24 hours of exchange server 2007 ( part 14 of 24)
DESCRIPTION
Maintaining Anti-VirusTRANSCRIPT
24 Hours of Exchange Server 2007 24 Hours of Exchange Server 2007 (Part 14 of 24): Maintaining (Part 14 of 24): Maintaining AntiVirusAntiVirus
Harold [email protected]/haroldwong
Audio: please try Streaming Internet Audio firstIf that doesn’t work, use:
(800) 683-9254: Pin 3054
What We Will CoverWhat We Will Cover
• Understanding antivirus functionalityUnderstanding antivirus functionality
• Deploying a defense-in-depth approachDeploying a defense-in-depth approach
• Antivirus software integrationAntivirus software integration
AgendaAgenda
• ReviewReview
• Antivirus features in MicrosoftAntivirus features in Microsoft®® Exchange Exchange Server 2007Server 2007
• Antivirus Software and ServicesAntivirus Software and Services
Introduction to Anti-Spam Introduction to Anti-Spam ManagementManagement
1.1. Sender reputation filteringSender reputation filtering
2.2. Recipient ID filteringRecipient ID filtering
3.3. Attachment filteringAttachment filtering
4.4. Connection filteringConnection filtering
Which of the following is not a type of Exchange Server 2007 anti-spam filtering?
Introduction to Anti-Spam Introduction to Anti-Spam ManagementManagement
1.1. Connection filteringConnection filtering
2.2. Sender ID filteringSender ID filtering
3.3. Content filteringContent filtering
4.4. Outlook junk e-mail filteringOutlook junk e-mail filtering
Which anti-spam filtering feature includes the spam quarantine?
Introduction to Anti-Spam Introduction to Anti-Spam ManagementManagement
1.1. Perimeter firewallPerimeter firewall
2.2. Edge Transport serverEdge Transport server
3.3. Internal firewallInternal firewall
4.4. Connection filteringConnection filtering
What is considered the first line of defense against spam attacks?
Understanding Individual Understanding Individual ComponentsComponents
1.1. IP Allow ListIP Allow List
2.2. Safe Provider ListSafe Provider List
3.3. Real-time Block List Real-time Block List
4.4. Spam Quarantine ListSpam Quarantine List
Which of the following is not a feature of connection filtering?
Understanding Individual Understanding Individual ComponentsComponents
1.1. Connection filteringConnection filtering
2.2. Sender filteringSender filtering
3.3. Sender ID filteringSender ID filtering
4.4. Sender reputation filteringSender reputation filtering
Which of the following filters do not query outside servers or services?
Understanding Individual Understanding Individual ComponentsComponents
1.1. Sender filteringSender filtering
2.2. Sender ID filteringSender ID filtering
3.3. Content filteringContent filtering
4.4. Sender reputation filteringSender reputation filtering
Which of the following component level filtering includes safelist aggregation?
AgendaAgenda
• ReviewReview
• Antivirus features in Exchange Server 2007Antivirus features in Exchange Server 2007
• Antivirus Software and ServicesAntivirus Software and Services
The Defense-in-Depth Approach The Defense-in-Depth Approach
Virus Protection with Spam Virus Protection with Spam FiltersFilters
Connection Filtering Connection Filtering
Recipient FilteringRecipient Filtering
Sender ID FilteringSender ID Filtering
Sender Reputation Filtering Sender Reputation Filtering
Attachment Filtering Attachment Filtering ..exeexe ..dlldll .com.com ..batbat
Reverse DNS LookupReverse DNS Lookup
Query Sender’s DNSQuery Sender’s DNS
TarpittingTarpitting
RBL LookupRBL Lookup
Configuring Filters for Virus Configuring Filters for Virus ProtectionProtection
Configure RBL lookups Configure RBL lookups Query sender’s DNSQuery sender’s DNS Configuring attachment filteringConfiguring attachment filtering
demonstrationdemonstration
Outlook Web Access Virus Outlook Web Access Virus Protection Protection
Public computer
Private computer
Exchange Server 2007 Spam Exchange Server 2007 Spam QuarantineQuarantine
Spamquarantinemailbox
Yes
SCL SCL exceedsexceeds
quarantinequarantineNo
Managing the Spam Quarantine Managing the Spam Quarantine
Create the spam quarantine mailboxCreate the spam quarantine mailbox Set spam mailbox in the Edge TransportSet spam mailbox in the Edge Transport Reviewing the spam quarantine mailboxReviewing the spam quarantine mailbox
demonstrationdemonstration
AntiVirus Features of Exchange AntiVirus Features of Exchange Server 2007Server 2007
1.1. Connection filteringConnection filtering
2.2. Sender filteringSender filtering
3.3. Content filteringContent filtering
4.4. Attachment filteringAttachment filtering
Q1: Which spam filtering technology played an early role in virus protection?
AntiVirus Features of Exchange AntiVirus Features of Exchange Server 2007Server 2007
1.1. Connection filteringConnection filtering
2.2. Sender filteringSender filtering
3.3. Sender ID filteringSender ID filtering
4.4. Sender reputation filteringSender reputation filtering
Q2: Which type of filtering allows the Edge Transport server to look up IP addresses in a list of known virus hosts?
AntiVirus Features of Exchange AntiVirus Features of Exchange Server 2007Server 2007
1.1. Connection filteringConnection filtering
2.2. Sender filteringSender filtering
3.3. Content filteringContent filtering
4.4. Attachment filteringAttachment filtering
Q3: Which filtering mechanism moves e-mail messages into the spam quarantine mailbox?
AgendaAgenda
• ReviewReview
• Antivirus features in Exchange Server 2007Antivirus features in Exchange Server 2007
• Antivirus Software and ServicesAntivirus Software and Services
Antivirus Software Integration Antivirus Software Integration
VSAPI(Not Recommended)
Forefront Security for Exchange Forefront Security for Exchange ServerServer
ClientClientSecuritySecurity
HubHubSecuritySecurity
Edge SecurityEdge SecurityCACA
SophosSophos
AhnLabAhnLab
VirusBusterVirusBuster
Kaspersy LabsKaspersy Labs
Norman Data DefenseNorman Data Defense
* Microsoft* Microsoft®® Forefront™ Forefront™ Security for Exchange Security for Exchange Server (FSE)Server (FSE)
Installing Forefront Security
Install the Forefront security softwareInstall the Forefront security software Run the Forefront security administrator Run the Forefront security administrator Send and scan an e-mail messageSend and scan an e-mail message
demonstrationdemonstration
DirectoryDirectoryServiceService
Exchange Hosted Filtering Exchange Hosted Filtering
Messages containing Messages containing active malicious codeactive malicious code
E-mail quarantineE-mail quarantine
ExchangeExchangeHostedHostedFilteringFiltering
Third-Party ProductsThird-Party Products
AntiVirus Software and ServicesAntiVirus Software and Services
1.1. Edge Transport serverEdge Transport server
2.2. Hub Transport serverHub Transport server
3.3. Mailbox serverMailbox server
4.4. Desktop client computersDesktop client computers
Q1: Which system should not run e-mailantivirus scanning according to Exchange Server 2007 best practices?
AntiVirus Software and ServicesAntiVirus Software and Services
1.1. FiveFive
2.2. SixSix
3.3. SevenSeven
4.4. EightEight
Q2: What is the maximum number of antivirusscanning engines that can be configured forForefront?
AntiVirus Software and ServicesAntiVirus Software and Services
1.1. OneOne
2.2. TwoTwo
3.3. ThreeThree
4.4. FourFour
Q3: What is the minimum number of antivirusengines you can configure when using Microsoft Exchange Hosted Filtering?
Session SummarySession Summary
• Antivirus functionality in Exchange Server Antivirus functionality in Exchange Server 20072007
• Defense-in-depth approachDefense-in-depth approach
• Antivirus software integrationAntivirus software integration
Questions and AnswersQuestions and Answers
• Submit text questions using the “Ask” button. Submit text questions using the “Ask” button. • Don’t forget to fill out the survey.Don’t forget to fill out the survey.• For upcoming and previously live webcasts: For upcoming and previously live webcasts:
www.microsoft.com/webcasts
• Got webcast content ideas? Contact us at: Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781
• Today's webcast was presented using MicrosoftToday's webcast was presented using Microsoft®® Office Live Meeting. Get a free 14-day trial by Office Live Meeting. Get a free 14-day trial by visiting: visiting: www.microsoft.com/presentlive