A Technical Overview of Microsoft Forefront Client Security

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP

What Will We Cover? • Forefront Client Security (FCS) in the enterprise • Deploying FCS policy • FCS monitoring features

Helpful Experience • Familiarity with Microsoft Operations Manager (MOM) • Experience with network security Level 200

Agenda • Reviewing FCS • Creating FCS policies • Alerting and reporting

A Comprehensive Security Solution Services Edge Ne tw Server Applications or k. A cc es s. P ro te ct io n Client and Server OS (N AP ) Content Identity Management Systems Management Active Directory Federation Services (ADFS) Guidance Developer Tools

What FCS Does One solution for spyware and virus protection Built on protection technology used by millions worldwide Effective threat response Complements other Microsoft security products Unified malware protection for business desktop computers, mobile computers, and server One console for simplified security administration Define policy to manage client protection agent settings operating systems that is easier to manage and Deploy signatures and software faster Integrates with your existing infrastructure control One dashboard for visibility into threats and vulnerabilities View insightful reports Stay informed with state assessment scans and security alerts

Architectural Components and Flow Desktop Computers, Mobile Computers and Server Operating Systems Running Microsoft Forefront Client Security

FCS Prerequisites SQL Server 2005 Reporting Windows Software Update Services Group Policy Management Console. NET Framework 2. 0 MMC 3. 0 IIS 6. 0 Clients running Windows 2000, Windows XP, Windows Server 2003, Windows Vista Installed with FCS Microsoft Operations Manager 2005 SP 1 Microsoft Operations Manager Reporting

Agenda • Reviewing FCS • Creating FCS policies • Alerting and reporting

Understanding Policies Forefront Client Security Management Console Administrator creates & deploys policy Group Policy Management Console Clients

What Can a Policy Do? Configure Updates and Scans • Frequency of updates • Frequency of scans • Real time protection configuration Customize FCS • Local paths to skip when scanning • Level of local user control Specify Threat Response • Response to specific spyware threats • Alerting settings

Security State Assessment Reporting and alerting server State Assessment summary Client computers

Agenda • Reviewing FCS • Creating FCS policies • Alerting and reporting

Alerting and Reporting Architecture Client (Host) System Log MOM Server • Event Table • Alerts Table • State Table MOM Agent SQL Server Reporting Services

FCS Reporting Design Computer Summary Deployment Summary Threat Summary Security Summary Alert Summary State Assessment

Session Summary • Apply FCS policies to organization units • Configure appropriate alert levels • Use reports to stay on top of threats

For More Information Visit the FCS site on Tech. Net at: www. microsoft. com/technet/clientsecurity Visit the folloiwng site for additional information: http: //www. microsoft. com/hk/technet /webcasts/