A Technical Overview of Microsoft Forefront Client Security (FCS)

Howard Chow

Microsoft MVP

• Forefront Client Security (FCS) in the enterprise

• Deploying FCS policy

• FCS monitoring features

What Will We Cover?

Level 200

• Familiarity with Microsoft Operations Manager (MOM)

• Experience with network security

Helpful Experience

• Reviewing FCS

• Creating FCS policies

• Alerting and reporting

Agenda

Guidance

Developer Tools

SystemsManagementActive Directory Active Directory

Federation Services Federation Services (ADFS)(ADFS)

Identity

Management

Content

Services

Client and Server OS

Server Applicatio

ns

EdgeNetwork Access Protection (NAP)

A Comprehensive Security Solution

Unified malware protection for business desktop computers, mobile computers, and server operating systems that is easier to

manage and control

One solution for spyware and virus protectionBuilt on protection technology used by millions worldwideEffective threat responseComplements other Microsoft security products

One console for simplified security administrationDefine policy to manage client protection agent settings Deploy signatures and software fasterIntegrates with your existing infrastructure

One dashboard for visibility into threats and vulnerabilities

View insightful reportsStay informed with state assessment scans and

security alerts

What FCS Does

Architectural Components and Flow

Desktop Computers, Mobile Computers and Server Operating Systems Running Microsoft Forefront Client Security

FCS PrerequisitesSQL Server 2005SQL Server 2005 ReportingWindows Software Update ServicesGroup Policy Management Console.NET Framework 2.0 MMC 3.0IIS 6.0Clients running Windows 2000, Windows XP,

Windows Server 2003, Windows VistaInstalled with FCSMicrosoft Operations Manager 2005 SP1Microsoft Operations Manager Reporting

• Reviewing FCS

• Creating FCS policies

• Alerting and reporting

Agenda

Understanding PoliciesForefront Client Security

Management Console

Administrator creates & deploys policy

Group Policy Management Console Clients

• Frequency of updates• Frequency of scans• Real time protection configuration

Configure Updates

and Scans

Customize FCS

Specify Threat

Response

• Local paths to skip when scanning• Level of local user control

• Response to specific spyware threats • Alerting settings

What Can a Policy Do?

Security State AssessmentReporting and alerting server

State Assessment summary

Client computers

• Reviewing FCS

• Creating FCS policies

• Alerting and reporting

Agenda

Client (Host)

Alerting and Reporting Architecture

MOM Server SQL Server ReportingServices

System Log

MOM Agent

•Event Table

•Alerts Table

•State Table

FCS Reporting Design

Security SummaryAlert

Summary

Computer Summary

Threat Summary

State Assessment

Deployment Summary

• Apply FCS policies to organization units

• Configure appropriate alert levels

• Use reports to stay on top of threats

Session Summary

http://www.microsoft.com/hk/technet/webcasts/

Visit the FCS site on TechNet at:

www.microsoft.com/technet/clientsecurity

Visit the folloiwng site for additional information:

For More Information