1 / 25

Module 1: Maintaining Antivirus and Anti-Spam Systems

Module 1: Maintaining Antivirus and Anti-Spam Systems. Overview. Introduction to Antivirus and Anti-Spam Management Implementing Anti-Spam Features Implementing Antivirus Features. Lesson 1: Introduction to Antivirus and Anti-Spam Management.

hammer
Download Presentation

Module 1: Maintaining Antivirus and Anti-Spam Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 1: Maintaining Antivirus and Anti-Spam Systems

  2. Overview • Introduction to Antivirus and Anti-Spam Management • Implementing Anti-Spam Features • Implementing Antivirus Features

  3. Lesson 1: Introduction to Antivirus and Anti-Spam Management • Discussion: The Current State of Virus and Spam Control • Defense-in-Depth Approach to Antivirus and Anti-Spam Management • What Is Exchange Hosted Services? • How Exchange Hosted Services Works

  4. Discussion:The Current State of Virus and Spam Control Read the discussion questions Discuss your answers with the class 1 2

  5. Defense-in-Depth Approach to Antivirus and Anti-Spam Management A defense-in-depth approach enhances security by deploying defenses at different locations or levels on the network A defense-in-depth model in a messaging organization includes: • Client computer-based solutions • Exchange Server-based solutions • Internet edge-based solutions • User-based solutions

  6. What Is Exchange Hosted Services? Microsoft Exchange Hosted Services provides hosted management of key messaging security functions Microsoft Exchange Hosted Services includes: • Exchange Hosted Archive • Exchange Hosted Continuity • Exchange Hosted Filtering • Exchange Hosted Encryption

  7. Spam filtering Virus filtering Policy enforcement Message encryption Message archival How Exchange Hosted Services Works Exchange Hosted Services Inbound messages Outbound messages

  8. Lesson 2: Implementing Anti-Spam Features • Discussion: Spam Filtering Requirements • How Connection Filtering Works • How Real-Time Block Lists Work • Demonstration: How to Configure Sender and Recipient Filtering • How Sender ID Filtering Works • How Content Filtering Works • How Sender Reputation Filtering Works • How Safelist Aggregation Works • How Exchange Server 2007 Applies Spam Filters

  9. Discussion: Spam Filtering Requirements Read the discussion questions Discuss your answers with the class 1 2

  10. How Connection Filtering Works Connection filtering uses the IP address of the remote SMTP server to determine what action to take on an inbound message When you enable connection filtering: • The source IP address is checked against the IP Allow and IP Block lists • If address is on the IP Allow list, the message is sent to destination with no additional processing • If address is on the IP Block list, the SMTP connection is dropped after RCPT TO headers are processed

  11. How Real-Time Block Lists Work You can also configure exceptions to connection filter rules 3 Edge Transport server 2 RBL provider Hub Transport server 4 4 1 Internet SMTP server

  12. Demonstration: How to Configure Sender and Recipient Filtering Your instructor will: • Demonstrate how to configure sender and recipient filtering • Discuss how to use sender and recipient filtering

  13. How Sender ID Filtering Works Edge Transport server 2 DNS Server Hub Transport server 3 4 1 Internet SMTP server

  14. How Content Filtering Works Content filtering analyzes the content of each e-mail message and assigns an SCL to the messages You can configure content filtering to: • Block or allow messages based on a custom word list • Allow exceptions so that messages sent to specified recipients are not filtered • Specify actions that delete, reject, or quarantine messages that exceed an SCL value Quarantined messages are sent to a quarantine mailbox

  15. How Sender Reputation Filtering Works Sender reputation filtering filters messages based on information about recent e-mail messages received from specific senders The Sender Reputation agent assigns an SRL based on: • Sender open proxy test • HELO/EHLO analysis • Reverse DNS lookup • Analysis of SCL ratings on messages from a particular sender

  16. How Safelist Aggregation Works Safelist aggregation shares anti-spam functionality across Office Outlook and Microsoft Exchange When you implement safelist aggregation: • Safelist collection is pushed to Active Directory and stored on the user object in Active Directory • If EdgeSync is enabled, the safelist collection is replicated to the Edge Transport Server • If a contact is listed on a safelist, the Content Filter agent forwards the message without spam filtering

  17. How Exchange Server 2007 Applies Spam Filters Exchange Server 2007 Edge Transport server IP Allow list Connection filtering IP Block list RBL Internet Sender filtering Recipient filtering Outlook Safe Senders List Sender ID filtering Exceed SCL threshold Content filtering Below SCL threshold

  18. Practice: Implementing Anti-Spam Features In this practice, you will implement anti-spam features

  19. Lesson 3: Implementing Antivirus Features • Discussion: Requirements for an Antivirus Solution • How Exchange Server 2007 Integrates with Antivirus Software • Demonstration: How to Configure Attachment Filtering • What Is Forefront Security for Exchange Server? • Considerations for Implementing Antivirus Features

  20. Discussion: Requirements for an Antivirus Solution Read the discussion questions Discuss your answers with the class 1 2

  21. How Exchange Server 2007 Integrates with Antivirus Software Implementing a comprehensive spam filtering solution will reduce the risk of viruses entering your organization Exchange Server 2007 antivirus features: • Support the Virus Scanning API used in Exchange 2003 • Use transport agents to filter and scan messages to reduce the spread of malware before it enters the organization • Use antivirus stamping to reduce the number of times a message is scanned as it is sent through the organization

  22. Demonstration: How to ConfigureAttachment Filtering Your instructor will: • Demonstrate how to configure the attachment filtering settings on an Edge Transport server • Discuss when to modify the default attachment filtering settings • Discuss the benefits of using attachment filtering

  23. What Is Forefront Security for Exchange Server? Forefront Security for Exchange Server is an antivirus solution that integrates with Exchange Server 2007 Forefront Security for Exchange Server includes: • Multiple antivirus scan engines • Different agents for Edge Transport servers, Hub transport servers, and Mailbox servers • Antivirus stamping • Forefront Server Security Management Console

  24. Considerations for Implementing Antivirus Features Develop effective user education Avoid the use of user accounts with administrator access Use a defense-in-depth approach with antivirus software Ensure antivirus software is kept up to date ü ü ü ü

  25. Lab: Maintaining Antivirus and Anti-Spam Systems Exercise 1: Reviewing the Current Spam Filtering Results Exercise 2: Discussion: Modifying the Spam Filtering Settings Exercise 3: Modifying the Spam Filtering Settings

More Related