An Introduction to Microsoft Forefront (Part 2)

If you would like to read the first part of this article series please go to An Introduction to Microsoft Forefront (Part 1).

After some thought it makes sense to consolidate all your security products into one portfolio as it simplifies security for the consumer. This is important as there are many security products on offer today from many vendors and a large selection does not make it easier on the consumer. For many years now organizations and individuals alike have requested that Microsoft enter the Antivirus market but for various reasons Microsoft has declined this nomination. Those days are over however and Microsoft has made a concerted effort in this field and in the Anti-spyware and Anti-malware field, with the innovative technology discussed in this article.

Antigen AV

With the addition of Antigen to the arsenal the security professional can centrally manage the antivirus console and keep the AV engine and pattern files updated with multiple layers of AV scanning. The organization can have up to nine different scan engines to scan files and data, with providers such as Computer Associates, Sophos and Norman. This strategy provides for failover so that if one scan engine fails to detect a virus, the next scan engine will most likely detect the virus. This type of scan will certainly reduce the risk of exposure. The Antigen user interface is easy to use, and gives great visibility of security events related to the environment. One of the features that I most enjoy is Antigen for SharePoint that scans uploaded files.

An administrator is able to define rules that restrict certain file types from being uploaded and accessed even if the file is renamed. Antigen can also block content based on key words. This can be used to address confidentiality and enforce company policy that orients intellectual property rights.

Do more with less complexity is the order of the day with Antigen. This is all done using familiar MMC and MS interfaces for admin and configuration. Instant messaging is an excellent way to keep in contact and some say that it replaces the use of email for short conversational bursts. Ultimately applications like these allow for remote file sharing and pose a vulnerability. For this reason it is of particular importance that instant messaging be controlled to keep viruses and malware at bay, and to secure information and prevent leakage and keep information confidential. How can this be done? Antigen covers this ambit on the desktop for IM and will also provide anti spyware.

ISA Server

As part of the security suite Microsoft has included ISA server 2006. ISA is what Microsoft is offering as a firewall and it is a commercial firewall comparable with high end commercial firewalls. ISA’s differentiator is that the ISA firewall software is designed to protect Microsoft networks optimally as there is close integration with Microsoft Exchange and Microsoft SharePoint portal services as well as SUS, WSUS and now in ISA 2006 BITS. ISA 2006 is used to reduce an organization’s exposure surface to the interconnected world. ISA is able to scan packets at the application layer and this is imperative as modern attacks occur at all seven layers of the OSI model. This means that even the contents of the packets are examined to see if they conform to what the application is expecting. Only good packets are then forwarded. This includes SSL encrypted traffic. This is done by ISA decrypting the traffic and re encrypting the traffic before sending it onto the destination machine.

The one feature that is most required by users on a Microsoft network is authentication. This is done with a link to Active Directory for authentication purposes. ISA also incorporates predefined templates that help configure the firewall and prevent misconfiguration. ISA also supports other environments like Unix, Linux, SUN and BE as well as other browser types. Microsoft understands that most environments have a vendor mix and that heterogeneous is the matrix used by most businesses, so support for such implementations is important.

(Courtesy of Microsoft)
Figure 1: Depicts the Microsoft Forefront security scenario

The example is of a remote user on the internet needing to access information on the LAN. The user needs to first authenticate through ISA server 2006 over a secure IPSEC “encrypted tunnel” VPN or through using a web interface that authenticates users, or by using a token, a smartcard, a biometric device or any high level authentication mechanism supported by Microsoft. The user then needs to download his/her e-mail and also needs to do some work on SharePoint.

The User logs onto SharePoint while the outlook client downloads the e-mail and the user works on a document. After completing the work the remote user decides to contact Mary in accounts telling her that the work has been completed. The remote user sends an email to Mary informing her and at the same time the remote user lets Mary know he has uploaded an MP3 file to the SharePoint server for Mary to listen to as the remote user thinks Mary will fancy the song. Mary receives the E-mail and clicks on the link verifying that work is complete and only Mary will have access to this file as rights management has been implemented on SharePoint file structure so the information is secure. Mary then clicks on the link to the MP3 and Antigen denies access to the file even though the remote user renamed the file to music.doc. Security enforced!

More Agents for the arsenal?

It’s difficult to get away from installing agents on computers these days as the motivating factor seems to be improved features and more effective control. These clients can be deployed in batches to replace or compliment other security software in the environment. It is recommended that one security solution be selected and deployed. How should these agents get distributed you may ask? SMS is a great option.

What’s your environment’s health like?

For years now maturing environments have been designed and deployed. Professionals have been seeking countless hours of consultancy orienting best practice. We all feel the urge to comply and to follow the book, but what do we use to measure an environments health. Matching the policies and corporate requirements to the environment is the order of the decade and will remain the focus of what customers seek in software in the future. Forefront helps keep professionals alerted on updates and antivirus pattern files that need to be updated.

What are requirements for Forefront?

Because the Forefront suite belongs to Microsoft, the developers have decided to utilize a unified data repository. SQL forms part of this and all reporting and analysis data is centralized in a SQL backend.

Hardware and future direction

As Microsoft grows and focuses on different market segments, there is a tendency to move towards the provision of appliances that have secure windows systems residing on the appliances. The days of insecure Microsoft software and hardware has come to end as a more security conscious company with a battalion of well trained security aware developers are guided into a new era. Just take a look at internal Microsoft initiatives for writing secure code, and the way products are delayed for the sake of security at the sacrifice of revenue and you can tell Microsoft is taking this seriously.


After years of being outside of the security space, Microsoft has made an excellent start in completing its security portfolio with products like MOM and ISA. Adding Antigen and client security software to the arsenal helps with the security defense in-depth approach. But security does not stop at products, it requires diligent security professionals that understand the solutions and underlying networks that need to be protected and how infrastructure fits together. There will always be an element of knowledge required as certain compliance and response mechanisms need to be initiated after incidents are identified. For many years now security professionals protecting Microsoft networks have had to rely on a tool box that lacked depth. Hopefully, now with Forefront’s tight integration into the Microsoft security arena, this gap will be reduced.

If you would like to read the first part of this article series please go to An Introduction to Microsoft Forefront (Part 1).

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top