View Windows platform security from ForeFront features

With the development of information technology, more and more enterprises are gradually improving their business processes and information processing, and moving them from manual operations to information collaboration platforms. Because Windows is easy to use and cost-effective, many enterprises take Windows as their main business process and information processing platform, from the border server to internal network, from corporate headquarters to branches, there are a large number of servers and clients that use Windows operating systems in enterprises. These are widely used, and there are also endless security threats. Various intrusion attack events are often seen in the media, many of them cause serious economic losses. In the face of such a severe security situation, how should enterprise users respond?

To address this Security situation, Microsoft launched the ForeFront Security product family, including ForeFront Client Security, ForeFront Server Security, and ForeFront Edge Security, covering the Client, Server, and network border Security. Compared with the original single-point security product (only for security products on a platform), the new ForeFront family focuses more on overall security, pay attention to the overall architecture to ensure the security of the user information platform, while ForeFront is also more concerned with the implementation of enterprise security management. From this point on, ForeFront can be said to reflect Microsoft's understanding of the Windows operating system and network Security requirements of enterprise users, taken from the Microsoft official site of ForeFront Security, readers can intuitively understand the composition of the ForeFront family.

Features of ForeFront Security

ForeFront Security is not only a product named after ForeFront Security, but also contains a number of Microsoft Security products, such as WSUS, System Center, ISA, and iag. Although the ForeFront product line is quite complex, we can still see three features that Microsoft has to achieve on ForeFront: comprehensive, integrated, and simple.

● The Comprehensive ForeFront family is a complete solution for client, server, and network border security, including security functions such as malware defense, Patch Management, identity verification, and remote access, the protection scope covers the enterprise network and all nodes using the Windows operating system.

● Integrated ForeFront can be closely Integrated with the information processing system and security solutions on your existing Windows platform, this allows users to more effectively and clearly control the security situation in the enterprise network.

● Simple (Simplified) ForeFront provides users with a single management view, increasing their visibility into the enterprise's network security status, so as to achieve better management and threat mitigation.

What do Enterprise Users learn from the three features of ForeFront? Let enterprises of different sizes in different industries answer this question differently, however, I believe that the answer should be prioritized by the three features, rather than the answer content. Because some of the ForeFront Security components have not yet been officially released, it seems that it is still early to discuss the advantages and disadvantages of ForeFront and other Security solutions from the technical aspects of the overall Security architecture, however, it is a very enlightening topic to discuss the implementation of Windows platform security from the design concept of ForeFront.

Forefront and four features of Enterprise Security

Comprehensive Security

The first is the comprehensive implementation of Windows security. At present, the original security implementation of most enterprises can be classified as a solution in the form of "headache and foot pain": if the client often faces the threat of malware, the Enterprise Information Department will purchase and install stand-alone anti-virus software. If the server may be hacked, the Enterprise Information Department will purchase a firewall and install intrusion detection equipment;

If the mail service has a large number of spam attacks in a certain period of time, the enterprise's information department will purchase various anti-spam security products-procurement and deployment of security solutions are not based on strategic analysis of security threats that affect enterprise business and information processing, it is only a short-term action to defend against certain types of security threats. Although such procurement and deployment ideas have good results in a short period of time, they will bring false security and security risks to enterprises, enterprises often recognize and respond to new security threats after they suffer from new security threats in the future.

The recent 0-day vulnerabilities in the media are an example. If an enterprise only deploys general anti-virus software and firewall (such an enterprise environment is very common, for the sake of simplicity, this is called the General Information Processing Environment). 0-day vulnerability attacks have no defense capability. Only when intrusion detection, anti-virus, firewall, and other security functions are enabled at the same time, in order to detect and intercept effectively. In addition, enterprises' lack of far-sighted security solution procurement and deployment methods can also easily lead to the lack of security functions, which in turn leads to potential weaknesses in the enterprise's information security system.

The water that can be installed in a bucket depends on the length of the shortest bucket Board. A security system that lacks some key security functions has no actual security efficiency than any other security solution, the general enterprise information processing environment mentioned above is used as an example. If WSUS is not used in the internal network or Windows Update is used, the administrator cannot grasp the patch upgrade status of each network node, A new worm that cannot be detected by exploiting Windows vulnerability propagation and anti-virus software will be able to easily attack all machines in the enterprise's intranet.

From this perspective, it is extremely important for enterprise users to maximize the Security of the Windows platform and to implement the concept of "integrity of Security functions" implemented by Microsoft in ForeFront Security.

Security Integration

Secondly, integration of Windows security implementation. ForeFront Security emphasizes the seamless integration of its Security functions with users' legacy Windows platform applications. The composition of the enterprise information processing environment is very complex, even in a slightly larger enterprise, the information processing environment can be divided into various application servers, key network servers, client servers, and other environment types according to different information processing requirements, not to mention large and medium-sized enterprises or multinational enterprises.

The software and hardware environments vary widely in different environments, and the security level and performance requirements are also different. For example, enterprises should deploy a set of security solutions for content filtering and performance monitoring on the application server, but they have not strictly tested the compatibility and integration of the Deployment Solution with the old application server environment, the selection only relies on advertising promotion, and subsequent troubleshooting is a nightmare for the Enterprise Information Department. The implementation of this security solution is impossible. Therefore, when deploying security solutions, whether in terms of implementation effect or protection of original investment, the integration of security solutions and old facilities is a key factor that must be considered.

Security simplicity

The last is the simplicity of security implementation, also known as operability. According to the explanation of psychology, the more critical decisions or operations are, the more complicated the process should be, the more frequent the actions are, the more chance operators should be checked and confirmed repeatedly to reduce the possibility of errors, the simpler the process, the better it is to combine multiple simple actions. The Administrator's monitoring and management of various Windows nodes, application servers, and network devices in the enterprise network is a daily activity and the operation should be simpler.

However, due to the lack of comprehensive management solutions in enterprises, many enterprises still adopt a distributed management method that centrally manages servers by the Information Department and the clients are managed by users. This is often seen in large and medium-sized enterprises. Every time the Windows system is patched and upgraded, the Information Department needs to handle a large number of servers and clients, which consumes an astonishing amount of manpower, in addition, from patch release to full system updates of the entire enterprise, it has become the most vulnerable time period for the enterprise network. The Information Department cannot obtain alarms and log information on Windows clients. Even the response to security events on centrally managed servers lags behind, and the Information Department is exhausted by handling various security alerts.

The launch of Forefront Security Architecture undoubtedly brings exciting news to the management of enterprise Windows architecture.

Security change

Another important aspect of enterprise IT management is Change Control ). The information department must master every change in the enterprise network for troubleshooting and tracking. These changes include security policy changes, service and application changes, software and hardware environment changes, and even management organization changes. These changes are happening anytime and anywhere for large enterprises, and the number of such changes is staggering. How can we evaluate, monitor, obtain evidence, and improve these changes, IT is the nightmare of every enterprise IT supervisor.

For example, if you perform operations or software installation that are not permitted by the enterprise security policy on the client, the security risks of the enterprise network are often hidden. These two years have frequently occurred in the news, various malware and ARP viruses spread through mobile storage devices are examples of security incidents that result from the absence of effective control over clients and violations of security policies. In this regard, the Forefront Security Architecture utilizes its own security features and integrates the System Center product series to achieve the goal of enterprise IT security management.

Use ForeFront to ensure security

To sum up, a security solution should take into account at least four aspects: comprehensiveness, integration, simplicity and change. In this regard, ForeFront Security is a good choice. However, IT does not mean that Forefront has been implemented in an enterprise to achieve IT security. On the one hand, security management is more about managing processes. On the other hand, the newly launched products also need time to be gradually improved. When selecting a solution, enterprises first conduct a detailed analysis and investigation on their business processes, IT facilities, and security threats, and prioritize the four requirements mentioned above, in the ForeFront family, select the appropriate product portfolio based on your own situation.