With the widespread use of servers and clients in the Windows operating system, various media are common in various intrusion attacks, and many of them cause serious economic losses. How should enterprise users respond to such a severe security situation? Security situation, Microsoft launched the ForeFront Security security product family, including ForeFront Client Security, ForeFront Server Security and ForeFront Edge Security, covering client, server and network boundary security. ForeFront can be said to reflect Microsoft's understanding of the Windows operating system and network security needs of enterprise users. Let's take a look at the members of the ForeFront family.
ForeFront Security Features
ForeFront Security is not only a few products named after ForeFront Security, it also includes a number of Microsoft security products, such as WSUS, System Center, ISA, IAG and so on. The so-called "essential nature through the phenomenon", although ForeFront's product line is quite complex, but we can still see three characteristics that Microsoft has to achieve on ForeFront: comprehensive, integrated, simple
● comprehensive (Comprehensive) ForeFront The family is a complete solution for client, server and network perimeter security, including security features such as malware defense, patch management, authentication, and remote access, covering the corporate network and all nodes using the Windows operating system.
●Integrated ForeFront can be tightly integrated with the information processing system and security solutions on the user's existing Windows platform, enabling users to control security in the corporate network more effectively and clearly.
●Simplified ForeFront provides users with a single management view that increases user visibility into the security state of the enterprise network, enabling better management and threat mitigation processes.
What can the enterprise users get from the three characteristics of ForeFront? There are different answers for companies of different sizes and industries to answer this question, but the author believes that the difference between the answers should be prioritized in these three characteristics. The degree is ranked rather than the content of the answer. Because some components of ForeFront Security have not yet been officially launched, it seems that it is still too early to discuss the advantages and disadvantages of ForeFront and other security solutions from the technical level of the overall security architecture, but from the design concept of ForeFront to discuss the implementation of Windows platform security, but A very instructive topic.
Forefront and Enterprise Security Four Features
Security Comprehensive is first and foremost a comprehensive implementation of Windows security. At present, the original security implementation in most enterprises can be classified as “a headache, a painful foot”, if the client often faces the threat of malware, the information department of the enterprise will purchase the counter of the stand-alone version. Virus software is installed and installed; if the server is likely to be hacked, the enterprise information department will purchase a firewall and install an intrusion check device; if the mail service has a large amount of spam attack in a certain period of time, the enterprise information department will purchase various anti-investigations. Spam security products —— Enterprise procurement and deployment of security solutions is not based on a strategic analysis of security threats affecting business and information processing, but only short-term behavior to protect against certain types of security threats. Although such procurement and deployment ideas have good results in the short term, they will bring false security and security risks to enterprises. Enterprises will often recognize new ones after they are damaged by new security threats in the future. Threat and react to it.
The recent 0Day exploits that frequently appear on the media are an example. If enterprises only deploy general anti-virus software and firewalls (such an enterprise environment is very common, for the sake of simplicity, hereinafter referred to as general information processing environment) Under the attack of 0Day vulnerability, it is undefensive. Only when security functions such as intrusion detection, anti-virus, and firewall are enabled at the same time can it be more effective detection and interception. In addition, the lack of a visionary security solution procurement deployment method can easily lead to the lack of security functions, which in turn creates potential weaknesses in the enterprise's information security system. The water that can be loaded in a bucket depends on the length of the shortest barrel, a safety system that lacks some critical safety functions, and the actual safety performance is not much safer than the environment in which the safety scheme is not used, or the general enterprise mentioned above. As an example of the information processing environment, if you do not use the WSUS service or use Windows Update on the internal network, the administrator cannot grasp the patch upgrade status of each network node. A new worm that uses Windows vulnerability propagation and anti-virus software can not detect it temporarily will be able to It is easy to capture all the machines in the enterprise intranet. From this perspective, it is extremely important for enterprise users to maximize the security of the Windows platform and implement the “integrity of security features” that Microsoft has implemented in ForeFront Security.
Security Integration Second, the integration of Windows security implementation. ForeFront Security emphasizes the seamless integration of its security features with the user's legacy Windows platform applications. The composition of the enterprise information processing environment is very complicated. Even in a slightly larger enterprise, the information processing environment can be divided into various application types such as various application servers, key network servers, and client machines according to different information processing requirements. Not to mention large and medium-sized companies or multinational companies. The software and hardware environments in different environments are very different, and the security level and performance requirements are different. For example, enterprises need to deploy a set of security solutions for content filtering and performance monitoring on the application server, but they do not plan to deploy them beforehand. The compatibility and integration of the old application server environment have been rigorously tested, and only the advertisements are selected for promotion. The subsequent troubleshooting is a nightmare for the enterprise information department. The implementation of this security solution The effect is also impossible to talk about. Therefore, when deploying security solutions, the integration of security solutions and legacy facilities is a key factor that must be considered, both in terms of implementation effectiveness and protection of existing investments.