCompany OverviewCompany Overview

Independent broker/dealer with billions under managementIndependent broker/dealer with billions under managementChallengeChallenge

Overburdened email systemOverburdened email systemSubject to NASD compliance requirementsSubject to NASD compliance requirementsSought solution for electronic archiving Sought solution for electronic archiving

SolutionSolutionImplemented Hosted Archive to assist with email retention and Implemented Hosted Archive to assist with email retention and compliance monitoring compliance monitoring Solution used during NASD auditSolution used during NASD audit

ResultsResultsStreamlined audit processStreamlined audit processCut message management costsCut message management costs

““The audit of our The audit of our

messaging system was messaging system was

made painless by our made painless by our

implementation of implementation of

Microsoft Exchange Hosted Microsoft Exchange Hosted

Archive.”Archive.”

– – Tom Delaney, Chief Tom Delaney, Chief

Compliance OfficerCompliance Officer

Hosted Archive Benefits

In-stream message captureIn-stream message capture

Web-based access tools require minimal Web-based access tools require minimal user traininguser training

Integrated message management toolsIntegrated message management tools

E-mail continuity, disaster recovery is E-mail continuity, disaster recovery is always on always on

Robust searchingRobust searching

No need for capital investmentNo need for capital investment

Message store benefits from upstream spam and virus protection Message store benefits from upstream spam and virus protection featuresfeatures

Messages captured and copied in real timeMessages captured and copied in real time

Searchable message store always contains last 30-days of e-mailSearchable message store always contains last 30-days of e-mail

Familiar GUI means minimal end user trainingFamiliar GUI means minimal end user training

Recovery Manager for e-mail restoration, seamless access during an Recovery Manager for e-mail restoration, seamless access during an outageoutage

Hosted Continuity

End-User Access

Recovery Management Tools

3D InternationalCompany OverviewCompany Overview

Design construction and project management companyDesign construction and project management companyChallengeChallenge

E-mail continuity needed because of approaching Hurricane RitaE-mail continuity needed because of approaching Hurricane RitaSolutionSolution

Implemented Microsoft Exchange Hosted Continuity to help ensure Implemented Microsoft Exchange Hosted Continuity to help ensure email continuity in the event that their primary Exchange server email continuity in the event that their primary Exchange server would go downwould go down

ResultsResultsFully-functional e-mail system available for use from remote Fully-functional e-mail system available for use from remote locationslocationsEmail continued as normal with employees using Hosted Continuity Email continued as normal with employees using Hosted Continuity

““With Hurricane Rita heading toward us, we With Hurricane Rita heading toward us, we

need to keep our communications going during need to keep our communications going during

a catastrophe.”a catastrophe.”

Gerald Van Benschop, Director of ITGerald Van Benschop, Director of IT

Hosted Continuity Benefits

E-mail continuity and disaster E-mail continuity and disaster recovery is always onrecovery is always onWeb-based access tools require Web-based access tools require minimal training minimal training In-stream message captureIn-stream message captureSearchable message storeSearchable message storeNo need for capital investment No need for capital investment

Business Challenges

E-mail is inherently insecureE-mail is inherently insecureOrganizations must find ways to Organizations must find ways to ensure the privacy and security of ensure the privacy and security of sensitive datasensitive dataNeed to protect partner and supply Need to protect partner and supply chain networkschain networksEnterprises are looking at ways to Enterprises are looking at ways to help reduce operating expenseshelp reduce operating expensesIT resources are overburdenedIT resources are overburdened

Encryption is performed via rules and enforced by gatewayEncryption is performed via rules and enforced by gateway

Voltage Identity-Based Encryption (IBE) uses a common ID for Voltage Identity-Based Encryption (IBE) uses a common ID for public keypublic key

Encrypts any e-mail and attachmentsEncrypts any e-mail and attachments

Supports all systems and e-mail clientsSupports all systems and e-mail clients

TLS-enabled network further ensures security of messages TLS-enabled network further ensures security of messages

Zero Download Manager (ZDM) enables secure, web-based Zero Download Manager (ZDM) enables secure, web-based decryption with encrypted replies for any mail recipientdecryption with encrypted replies for any mail recipient

Hosted Encryption

Policy Enforcement

Gateway EncryptionPolicy-based encryption Policy-based encryption transparent to the end usertransparent to the end user

Minimal end-user trainingMinimal end-user training

No passwords or No passwords or pre-enrollmentpre-enrollmentEncrypted messages Encrypted messages delivered directly to desktopdelivered directly to desktop

Message body and Message body and attachments remain attachments remain encryptedencrypted

No additional software No additional software required for decryptionrequired for decryption

No need for keys or No need for keys or certificatescertificatesZero Download MessengerZero Download Messenger

Example: SendExample: Send

Example: ReceiveExample: Receive

Zero Download MessengerRecipients authenticated Recipients authenticated before viewing encrypted before viewing encrypted messagesmessages

E-mail answerbackE-mail answerback

Decryption can be Decryption can be performed by users of all performed by users of all technical ability levels, even technical ability levels, even novicesnovices

Supports unknown and “one-Supports unknown and “one-time” recipientstime” recipients

Requires no additional Requires no additional software to read messagessoftware to read messagesAuthenticity verified by Authenticity verified by digital signaturedigital signatureRecipients able to reply with Recipients able to reply with confidence to encrypted confidence to encrypted messagesmessages

[email protected] authenticated by secure.frontbridge.com

Hosted Encryption Benefits

CompatibilityCompatibilityEase of useEase of useLow costLow costSecurity-enhancedSecurity-enhanced

Mitigate messaging risks before they reach Mitigate messaging risks before they reach the corporate e-mail serverthe corporate e-mail server

Reduce e-mail infrastructure cost and Reduce e-mail infrastructure cost and complexity by outsourcing to a trusted complexity by outsourcing to a trusted providerprovider

Help eliminate large upfront capital Help eliminate large upfront capital investmentsinvestments

Help meet compliance challengesHelp meet compliance challenges

Minimize load on Exchange Server by Minimize load on Exchange Server by handling hygiene and archival handling hygiene and archival management out in the Internetmanagement out in the Internet

Summary Hosted Services


Au

then

ticati

on

an

d A

uth

ori

zati

on

Au

then

ticati

on

an

d A

uth

ori

zati

on



Exte

rnal

Exte

rnal

Fir

ew

all

Fir

ew

all


Inte

rnal

Inte

rnal

Fir

ew

all

Fir

ew

all






InternetInternet


Antigen Solutions

Live Live Communications Communications

ServerServer

SharePoint SharePoint ServerServer

Exchange ServersExchange Servers


Windows SMTP Windows SMTP ServerServer

VirusesViruses

WormsWorms

SpamSpam

Stop viruses at the network edge on ISA server and SMTP Stop viruses at the network edge on ISA server and SMTP GatewaysGateways

Protect Exchange 5.5, 2000, and 2003 from viruses and Protect Exchange 5.5, 2000, and 2003 from viruses and provideprovidecontent filteringcontent filtering

Reduce spam on ISA Server, Exchange and Windows SMTP Reduce spam on ISA Server, Exchange and Windows SMTP servers with Antigen’s Advanced Spam Manager option servers with Antigen’s Advanced Spam Manager option Protect Live Communications Server 2005 with antivirus and Protect Live Communications Server 2005 with antivirus and content scanningcontent scanningProtect SharePoint document libraries from viruses and Protect SharePoint document libraries from viruses and unwanted contentunwanted content

IM and IM and DocumentsDocuments

E-E-mailmail

LayeredLayeredDefenseDefense

ss

Server Server OptimizationOptimization

Content Content ControlControl

Layered Defenses

Protection at multiple points in the Protection at multiple points in the networknetwork

Edge: Antigen for SMTP, Advanced Spam Edge: Antigen for SMTP, Advanced Spam ManagerManagerE-Mail Server: Antigen for Exchange, E-Mail Server: Antigen for Exchange, Advanced Spam ManagerAdvanced Spam ManagerSharePoint Server: Antigen for SharePoint SharePoint Server: Antigen for SharePoint Live Communications Server: Antigen for Live Communications Server: Antigen for Instant MessagingInstant Messaging

Multiple engine managementMultiple engine managementUp to eight antivirus engines availableUp to eight antivirus engines availableAdvanced Spam Manager integration with Advanced Spam Manager integration with Microsoft IMFMicrosoft IMF

Multiple Scan Engine Management

• Manage up to 8 scan enginesManage up to 8 scan engines

• Eliminate single point of failureEliminate single point of failure

• Minimize window of exposure Minimize window of exposure during outbreaks during outbreaks

Scan Engine 1Scan Engine 1



Scan Engine 3Scan Engine 3QuarantineQuarantine

Why Multiple Scan Engines?

Crash ProtectionCrash ProtectionIf one engine fails, other engines remain If one engine fails, other engines remain online and continue scanningonline and continue scanning

Rollback ProtectionRollback ProtectionTo receive updates, an engine is taken To receive updates, an engine is taken offline, updated, tested and reactivated. If offline, updated, tested and reactivated. If at any step the engine fails, Antigen at any step the engine fails, Antigen automatically rolls back to the previous automatically rolls back to the previous working version, activates it, and sends an working version, activates it, and sends an alert.alert.

Update ProtectionUpdate ProtectionWhen an engine is updating, the other When an engine is updating, the other active engines step in to scan, maintaining active engines step in to scan, maintaining the same level of protection. Mail does NOT the same level of protection. Mail does NOT queue nor pass through the system queue nor pass through the system unscanned.unscanned.

Signature Updates

24:38:00

23:15

21:38

21:33

21:27

21:18

20:46

20:24

19:54

18:49

18:44

18:18

18:18

18:14

17:38

17:27

17:19

16:56

16:54

16:39

Symantec

eTrust-VET

McAfee

Avast

AVG

Trend Micro

Norman

AntiVir

eTrust- INO

Panda

VirusBuster

Fortinet

F-Secure

Ikarus

Command

Sophos

BitDefender

AVK

F-Prot

Kaspersky

Sober.P Virus Sober.P Virus Detection TimeDetection Time

May 2, 2005 (GMT)May 2, 2005 (GMT) No. Updates/DayNo. Updates/Day

KasperskyKaspersky 18.518.5

Dr. WebDr. Web 10.710.7

SophosSophos 2.72.7

BitDefenderBitDefender 1.71.7

ClamAVClamAV 1.51.5

AntiVirAntiVir 1.41.4

F-SecureF-Secure 1.41.4

PandaPanda 1.31.3

IkarusIkarus 1.11.1

SymantecSymantec 1.11.1

Trend MicroTrend Micro 1.01.0

AV-Test.org May 2005

AV-Test.org Feb. 2005

January 2005 UpdatesJanuary 2005 Updates

Time of Day

Hour : Minute

Note: the chart (left) Note: the chart (left) represents a represents a singlesingle virus virus outbreak only. It does outbreak only. It does notnot represent average response represent average response times for the listed times for the listed antivirus labs.antivirus labs.

Sybari EnginesSybari Engines

Server Optimization

Focus on maximizing performanceFocus on maximizing performance

In-memory scanning for minimum In-memory scanning for minimum performance impactperformance impactPerformance tuning capability with Bias Performance tuning capability with Bias SettingsSettingsIsolates scan engines from main server Isolates scan engines from main server functionsfunctionsIntegration with Windows and Exchange Integration with Windows and Exchange clustering and load balancing capabilitiesclustering and load balancing capabilities

Integration with management infrastructureIntegration with management infrastructureSystem availability and performance System availability and performance monitoringmonitoringCentral configuration and problem Central configuration and problem resolutionresolution



Max Certainty: uses all engines (100%) Max Certainty: uses all engines (100%) Favor Certainty: uses 75% of available engines Favor Certainty: uses 75% of available engines

Neutral:Neutral: uses approx. 50% of available enginesuses approx. 50% of available enginesFavor Performance: uses 25% of available enginesFavor Performance: uses 25% of available enginesMax Performance: uses one engine for every scanMax Performance: uses one engine for every scan

Antigen Multiple Engine Manager (MEM) Bias Settings





Max Certainty:Max Certainty: uses all engines (100%)uses all engines (100%) Favor Certainty: uses 75% of available engines Favor Certainty: uses 75% of available engines Neutral: uses approximately 50% of available enginesNeutral: uses approximately 50% of available enginesFavor Performance: uses 25% of available enginesFavor Performance: uses 25% of available enginesMax Performance: uses one engine for every scanMax Performance: uses one engine for every scan

* Engines used are not * Engines used are not always the same. They are always the same. They are dynamically allocated from dynamically allocated from the available pool. the available pool.

Centralized Management

Sybari Enterprise ManagerSybari Enterprise ManagerProvides central management and Provides central management and reportingreportingEases migration and deploymentEases migration and deploymentProvides central deployment of updates to Provides central deployment of updates to reduce the window of vulnerabilityreduce the window of vulnerability

Sybari Antigen Management Pack for MOMSybari Antigen Management Pack for MOMMonitors events, performance counters, Monitors events, performance counters, and servicesand servicesAllows you to remotely update scan Allows you to remotely update scan engines or run manual scan jobsengines or run manual scan jobsProvides alerts on outbreaks and scan Provides alerts on outbreaks and scan engine update failuresengine update failures

Content Control

Content Filtering eliminates Content Filtering eliminates inappropriate contentinappropriate content

Administrator-defined keyword Administrator-defined keyword filtering blocks:filtering blocks:

Offensive languageOffensive languageLegally or ethically questionable materialLegally or ethically questionable materialConfidential company informationConfidential company information

Content filtering protects:Content filtering protects:E-mail message body contentE-mail message body contentDocuments in SharePoint librariesDocuments in SharePoint librariesIM conversations and file transfersIM conversations and file transfers

Content Control (cont.)

File filtering File filtering proactivelyproactively blocks a specific blocks a specific range of potentially dangerous file types range of potentially dangerous file types

Blocks both by extension and by true file typeBlocks both by extension and by true file typeRegardless of whether or not a virus signature existsRegardless of whether or not a virus signature exists

File types commonly blocked: EXE, COM, PIF, File types commonly blocked: EXE, COM, PIF, SCR, VBS, VBE, SHS, CHM, REG and BATSCR, VBS, VBE, SHS, CHM, REG and BATUnpacks and repacks ZIP files, removing only Unpacks and repacks ZIP files, removing only the blocked filethe blocked fileOffers whitelisting for trusted sendersOffers whitelisting for trusted sendersProvides separate filters for inbound, Provides separate filters for inbound, outbound and internaloutbound and internal

Antigen Email Security Solutions

Antigen for ExchangeDetects and removes viruses in Detects and removes viruses in e-mail messages and attachmentse-mail messages and attachments

Scans at SMTP stack (most Scans at SMTP stack (most processing intensive scans)processing intensive scans)Scans real-time at Exchange Scans real-time at Exchange information Storeinformation StoreProvides on-demand and Provides on-demand and scheduled scans of information scheduled scans of information storestoreUses Microsoft-approved virus Uses Microsoft-approved virus scanning API integration for scanning API integration for Exchange 2000 and 2003Exchange 2000 and 2003

Provides advanced content-filtering Provides advanced content-filtering capabilities for messages and capabilities for messages and attachmentsattachments

Integrates file filtering, keyword Integrates file filtering, keyword filtering and anti-spam at the filtering and anti-spam at the SMTP routing levelSMTP routing level

Protects Exchange Server 5.5, Protects Exchange Server 5.5, 2000, and 20032000, and 2003

ISA Server

Exchange Front End

Exchange Site 1

Exchange Site 2

Internet

Exchange Public Folder Server

Exchange Mailbox Server

Antigen for SMTP Gateways

Detects and removes e-mail viruses at the Detects and removes e-mail viruses at the network edgenetwork edge

Scans SMTP stack to disable threats Scans SMTP stack to disable threats within a message during the routing within a message during the routing processprocess

Provides advanced content filtering Provides advanced content filtering capabilities for messages and attachmentscapabilities for messages and attachments

Integrates file filtering, keyword Integrates file filtering, keyword filtering, anti-spam, and content filtering filtering, anti-spam, and content filtering during the routing processduring the routing process

Protects Windows Server 2003 and Protects Windows Server 2003 and Windows 2000 Server SMTP gatewaysWindows 2000 Server SMTP gateways

Proactively notifies administrators of Proactively notifies administrators of virus incidents and scan events by e-virus incidents and scan events by e-mail or event logmail or event log

SMTP Gateway Server/Routing Server

Internet

Firewall

Exchange Servers

Users

Advanced Spam ManagerOption available with Antigen for SMTP Gateways Option available with Antigen for SMTP Gateways or Antigen for Exchange serversor Antigen for Exchange serversEmploys signature-based SpamCure anti-spam Employs signature-based SpamCure anti-spam engineengineComplements Exchange 2003 Intelligent Message Complements Exchange 2003 Intelligent Message Filter (IMF)Filter (IMF)

Marks messages with Spam Confidence Level rating Marks messages with Spam Confidence Level rating Provides additional layer of protectionProvides additional layer of protection

Real-time content filtering for keywords and Real-time content filtering for keywords and expressionsexpressionsEnables administrators to create custom allow and Enables administrators to create custom allow and block lists based on sender, domain and IP block lists based on sender, domain and IP addressesaddresses

Advanced Spam Manager and IMF Advanced Spam Manager

Site Quarantine

Exchange Server with IMF

Inbox

Outlook Junk Mail

folder

SpamSpam

Available filtersAvailable filtersSpam filter (SpamCure)Spam filter (SpamCure)Subject line filteringSubject line filteringRBLs RBLs Domain/sender filters Domain/sender filters and whitelistsand whitelists

Antigen Advanced Spam Antigen Advanced Spam Manager and IMF use same Manager and IMF use same Spam Confidence Level Spam Confidence Level rating systemrating system

Antigen Collaboration Security Solutions

Antigen for SharePointVirus Protection for Virus Protection for Document LibrariesDocument Libraries

Scanning of all files uploaded and Scanning of all files uploaded and downloaded from document downloaded from document librarylibrary

Manual and scheduled scanning of Manual and scheduled scanning of all SPS files (supports both WSS all SPS files (supports both WSS and SPS)and SPS)

Content Policy EnforcementContent Policy EnforcementFile filtering to block documents File filtering to block documents from being posted based on name from being posted based on name match, file type or file extensionmatch, file type or file extensionContent scanning by keywords Content scanning by keywords within documents for within documents for inappropriate words and phrasesinappropriate words and phrases

SQL Document Library

SharePoint Server or WSS

Document

Users

Document

Antigen for Instant Messaging

Real-time scanning of IM Real-time scanning of IM conversationsconversations

Supports LCS 2005 pooling, Supports LCS 2005 pooling, PIC, file transfers, and PIC, file transfers, and encrypted conversationsencrypted conversationsScans Public IM via IM Scans Public IM via IM Logic IM Manager and LCS Logic IM Manager and LCS PIC supportPIC supportBlocks IMs with potentially Blocks IMs with potentially harmful linksharmful links

Scans for confidential Scans for confidential information and inappropriate information and inappropriate keywords in IMs and documentskeywords in IMs and documentsEnables administrators to Enables administrators to create white lists based on create white lists based on sender and recipientsender and recipient Microsoft Office

CommunicatorWindows

Messenger Clients

Live Communications Server

Firewall

Outside IM Clients

SummaryThreats to today’s enterprises are growing Threats to today’s enterprises are growing and e-mail and collaboration systems are and e-mail and collaboration systems are key entry pointskey entry points

Microsoft has a proven strategy for Microsoft has a proven strategy for securing e-mail and collaboration securing e-mail and collaboration environmentsenvironments

Antigen solutions provide comprehensive, Antigen solutions provide comprehensive, layered protection against viruses, worms layered protection against viruses, worms spam and inappropriate contentspam and inappropriate content

Au

then

ticati

on

an

d A

uth

ori

zati

on

Au

then

ticati

on

an

d A

uth

ori

zati

on



Exte

rnal

Exte

rnal

Fir

ew

all

Fir

ew

all

ISA ISA ServeServe

rr

Inte

rnal

Inte

rnal

Fir

ew

all

Fir

ew

all






InternetInternet


Secure Remote Access to Email

FeatureFeature NewNew

Application Application Layer Layer FirewallFirewall

SMTP filteringSMTP filtering

HTTP filter / OWAHTTP filter / OWA RPC filter (Exchange RPC filter (Exchange 2000)2000)

Outlook Outlook Web Access Web Access (OWA) Front (OWA) Front EndEnd

FBA (at the firewall)FBA (at the firewall) Session timeout (at the Session timeout (at the firewall)firewall)

Attachment blocking (at Attachment blocking (at the firewall)the firewall)

HTTP proxyHTTP proxy SSL bridgingSSL bridging

AuthenticatiAuthenticationon

RADIUS authenticationRADIUS authentication SecureID authenticationSecureID authentication

AdministratiAdministrationon

Configuration wizardsConfiguration wizards

Ease of useEase of use Mail Publishing Wizard, Easy to understand policy infrastructure and Mail Publishing Wizard, Easy to understand policy infrastructure and guidanceguidance

ExtensibilityExtensibility Partner offerings that scan e-mail for viruses and disallowed contentPartner offerings that scan e-mail for viruses and disallowed content

Leverages Leverages Microsoft Microsoft applicationsapplications

Exchange integration, Active Directory, IAS for RADIUS authenticationExchange integration, Active Directory, IAS for RADIUS authentication

DMZDMZ

Exchange Exchange Client AccessClient Access

ServicesServices

OutlookOutlook (RPC, RPC/HTTP)(RPC, RPC/HTTP)

Browser Browser (OWA, OMA)(OWA, OMA)

Other Other (POP, IMAP)(POP, IMAP)

Other orgs Other orgs (SMTP)(SMTP)

Internet Internet

Vanliga problemExchange OWA Front End In DMZ

Internal Internal NetworkNetwork

DMZDMZInternetInternet External External FirewallFirewall

Internal Internal FirewallFirewall

Front EndFront EndServerServer

DC/GCDC/GC

Exchange Exchange 2003 Back End2003 Back End

OWA ClientOWA Client

80/44380/443

88: Kerberos (UDP/TCP)88: Kerberos (UDP/TCP)

3268: 3268: LDAPLDAP

389: 389: LDAPLDAP

80: HTTP80: HTTP

53: DNS 53: DNS (UDP/TCP)(UDP/TCP)135: RPC Port 135: RPC Port MapperMapper1024-65536 Random RPC1024-65536 Random RPC

445: Netlogon SMB445: Netlogon SMB

Front End in DMZ kräver “Swiss cheese” konfigurering av Front End in DMZ kräver “Swiss cheese” konfigurering av brandväggenbrandväggenInherently insecureInherently insecure

LösningenPublish OWA Front-End with ISA

Internal Internal NetworkNetwork

DMZDMZInternetInternet External External FirewallFirewall

Internal Internal FirewallFirewall

ISA ServerISA Server Front End Front End ServerServer

OWAClientOWAClient

80/44380/443

80/44380/443DC/GCDC/GC

Exchange Exchange 2003 Back End2003 Back End

ISA Server är “bastion host”ISA Server är “bastion host”Web proxy terminerar alla anslutningarWeb proxy terminerar alla anslutningarDekrypterar HTTPSDekrypterar HTTPSInspekterar innehålletInspekterar innehålletInspekterar URL (med URLScan)Inspekterar URL (med URLScan)

ISAISAServerServer

Windows 2K or Windows 2K or 2003 AD / GC 2003 AD / GC ServerServer

Ex2003Ex2003Front EndFront End

FirewallFirewall

Perimeter Network (DMZ)Perimeter Network (DMZ) EX2003 EX2003 Back-End Back-End ServersServers

OWA ClientsOWA Clients(HTTP / HTML)(HTTP / HTML)

WAP 2.0, iModeWAP 2.0, iMode(xHTML, cHTML)(xHTML, cHTML)

Pocket PC, Pocket PC, Smartphone Smartphone (HTTP / HTML)(HTTP / HTML) Wireless Wireless

Carrier and Carrier and InternetInternet

Outlook ClientsOutlook Clients(RPC/HTTP)(RPC/HTTP)

FirewallFirewall

Samma arkitektur för samtliga enheter

Au

then

ticati

on

an

d A

uth

ori

zati

on

Au

then

ticati

on

an

d A

uth

ori

zati

on



Exte

rnal

Exte

rnal

Fir

ew

all

Fir

ew

all


Inte

rnal

Inte

rnal

Fir

ew

all

Fir

ew

all






InternetInternet


Exchange Server - Mobility

Mobile PC – RPC / HTTP and ISA Mobile PC – RPC / HTTP and ISA ServerServerMobile Devices – Exchange Server Mobile Devices – Exchange Server Active Synch and Windows Mobile 5 + Active Synch and Windows Mobile 5 + OthersOthers

Push mail , calendar , contacts , tasksPush mail , calendar , contacts , tasksSecurity managed from Exchange: Security managed from Exchange:

Local Device Security PinLocal Device Security PinWipe after # attemptsWipe after # attemptsRemote wipeRemote wipeCertificate Authentication if wantedCertificate Authentication if wantedRSA SecureID Authentication possibleRSA SecureID Authentication possible

Massa produkter och funktioner...

Vad händer ute hos företag idag?Vad händer ute hos företag idag?Tips from coachenTips from coachen

Lasse Pettersson är MVP, Most Valuable Lasse Pettersson är MVP, Most Valuable Professional på Exchange. Professional på Exchange. Humandata var först med Sybari i Humandata var först med Sybari i Sverige. Lasse är flitig artikelskrivar Sverige. Lasse är flitig artikelskrivar och forum deltagare på tex och forum deltagare på tex MSD2D.com. MSD2D.com.