You are previewing Microsoft Forefront Security Administration Guide.
O'Reilly logo
Microsoft Forefront Security Administration Guide

Book Description

Microsoft Forefront is a comprehensive suite of security products that will provide companies with multiple layers of defense against threats. Computer and Network Security is a paramount issue for companies in the global marketplace. Businesses can no longer afford for their systems to go down because of viruses, malware, bugs, trojans, or other attacks. Running a Microsoft Forefront Suite within your environment brings many different benefits. Forefront allows you to achieve comprehensive, integrated, and simplified infrastructure security. This comprehensive suite of tools provides end-to-end security stretching from Web servers back to the desktop. This book will provide system administrators familiar with Syngress' existing Microsoft networking and security titles with a complete reference to Microsoft's flagship security products.

* First book to address securing an entire Microsoft network from Web servers all the way back to the desktop.
* Companion Web site provides best practices checklists for securing Microsoft operating systems, applications, servers, and databases.
* Companion Web site provides special chapter on designing and implementing a disaster recover plan for a Microsoft network.

Table of Contents

  1. Copyright
  2. Technical Editor
  3. Contributing Authors
  4. 1. Introduction to Microsoft Forefront Security Suite
    1. Introduction
    2. Components of the Microsoft Forefront Security Suite
      1. Forefront Security for Clients
      2. Client Security Features
      3. Forefront Security for Exchange Server
      4. Forefront Security for SharePoint Server
      5. ISA Server 2006
      6. Intelligent Application Gateway (IAG) 2007
    3. Benefits of Using the Microsoft Forefront Suite
    4. Solutions Fast Track
      1. Components of the Microsoft Forefront Security Suite
      2. Benefits of Using the Microsoft Forefront Suite
    5. Frequently Asked Questions
  5. 2. Forefront Security for Microsoft Windows Clients
    1. Introduction
    2. How to Use Microsoft Forefront Client Security
      1. Configuring and Installing
        1. Management Server
        2. Collection Server
        3. Reporting Server
        4. Distribution Server
        5. Installing FCS Server Software
          1. Forefront Client Security Console
        6. Creating and Deploying Policies
          1. Creating a Policy
          2. Deploying a Policy
          3. Installing Client Software Agent
      2. Home
        1. Checking for Updates
        2. Scan
        3. Quick Scan
        4. Full Scan
        5. Custom Scan
        6. FCS Kernel Mode Minifilter
      3. History
      4. Tools
        1. Options
      5. Microsoft SpyNet
        1. Software Explorer
        2. Quarantined Items
        3. Microsoft Forefront Security Client Web Site
      6. Help
      7. Checking for Client Version, Engine Version, Antivirus and Antispyware Definitions
      8. Forefront Client Security Agent in Action
    3. Troubleshooting Microsoft Forefront Client Security
      1. Definition Updates Folder
        1. GUID
        2. Backup Folder
      2. Event Viewer, System Log
    4. Summary
    5. Solutions Fast Track
      1. How to Use Microsoft Forefront Client Security
      2. Troubleshooting Microsoft Forefront Client Security
    6. Frequently Asked Questions
  6. 3. Deploying Windows Server Update Services to Forefront Clients
    1. Introduction
    2. Using Windows Software Update Services
      1. WSUS 3.0 Deployment Topologies
      2. Configuring and Installing WSUS
        1. Quiet and Unattended Installations
        2. WSUS 3.0 Interactive Setup
      3. Configuring Group Policy for WSUS Updates
        1. TCP Port 8530
        2. Client Requirements for WSUS: 2000 Service Pack 3, XP Service Pack 1
        3. Checking for Updates (Check for Updates Now)
    3. Navigating the WSUS Console
      1. Update Services
        1. Server Node
        2. Updates
        3. Updates Subnodes
          1. Approve
          2. Decline
        4. Change an Approval or Decline
        5. Revision History
      2. Reports
        1. Update Reports
        2. Computer Reports
        3. Synchronization Reports
      3. Computers
        1. Computer Groups
      4. Options
        1. Update Source and Proxy Server
        2. Products and Classifications
        3. Update Files and Languages
        4. Synchronization Schedule
        5. Automatic Approvals
        6. Computers
        7. Server Cleanup Wizard
        8. Reporting Rollup
        9. E-mail Notifications
        10. Microsoft Update Improvement Program
        11. Personalization
        12. WSUS Server Configuration Wizard
    4. Troubleshooting WSUS
      1. WSUS Health Checks
      2. Group Policy
      3. Computer Groups
    5. Summary
    6. Solutions Fast Track
      1. Using Windows Software Update Services
      2. Navigating the WSUS Console
      3. Troubleshooting WSUS
    7. Frequently Asked Questions
  7. 4. Observing and Maintaining Microsoft Forefront Clients
    1. Introduction
    2. Using the Microsoft Forefront Client Security Management Console
      1. Dashboard
        1. Reporting Critical Issues
        2. Reporting No Issues
        3. Not Reporting
          1. Computers per Issue
        4. Summary Reports
      2. Policy Management
        1. Creating a New Policy
        2. Protection Tab
        3. Advanced Tab
        4. Overrides Tab
        5. Reporting Tab
        6. Deploying a Policy
        7. Editing a Policy
        8. Copying a Policy
        9. Undeploying a Policy
        10. Deleting Policies
        11. Viewing Reports
          1. Viewing Extra Registry Settings in Group Policy Management Console
          2. FCSLocalPolicyTool
    3. Configuring Microsoft Operations Management
      1. Common Rules
      2. Distribution Alerts
      3. Host Alerts
      4. Host Behaviors
      5. Management Alerts
      6. Reporting Alerts
      7. Server Alerts
      8. Server Behavior
      9. Configuring Notifications
      10. SQL Reporting Services
    4. Summary
    5. Solutions Fast Track
      1. Using the Microsoft Forefront Client Security Management Console
      2. Configuring Microsoft Operations Management
  8. 5. Using Forefront to Guard Microsoft Exchange Server
    1. Introduction
    2. Implementing Microsoft Forefront Server for Exchange
      1. Planning a FSE Deployment
        1. Antivirus Scanning
        2. Message Filtering
      2. Installing Forefront Server for Exchange
    3. Configuring Microsoft Forefront Server for Exchange
      1. Settings
        1. Scan Job
          1. Transport Scan Job
          2. Real Time and Manual Scan Jobs
        2. Antivirus
        3. Scanner Updates
          1. Redistribution Server
        4. Templates
        5. General Options
          1. Diagnostics
          2. Logging
          3. Scanning
          4. Background Scanning
      2. Filtering
        1. Content
        2. Keyword
        3. File
        4. Allowed Senders
        5. Filter Lists
      3. Operate
        1. Run Job
        2. Schedule Job
        3. Quick Scan
      4. Report
        1. Notification
        2. Incidents
        3. Quarantine
    4. Summary
    5. Solutions Fast Track
      1. Implementing Microsoft Forefront Server for Exchange
      2. Configuring Microsoft Forefront Server for Exchange
    6. Frequently Asked Questions
  9. 6. Managing Microsoft SharePoint Portal Securely Using Forefront
    1. Introduction
    2. Implementing Microsoft Forefront Server for SharePoint
      1. Installing and Configuring Forefront Security for SharePoint
        1. ForeFront Security for SharePoint Requirements
        2. Installation
    3. Configuring the Forefront Server Security Administrator for SharePoint
      1. Settings
        1. Real-Time Scan Job
        2. Manual Scan Job
        3. Antivirus
        4. Scanner Updates
        5. Templates
        6. General Options
      2. Filtering
        1. Keyword
        2. File
        3. Filter List
      3. Operate
        1. Run Job
        2. Schedule job
        3. Quick Scan
      4. Report
        1. Notification
        2. Incidents
        3. Quarantine
    4. Summary
    5. Solutions Fast Track
      1. Implementing Microsoft Forefront Server for SharePoint
      2. Configuring the Forefront Server Security Administrator for SharePoint
    6. Frequently Asked Questions
  10. 7. Managing and Maintaining Microsoft Forefront Servers
    1. Introduction
    2. Implementing a Backup Strategy
    3. Utilizing the Microsoft FSSMC
      1. Main Console Page
        1. Traffic Summary
        2. Virus Statistics
        3. Spam Statistics
        4. Filter Statistics
        5. Top 5 Viruses
        6. Most Active Servers
      2. Administration
        1. Users
    4. Adding/Removing Users
      1. Servers
    5. Adding/Removing Servers
    6. Server Groups
    7. Global Configuration
      1. Job Management
    8. Packages
    9. Jobs
    10. Quarantine Manager
      1. Reports
    11. Detections
    12. SMTP Traffic
    13. Engine Versions
      1. Alert Management
    14. Alerts
      1. Event Logs
    15. Alert Logs
    16. Notification Logs
    17. Summary
    18. Solutions Fast Track
      1. Implementing a Backup Strategy
      2. Utilizing the Microsoft FSSMC
    19. Frequently Asked Questions
  11. 8. Using Intelligent Application Gateway 2007
    1. Introduction
      1. The History of SSL VPNs
    2. Implementing an Intelligent Application Gateway 2007
    3. Configuring the Whale Intelligent Communication Application Gateway 2007
      1. Configuration Page
        1. Application Access Portal
        2. External Web Site
        3. Initial Internal Application
        4. Security and Networking
        5. Attachment Wiper
        6. Applications
        7. Limiting Applications on Subnets
      2. Creating a Trunk
        1. Basic Trunk
        2. Portal Trunk
        3. Webmail Trunk
        4. Redirect HTTP to HTTPS Truck
      3. Activating an IAG Configuration
        1. Passphrase
        2. Internet Information Services Manager
        3. Viewing Remote Computer Certificate
    4. Configuring ISA Server to Allow Communication Between the Two Servers
      1. IAG Firewall Rules (13)
      2. Portal Trunk Configuration Rules (2)
    5. Utilizing the Whale Communication Intelligent Application Gateway Tools
      1. Whale Communication Intelligent Application Gateway 2007 Web Portal
        1. Defined Applications
        2. Credentials Management
        3. System Information
        4. Activity
        5. Email System Administrator
      2. Whale Communication Intelligent Application Gateway Editor
      3. Whale Communication Intelligent Application Gateway Service Policy Manager
      4. Whale Communication Intelligent Application Web Monitor
      5. Creating and Managing Intelligent Application Gateway Endpoint Policies
    6. Summary
    7. Solutions Fast Track
      1. Implementing an Intelligent Application Gateway 2007
      2. Configuring the Whale Communication Intelligent Application Gateway 2007
      3. Configuring ISA Server to Allow Communication between the Two Servers
      4. Utilizing the Whale Communication Intelligent Application Gateway Tools
      5. Creating and Managing Intelligent Application Gateway Endpoint Policies
    8. Frequently Asked Questions
  12. 9. Using Outlook Web Access through the Intelligent Application Gateway
    1. Introduction
    2. The Importance of Securing Outlook Web Access
      1. The Security Problem
      2. The Security Solution
        1. Securing Your OWA Connection
    3. Publishing Outlook Web Access in the Internet Application Gateway
      1. Adding OWA to the IAG (Portal)
        1. IAG 2007
        2. Server Roles
      2. Activating the Configuration
        1. Client to Connect to the IAG
        2. IAG Portal Web
        3. Redirect the Trunk on SRV1
        4. “Client” to Connect to the IAG
      3. Examining the Rules Added to the ISA Configuration
        1. ISA Rules
    4. Securing the Outlook Web Access Interface
      1. IAG Server
    5. Summary
    6. Solutions Fast Track
      1. The Importance of Using HTTPS for Outlook Web Access
      2. Solution Publishing Outlook Web Access in the Internet Application Gateway
      3. Securing the Outlook Web Access Interface
    7. Frequently Asked Questions
  13. 10. Configuring Virtual Private Network Traffic Through the Intelligent Application Gateway
    1. Introduction
    2. Setting Up the Network Connection Server
      1. Network Segment
      2. IP Provisioning
      3. Access Control
      4. Additional Networks
      5. Advanced Tab
      6. Adding the Application
    3. Connecting Through the Virtual Private Network
    4. Summary
    5. Solutions Fast Track
      1. Setting Up the Network Connector on a Corporate Network with Split Tunneling Internet
      2. Connecting Through the Virtual Private Network
    6. Frequently Asked Questions
  14. 11. Configuring Microsoft Internet Security and Acceleration Server 2006
    1. Introduction
    2. Installing Microsoft Internet Security and Acceleration Server 2006
      1. Preliminary Configuration of Windows Server 2003
        1. Hardware Considerations
        2. Configuring TCP/IP Settings
        3. Domain Membership
        4. System Hardening
      2. Installation of ISA Server 2006
    3. Configuring ISA Server 2006
      1. Configuration
        1. Networks
          1. Network Sets
          2. Network Rules
          3. Web Chaining
        2. Cache
        3. Add-ins
        4. General
        5. Specify RADIUS and LDAP Servers
        6. Enabling Intrusion Detection and DNS Attack Detection
        7. Configuring IP Protection
        8. Configuring Flood Mitigation Services
      2. Firewall Policy
      3. Virtual Private Networks
    4. Monitoring ISA Server 2006
      1. Dashboard
      2. Alerts
      3. Sessions
      4. Services
      5. Reports
      6. Connectivity Verifiers
      7. Logging
    5. Summary
    6. Solutions Fast Track
      1. Installing Microsoft Internet Security and Acceleration Server 2006
      2. Configuring Microsoft Internet Security and Acceleration Server 2006
      3. Monitoring Microsoft Internet Security and Acceleration Server 2006
    7. Frequently Asked Questions
  15. 12. Microsoft Internet Security and Acceleration 2006 Server Publishing
    1. Introduction
    2. Publishing Servers behind a Microsoft Internet Security and Acceleration 2006 Server Firewall
      1. Basics of Publishing
      2. Server Publishing Rule
      3. Web Publishing Rule
      4. Network Configuration and Name Resolution for Publishing
      5. Configuring the Web Listener
        1. Exercise: Creating a Web Listener
      6. Configuring Publishing
      7. HTTP Filtering
        1. Maximum Header Length
        2. Maximum Payload Length
        3. Maximum URL Length
        4. Maximum Query Length
        5. Verify Normalization
        6. Block High-Bit Characters
        7. Block Request Containing a Windows Executable
        8. HTTP Method
        9. File Extension
        10. Block Requests Containing Ambiguous Extensions
        11. HTTP Header
        12. Server Header Rewrite
        13. Via Header Rewrite
        14. Specific HTTP Header Value in Request or Response
        15. Path Mapping
        16. Link Translation
        17. Exercise: Configure Web Publishing Rule
        18. Publishing Exchange Web Client Access
        19. Publishing SharePoint Sites
        20. Publishing a Web Farm
        21. Publishing Non-Web Server Protocols
        22. Exercise: Publishing Terminal Services
        23. Publishing Mail Servers
    3. Troubleshooting Publishing Servers behind a Microsoft Internet Security and Acceleration 2006 Server Firewall
    4. Summary
    5. Solutions Fast Track
      1. Publishing Servers behind a Microsoft Internet Security and Acceleration 2006 Server Firewall
      2. Troubleshooting Publishing Servers behind a Microsoft Internet Security and Acceleration 2006 Server Firewall
    6. Frequently Asked Questions
  16. 13. Managing ISA 2006 Server Connections between Sites
    1. Introduction
    2. VPN Protocols: Advantages and Disadvantages
      1. Advantages of IPSec Tunneling Mode
      2. Disadvantages of IPSec Tunneling Mode
      3. Advantages of L2TP/IPSec
      4. Disadvantages of L2TP/IPSec
      5. Advantages of PPTP
      6. Disadvantages of PPTP
    3. Connecting Two ISA 2006 Servers on Different Physical Sites
      1. Firewall Policy
        1. Creating an Access Rule
      2. Dynamic Host Configuration Protocol (DHCP) Configuration
        1. Static Address Pool
      3. VPN Dial-in Account at the Main Office
      4. Branch Configuration
      5. VPN Dial-in Account at the Branch Office
    4. Troubleshooting Connections between Sites
      1. Verifying Connectivity
    5. Summary
    6. Solutions Fast Track
      1. VPN Protocols: Advantages and Disadvantages
      2. Connecting Two ISA 2006 Servers on Different Physical Sites
      3. Troubleshooting Connections between Sites
    7. Frequently Asked Questions
  17. 14. Proxy Functions of Microsoft Internet Security and Acceleration Server 2006
    1. Introduction
    2. Using Microsoft Internet Security and Acceleration 2006 as a Proxy Server
      1. Configuring Internet Security and Acceleration 2006 as a Proxy Server
        1. Exercise: Creating a Cache Rule
      2. Scheduled Content Download
        1. Exercise: Create Content Download Rule
      3. Caching in Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
    3. Configuring Microsoft Internet Security and Acceleration 2006 to Cache BITS Content
      1. Microsoft Update Cache Rule
    4. Using the Differentiated Services on Microsoft Internet Security and Acceleration 2006 to Regulate Traffic
    5. Summary
    6. Solutions Fast Track
      1. Using Microsoft Internet Security and Acceleration 2006 as a Proxy Server
      2. Configuring Microsoft Internet Security and Acceleration 2006 to Cache BITS Content
      3. Using the Differentiated Services on Microsoft Internet Security and Acceleration 2006 to Regulate Traffic
    7. Frequently Asked Questions
  18. A. Conducting Penetration Testing on an Enterprise Using the Microsoft Forefront Security Suite
    1. Introduction
    2. Understanding Penetrating Testing Methodologies
      1. Phases of Penetration Testing
        1. Planning
        2. Information Gathering
        3. Attack
    3. Penetration Testing Techniques
      1. Network Scanning
      2. Virus Detection
    4. Identifying Test Types For Forefront Systems
      1. Client Security
      2. Exchange
      3. SharePoint
      4. ISA
    5. Summary
    6. Solutions Fast Track
      1. Understanding Penetration Testing Methodologies
      2. Penetration Testing Techniques
      3. Identifying Test Types for Forefront systems
    7. Frequently Asked Questions