A Technical Overview of Microsoft Forefront Client Security (FCS)

Howard Chow

Microsoft MVP

• Forefront Client Security (FCS) in the enterprise

• Deploying FCS policy

• FCS monitoring features

What Will We Cover?

Level 200

• Familiarity with Microsoft Operations Manager (MOM)

• Experience with network security

Helpful Experience

• Reviewing FCS

• Creating FCS policies

• Alerting and reporting

Agenda

Guidance

Developer Tools

SystemsManagementActive Directory Active Directory

Federation Services Federation Services (ADFS)(ADFS)

Identity

Management

Content

Services

Client and Server OS

Server Applicatio

ns

Edge

Network Access Protection (NAP)

A Comprehensive Security Solution

Unified malware protection for business

desktop computers, mobile computers, and

server operating systems that is easier to

manage and control

One solution for spyware and virus protection

Built on protection technology used by millions worldwide

Effective threat response

Complements other Microsoft security products

One console for simplified security administration

Define policy to manage client protection agent settings

Deploy signatures and software faster

Integrates with your existing infrastructure

One dashboard for visibility into threats and vulnerabilities

View insightful reports

Stay informed with state assessment scans and security alerts

What FCS Does

Architectural Components and Flow

Desktop Computers, Mobile Computers and Server Operating Systems Running Microsoft Forefront Client Security

FCS Prerequisites

SQL Server 2005

SQL Server 2005 Reporting

Windows Software Update Services

Group Policy Management Console

.NET Framework 2.0

MMC 3.0

IIS 6.0

Clients running Windows 2000, Windows XP, Windows Server 2003, Windows Vista

Installed with FCS

Microsoft Operations Manager 2005 SP1

Microsoft Operations Manager Reporting

• Reviewing FCS

• Creating FCS policies

• Alerting and reporting

Agenda

Understanding Policies

Forefront Client Security Management Console

Administrator creates & deploys policy

Group Policy Management Console

Clients

• Frequency of updates• Frequency of scans• Real time protection configuration

Configure Updates

and Scans

Customize FCS

Specify Threat

Response

• Local paths to skip when scanning• Level of local user control

• Response to specific spyware threats • Alerting settings

What Can a Policy Do?

Security State AssessmentReporting and alerting server

State Assessment summary

Client computers

• Reviewing FCS

• Creating FCS policies

• Alerting and reporting

Agenda

Client (Host)

Alerting and Reporting Architecture

MOM Server SQL Server ReportingServices

System Log

MOM Agent

•Event Table

•Alerts Table

•State Table

FCS Reporting Design

Security SummaryAlert

Summary

Computer Summary

Threat Summary

State Assessment

Deployment Summary

• Apply FCS policies to organization units

• Configure appropriate alert levels

• Use reports to stay on top of threats

Session Summary

http://www.microsoft.com/hk/technet/webcasts/

Visit the FCS site on TechNet at:

www.microsoft.com/technet/clientsecurity

Visit the folloiwng site for additional information:

For More Information