When thinking about security, it's common to categorize the areas where you'll be focusing on to make things a bit easier to manage. In general, I tend to categorize my security efforts in the following ways:
- Edge Security -- Inbound and outbound access control to and from the Internet
- Network security -- securing the network from data loss and corruption while it's on the wire
- Datastream security -- securing the information within the datastream from loss or corruption
- Host security -- Securing the host operating system from attack, including things such as update management and security configuration of the operating system and applications and services running on the host
- Data security -- securing the actual on-disk data from loss or corruption
- Application security -- was the operating system and the applications developed with security in mind? Was a secure application development procedure, such as the Security Development Lifecycle (http://msdn.microsoft.com/msdnmag/issues/05/11/SDL/default.aspx) used to create the application
- People security -- Has the user based been trained on secure computing practices?
While this schema is similar to what most security administrators use to organize their efforts, there is one area that I mentioned that is often left out of the mix -- the Datastream security category.
What is Datastream security? Its the attempt to secure the information moving through the datastream, whether it be between client and server or server to server. Its the attempt to protect the data moving over the wire from being lost, stolen, intercepted, changed or corrupted. Datastream security is also aimed at protecting the rest of the network from contents of the datastream that might become malicious.
Datastream security really consists of two parts: datastream privacy and datastream security. I tend to break out privacy from security to make things more clear. That isn't to say that privacy isn't a big part of security, but privacy isn't the entire story.
What are examples of datastream privacy? Consider the mail protocols SMTP, POP3 and IMAP4. Each of these protocols are unencrypted, which means that anyone with a network sniffer can intercept and read the contents of SMTP, POP3 and IMAP4 communications. In order to make the contents of these protocols private, you need to encrypt them. This is done in Windows environments using SSL/TLS, using the SMTPS, POP3S and IMAP4S protocols.
However, we're not secure yet. Just because we've encrypted the data doesn't make it secure. Worms, viruses, trojans and all sorts of malware can be traveling inside those encrypted communications. To solve this problem, we need to use something that will provide datastream security. The datastream security solution will clean the contents of the datastream itself, removing the malware and other undesirable content.
Microsoft has two primary products aimed at protecting the datastream -- Forefront Security for Exchange and Forefront Security for SharePoint. Both of these products are able to block malware from entering your network over the mail or Web channels used to connect to Exchange and SharePoint. Not only do they block malware, but they can also be used for content inspection, so that spam and other mail can't get into or leave your Exchange Server, or in the case of SharePoint, insure that undesirable or illicit content can't make its way to your SharePoint libraries.
For more information on Forefront Security for Exchange, check out: http://www.microsoft.com/forefront/serversecurity/exchange/default.mspx
For more information on Forefront Security for SharePoint, check out: http://www.microsoft.com/forefront/sharepoint/en/us/default.aspx
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
MVP - Microsoft Firewalls (ISA)