Book Description Microsoft Forefront is a comprehensive suite of security products that will provide companies with multiple layers of defense against threats. Computer and Network Security is a paramount issue for companies in the global marketplace. Businesses can no longer afford for their systems to go down because of viruses, malware, bugs, trojans, or other attacks. Running a Microsoft Forefront Suite within your environment brings many different benefits. Forefront allows you to achieve comprehensive, integrated, and simplified infrastructure security. This comprehensive suite of tools provides end-to-end security stretching from Web servers back to the desktop. This book will provide system administrators familiar with Syngress' existing Microsoft networking and security titles with a complete reference to Microsoft's flagship security products. * First book to address securing an entire Microsoft network from Web servers all the way back to the desktop. * Companion Web site provides best practices checklists for securing Microsoft operating systems, applications, servers, and databases. * Companion Web site provides special chapter on designing and implementing a disaster recover plan for a Microsoft network. Show and hide more
Table of Contents
Copyright Technical Editor Contributing Authors 1. Introduction to Microsoft Forefront Security Suite Introduction Components of the Microsoft Forefront Security Suite Forefront Security for Clients Client Security Features Forefront Security for Exchange Server Forefront Security for SharePoint Server ISA Server 2006 Intelligent Application Gateway (IAG) 2007 Benefits of Using the Microsoft Forefront Suite Solutions Fast Track Components of the Microsoft Forefront Security Suite Benefits of Using the Microsoft Forefront Suite Frequently Asked Questions 2. Forefront Security for Microsoft Windows Clients Introduction How to Use Microsoft Forefront Client Security Configuring and Installing Management Server Collection Server Reporting Server Distribution Server Installing FCS Server Software Forefront Client Security Console Creating and Deploying Policies Creating a Policy Deploying a Policy Installing Client Software Agent Home Checking for Updates Scan Quick Scan Full Scan Custom Scan FCS Kernel Mode Minifilter History Tools Options Microsoft SpyNet Software Explorer Quarantined Items Microsoft Forefront Security Client Web Site Help Checking for Client Version, Engine Version, Antivirus and Antispyware Definitions Forefront Client Security Agent in Action Troubleshooting Microsoft Forefront Client Security Definition Updates Folder GUID Backup Folder Event Viewer, System Log Summary Solutions Fast Track How to Use Microsoft Forefront Client Security Troubleshooting Microsoft Forefront Client Security Frequently Asked Questions 3. Deploying Windows Server Update Services to Forefront Clients Introduction Using Windows Software Update Services WSUS 3.0 Deployment Topologies Configuring and Installing WSUS Quiet and Unattended Installations WSUS 3.0 Interactive Setup Configuring Group Policy for WSUS Updates TCP Port 8530 Client Requirements for WSUS: 2000 Service Pack 3, XP Service Pack 1 Checking for Updates (Check for Updates Now) Navigating the WSUS Console Update Services Server Node Updates Updates Subnodes Approve Decline Change an Approval or Decline Revision History Reports Update Reports Computer Reports Synchronization Reports Computers Computer Groups Options Update Source and Proxy Server Products and Classifications Update Files and Languages Synchronization Schedule Automatic Approvals Computers Server Cleanup Wizard Reporting Rollup E-mail Notifications Microsoft Update Improvement Program Personalization WSUS Server Configuration Wizard Troubleshooting WSUS WSUS Health Checks Group Policy Computer Groups Summary Solutions Fast Track Using Windows Software Update Services Navigating the WSUS Console Troubleshooting WSUS Frequently Asked Questions 4. Observing and Maintaining Microsoft Forefront Clients Introduction Using the Microsoft Forefront Client Security Management Console Dashboard Reporting Critical Issues Reporting No Issues Not Reporting Computers per Issue Summary Reports Policy Management Creating a New Policy Protection Tab Advanced Tab Overrides Tab Reporting Tab Deploying a Policy Editing a Policy Copying a Policy Undeploying a Policy Deleting Policies Viewing Reports Viewing Extra Registry Settings in Group Policy Management Console FCSLocalPolicyTool Configuring Microsoft Operations Management Common Rules Distribution Alerts Host Alerts Host Behaviors Management Alerts Reporting Alerts Server Alerts Server Behavior Configuring Notifications SQL Reporting Services Summary Solutions Fast Track Using the Microsoft Forefront Client Security Management Console Configuring Microsoft Operations Management 5. Using Forefront to Guard Microsoft Exchange Server Introduction Implementing Microsoft Forefront Server for Exchange Planning a FSE Deployment Antivirus Scanning Message Filtering Installing Forefront Server for Exchange Configuring Microsoft Forefront Server for Exchange Settings Scan Job Transport Scan Job Real Time and Manual Scan Jobs Antivirus Scanner Updates Redistribution Server Templates General Options Diagnostics Logging Scanning Background Scanning Filtering Content Keyword File Allowed Senders Filter Lists Operate Run Job Schedule Job Quick Scan Report Notification Incidents Quarantine Summary Solutions Fast Track Implementing Microsoft Forefront Server for Exchange Configuring Microsoft Forefront Server for Exchange Frequently Asked Questions 6. Managing Microsoft SharePoint Portal Securely Using Forefront Introduction Implementing Microsoft Forefront Server for SharePoint Installing and Configuring Forefront Security for SharePoint ForeFront Security for SharePoint Requirements Installation Configuring the Forefront Server Security Administrator for SharePoint Settings Real-Time Scan Job Manual Scan Job Antivirus Scanner Updates Templates General Options Filtering Keyword File Filter List Operate Run Job Schedule job Quick Scan Report Notification Incidents Quarantine Summary Solutions Fast Track Implementing Microsoft Forefront Server for SharePoint Configuring the Forefront Server Security Administrator for SharePoint Frequently Asked Questions 7. Managing and Maintaining Microsoft Forefront Servers Introduction Implementing a Backup Strategy Utilizing the Microsoft FSSMC Main Console Page Traffic Summary Virus Statistics Spam Statistics Filter Statistics Top 5 Viruses Most Active Servers Administration Users Adding/Removing Users Servers Adding/Removing Servers Server Groups Global Configuration Job Management Packages Jobs Quarantine Manager Reports Detections SMTP Traffic Engine Versions Alert Management Alerts Event Logs Alert Logs Notification Logs Summary Solutions Fast Track Implementing a Backup Strategy Utilizing the Microsoft FSSMC Frequently Asked Questions 8. Using Intelligent Application Gateway 2007 Introduction The History of SSL VPNs Implementing an Intelligent Application Gateway 2007 Configuring the Whale Intelligent Communication Application Gateway 2007 Configuration Page Application Access Portal External Web Site Initial Internal Application Security and Networking Attachment Wiper Applications Limiting Applications on Subnets Creating a Trunk Basic Trunk Portal Trunk Webmail Trunk Redirect HTTP to HTTPS Truck Activating an IAG Configuration Passphrase Internet Information Services Manager Viewing Remote Computer Certificate Configuring ISA Server to Allow Communication Between the Two Servers IAG Firewall Rules (13) Portal Trunk Configuration Rules (2) Utilizing the Whale Communication Intelligent Application Gateway Tools Whale Communication Intelligent Application Gateway 2007 Web Portal Defined Applications Credentials Management System Information Activity Email System Administrator Whale Communication Intelligent Application Gateway Editor Whale Communication Intelligent Application Gateway Service Policy Manager Whale Communication Intelligent Application Web Monitor Creating and Managing Intelligent Application Gateway Endpoint Policies Summary Solutions Fast Track Implementing an Intelligent Application Gateway 2007 Configuring the Whale Communication Intelligent Application Gateway 2007 Configuring ISA Server to Allow Communication between the Two Servers Utilizing the Whale Communication Intelligent Application Gateway Tools Creating and Managing Intelligent Application Gateway Endpoint Policies Frequently Asked Questions 9. Using Outlook Web Access through the Intelligent Application Gateway Introduction The Importance of Securing Outlook Web Access The Security Problem The Security Solution Securing Your OWA Connection Publishing Outlook Web Access in the Internet Application Gateway Adding OWA to the IAG (Portal) IAG 2007 Server Roles Activating the Configuration Client to Connect to the IAG IAG Portal Web Redirect the Trunk on SRV1 “Client” to Connect to the IAG Examining the Rules Added to the ISA Configuration ISA Rules Securing the Outlook Web Access Interface IAG Server Summary Solutions Fast Track The Importance of Using HTTPS for Outlook Web Access Solution Publishing Outlook Web Access in the Internet Application Gateway Securing the Outlook Web Access Interface Frequently Asked Questions 10. Configuring Virtual Private Network Traffic Through the Intelligent Application Gateway Introduction Setting Up the Network Connection Server Network Segment IP Provisioning Access Control Additional Networks Advanced Tab Adding the Application Connecting Through the Virtual Private Network Summary Solutions Fast Track Setting Up the Network Connector on a Corporate Network with Split Tunneling Internet Connecting Through the Virtual Private Network Frequently Asked Questions 11. Configuring Microsoft Internet Security and Acceleration Server 2006 Introduction Installing Microsoft Internet Security and Acceleration Server 2006 Preliminary Configuration of Windows Server 2003 Hardware Considerations Configuring TCP/IP Settings Domain Membership System Hardening Installation of ISA Server 2006 Configuring ISA Server 2006 Configuration Networks Network Sets Network Rules Web Chaining Cache Add-ins General Specify RADIUS and LDAP Servers Enabling Intrusion Detection and DNS Attack Detection Configuring IP Protection Configuring Flood Mitigation Services Firewall Policy Virtual Private Networks Monitoring ISA Server 2006 Dashboard Alerts Sessions Services Reports Connectivity Verifiers Logging Summary Solutions Fast Track Installing Microsoft Internet Security and Acceleration Server 2006 Configuring Microsoft Internet Security and Acceleration Server 2006 Monitoring Microsoft Internet Security and Acceleration Server 2006 Frequently Asked Questions 12. Microsoft Internet Security and Acceleration 2006 Server Publishing Introduction Publishing Servers behind a Microsoft Internet Security and Acceleration 2006 Server Firewall Basics of Publishing Server Publishing Rule Web Publishing Rule Network Configuration and Name Resolution for Publishing Configuring the Web Listener Exercise: Creating a Web Listener Configuring Publishing HTTP Filtering Maximum Header Length Maximum Payload Length Maximum URL Length Maximum Query Length Verify Normalization Block High-Bit Characters Block Request Containing a Windows Executable HTTP Method File Extension Block Requests Containing Ambiguous Extensions HTTP Header Server Header Rewrite Via Header Rewrite Specific HTTP Header Value in Request or Response Path Mapping Link Translation Exercise: Configure Web Publishing Rule Publishing Exchange Web Client Access Publishing SharePoint Sites Publishing a Web Farm Publishing Non-Web Server Protocols Exercise: Publishing Terminal Services Publishing Mail Servers Troubleshooting Publishing Servers behind a Microsoft Internet Security and Acceleration 2006 Server Firewall Summary Solutions Fast Track Publishing Servers behind a Microsoft Internet Security and Acceleration 2006 Server Firewall Troubleshooting Publishing Servers behind a Microsoft Internet Security and Acceleration 2006 Server Firewall Frequently Asked Questions 13. Managing ISA 2006 Server Connections between Sites Introduction VPN Protocols: Advantages and Disadvantages Advantages of IPSec Tunneling Mode Disadvantages of IPSec Tunneling Mode Advantages of L2TP/IPSec Disadvantages of L2TP/IPSec Advantages of PPTP Disadvantages of PPTP Connecting Two ISA 2006 Servers on Different Physical Sites Firewall Policy Creating an Access Rule Dynamic Host Configuration Protocol (DHCP) Configuration Static Address Pool VPN Dial-in Account at the Main Office Branch Configuration VPN Dial-in Account at the Branch Office Troubleshooting Connections between Sites Verifying Connectivity Summary Solutions Fast Track VPN Protocols: Advantages and Disadvantages Connecting Two ISA 2006 Servers on Different Physical Sites Troubleshooting Connections between Sites Frequently Asked Questions 14. Proxy Functions of Microsoft Internet Security and Acceleration Server 2006 Introduction Using Microsoft Internet Security and Acceleration 2006 as a Proxy Server Configuring Internet Security and Acceleration 2006 as a Proxy Server Exercise: Creating a Cache Rule Scheduled Content Download Exercise: Create Content Download Rule Caching in Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition Configuring Microsoft Internet Security and Acceleration 2006 to Cache BITS Content Microsoft Update Cache Rule Using the Differentiated Services on Microsoft Internet Security and Acceleration 2006 to Regulate Traffic Summary Solutions Fast Track Using Microsoft Internet Security and Acceleration 2006 as a Proxy Server Configuring Microsoft Internet Security and Acceleration 2006 to Cache BITS Content Using the Differentiated Services on Microsoft Internet Security and Acceleration 2006 to Regulate Traffic Frequently Asked Questions A. Conducting Penetration Testing on an Enterprise Using the Microsoft Forefront Security Suite Introduction Understanding Penetrating Testing Methodologies Phases of Penetration Testing Planning Information Gathering Attack Penetration Testing Techniques Network Scanning Virus Detection Identifying Test Types For Forefront Systems Client Security Exchange SharePoint ISA Summary Solutions Fast Track Understanding Penetration Testing Methodologies Penetration Testing Techniques Identifying Test Types for Forefront systems Frequently Asked Questions