Dieters Forefront Blog

Microsoft hat vor circa einer Stunde folgenden Blogeintrag veröffentlicht – ohne Vorwarnung oder dergleichen:

Important Changes to Forefront Product Roadmaps

Today, as a result of our effort to better align security and protection solutions with the workloads and applications they protect, Microsoft is announcing changes to the roadmaps of some of the security solutions made available under the Forefront brand.

1. As part of this effort, the next release of Forefront Online Protection for Exchange, which has long been part of the Office 365 solution, will be named Exchange Online Protection.
2. In response to customer demand, we are adding basic antimalware protection to Exchange Server 2013. This protection can be easily turned off, replaced, or paired with other services (like Exchange Online Protection) to provide a layered defense.
3. We are discontinuing any further releases of the following Forefront-branded solutions:

• Forefront Protection 2010 for Exchange Server (FPE)
• Forefront Protection 2010 for SharePoint (FPSP)
• Forefront Security for Office Communications Server (FSOCS)
• Forefront Threat Management Gateway 2010 (TMG)
• Forefront Threat Management Gateway Web Protection Services (TMG WPS)

For collaboration protection, SharePoint and Lync Servers will continue to offer the built-in security capabilities that many customers use to protect shared documents. For remote access, DirectAccess and Routing and Remote Access Server (RRAS) VPN in Windows Server 2012 provide secure remote access for Windows and cross-platform clients, as well as cross-premise access through site to site VPN. Forefront Unified Access Gateway (UAG) 2010 also continues to provide secure application publishing and cross-platform SSL VPN remote access for a range of mobile devices.

Weitere Informationen:

• Important Changes to Forefront Product Roadmaps

Mehr dazu möglicherweise in den nächsten Tagen.

Viele Grüße
Dieter

—
Dieter Rauscher
MVP Forefront

Auf TechNet Edge gibt es einige Videos rund um das Thema Forefront, die ich euch in einer kleinen Artikelserie vorstellen möchte.

Heute: Unified Access Gateway Demo, Screencast, and PM Interview

Meir Mendelovich, UAG Program Manager, at TechEd EMEA 09 tells us about some of the capabilities of UAG and then demos Direct Access and walks through the UAG Direct Access configuration via a screencast.

Veröffentlichungsdatum: 13. November 2009

Weitere Informationen:

• TechNet Edge Video: Unified Access Gateway Demo, Screencast, and PM Interview
• Mehr zu UAG auf microsoft.com

Viele Grüße
Dieter

—
Dieter Rauscher
MVP Forefront

Auf TechNet Edge gibt es einige Videos rund um das Thema Forefront TMG, die ich euch in einer kleinen Artikelserie vorstellen möchte.

Heute: TMG Overview

With the RTM of Forefront Threat Management Gateway (TMG), David Cross tells us about what’s new and gives some real-world examples of how Microsoft IT has benefited from TMG over ISA 2006. He also discusses the following:

• Why TMG only utilizes Microsoft signatures with the GAPA / NIS capabilities
• How TMG protects non-Microsoft & unmanaged clients
• URL filtering capabilities 
• How TMG can help you save costs
• How to migrate from 32-bit ISA 2006 servers to the (only 64-bit) TMG server
• The differences between UAG and TMG

Veröffentlichungsdatum: 17. November 2009

Weitere Informationen:

• TechNet Edge Video: TMG Overview
• Download TMG Testversion
• Mehr zu TMG auf microsoft.com

Viele Grüße
Dieter

—
Dieter Rauscher
MVP Forefront

Endlich. TMG ist fertig!

Bislang konnte ich es nur auf einer offiziellen Microsoft-Downloadseite als Evaluierungsversion finden, noch nicht in der MSDN/TechNet oder im VL-Portal.

Viele Grüße
Dieter

—
Dieter Rauscher
MVP Forefront

ISA Server 2006 hat die für viele wichtige Zertifizierung “Common Criteria EAL 4+” vom deutschen BSI erhalten.

Weitere Informationen:

• Produkt Team Blog
• BSI Firewallzertifizierungen
• Zertifikat (pdf)
• ISA Zertifizierung

Viele Grüße
Dieter

—
Dieter Rauscher
MVP Forefront

Wer kennt sie nicht, die ISA-Appliances von Pyramid? Am 06. Dezember 2005 sowie am 06. Dezember 2007 hatten wir im Rahmen der Forefront User Group auch Gastthemen dazu.

Pyramid Computer hat mit Wirkung zum 1.1.2009 den ISA / IAG Geschäftsbereich an die Firma SecureGUARD in Österreich verkauft. SecureGUARD ist kein Unbekannter in der ISA-Gemeinde. Schließlich bietet die österreichische Firma um Helmut Otto schon lange verschiedene ISA-Appliances an.

Dear Pyramid Forefront Server customers,

this last issue of the Pyramid ISA/IAG newsletter is to inform, that Pyramid has sold its Microsoft Forefront related business (ValueServer ISA / IAG) to SecureGUARD GmbH in Linz, Austria with effective date of 1st January 2009. The company (www.secureguard.at) is highly specialized in the networking and security field and is an ideal partner for Pyramid.

For Pyramid this is an important step to continue the successful positioning within the industrial and OEM market. All Pyramid server and appliance models, i.e. the successful ValueServer VPN series, will be continued at same pricing as long as needed.

Pyramid will stay the OEM manufacturer behind all ISA / IAG Appliances. All product warranties will remain unaffected by this transaction.

Quelle: Pyramid Newsletter vom 03.02.2009

Bei SecureGUARD ist das Geschäft sicher in guten Händen und die Zusammenarbeit bestimmt ein guter Weg in die Zukunft.

Viele Grüße
Dieter

—
Dieter Rauscher
MVP Forefront

In den meisten Netzwerken, in denen ein ISA Server als Proxy Server dient, wird auch WPAD verwendet. Eine an sich einfache und gut funktionierende Methode. Ne Kleinigkeit im ISA einrichten und einen WPAD-Eintrag in der internen DNS-Zone setzen. Fertig. Bei Windows 2000 Server und Windows Server 2003 ist das wirklich einfach und schnell.

Wer jedoch einen Windows Server 2008 DNS-Server betreibt und nicht die dazugehörende Doku gelesen hat, wird feststellen, dass WPAD nicht mehr funktioniert, sobald der betreffende Client eben den 2008er DNS abfragt. Wenn man dann versucht, von diesem Client aus den WPAD zu pingen, bekommt man:

C:\Users\Administrator>ping wpad
Ping request could not find host wpad. Please check the name and try again.

Auch ein ping wpad.domain.tld schlägt fehl. OK, als nächstes wird man ein nslookup versuchen. Auch damit bekommt man mitgeteilt, dass wpad nicht existiert. Alles andere lässt sich pingen beziehungsweise auflösen. Ein Blick in den DNS-Server ergibt allerdings, dass da sehr wohl ein A-Record existiert.

Der Grund für die Nichtauflösbarkeit liegt am Windows Server 2008 DNS-Dienst und der Windows Server 2008 DNS block list:

Protocols such as WPAD use the DNS dynamic update feature, which enables DNS client computers to register and dynamically update resource records when clients change a network address or host name. The dynamic update feature makes clients vulnerable to hijacking. For example, a malicious user could register a computer as a WPAD server and direct all WPAD queries to it. No system administrator intervention is required.

The DNS Server role in Windows Server 2008 introduces a global query block list to reduce this vulnerability risk.

OK, also ein Sicherheitsfeature ;-)

Da in dem beschriebenen Fall aber WPAD benötigt wird, muss eine kleine Konfigurationsänderung am DNS Server vorgenommen werden. Man sollte das aber wirklich auch nur dann tun, wenn es nicht anders geht.

Folgende Kommandozeilenbefehle stehen auf dem entsprechenden Windows Server 2008 zur Verfügung:

dnscmd /info /enableglobalqueryblocklist

Damit kann der Status der block list überprüft werden. Ist das Ergebnis 1, ist die Liste aktiv.

dnscmd /info /globalqueryblocklist

Dieser Befehl zeigt die aktuellen Einträge der block list an. Standardmäßig sollte das Ergebnis wie folgt aussehen:

Query result:
String:  wpad
String:  isatap

Command completed successfully.

dnscmd /config /enableglobalqueryblocklist 0

Damit wird die block list deaktiviert.

Nach einer Änderung muss der DNS-Serverdienst neu gestartet werden.

Anschließend kann WPAD wieder wie gewohnt aufgelöst und vom Browser verwendet werden.

Diese Änderung muss an jedem DNS-Server vorgenommen werden, der WPAD-Informationen bereit hält. Sind in einem AD mehrere AD-DNS-Server vorhanden, müssen sie alle entsprechend behandelt werden. 

Weitere Informationen hierzu:

• Forefront TMG – About implementing WPAD
• Forefront TMG – Removing WPAD from DNS block list
• Domain Name System

Viele Grüße
Dieter

—
Dieter Rauscher
MVP Forefront

Microsoft TechNet bietet in den kommenden Wochen folgende interessante Webcasts in Englisch an:

TechNet Webcast: A Technical Introduction to Forefront Security for Communications Server (Level 300)

In this webcast, we introduce attendees to the newest Microsoft Forefront security solution: Microsoft Forefront Security for Office Communications Server. Soon to be available in beta, Forefront Security for Office Communications Server protects instant message (IM) users from malware, while also giving Communications Server administrators the ability to block inappropriate language or dangerous file types during IM conversations and file transfers. Join us to learn how to use multiple-engine virus scanning, set keyword and file filtering policies, and optimize protection performance and how to get your hands on the beta release.

Presenter: Kelli Cook, Product Manager, Microsoft Corporation

6/19/2008 11:30 AM Pacific Time (US & Canada)- 6/19/2008 1:00 PM | Duration:90 Minutes

Primary Language:   English

Primary Target Audience:   IT Professionals

Add to Calendar

TechNet Webcast: Forefront Security for Exchange Deployment Best Practices (Level 300)

Microsoft Forefront Security for Exchange Server uses multiple engines from industry-leading security labs, IP reputation services, and antispam signature technologies to keep your Microsoft Exchange Server infrastructure safe from viruses, worms, and spam. In this session, we provide guidance on key considerations when deploying Forefront Security for Exchange Server on Microsoft Exchange Server 2007 to maximize protection through layered defenses. Learn deployment best practices including scheduling engine updates and selecting scanning settings in general options.

Presenter: Mike Chan, Senior Product Manager, Microsoft Corporation

6/11/2008 1:00 PM Pacific Time (US & Canada)- 6/11/2008 2:30 PM | Duration:90 Minutes

Primary Language:   English

Primary Target Audience:   IT Professionals

Add to Calendar

TechNet Webcast: Cool and Under-Utilized ISA 2006 Scenarios (Level 300)

Microsoft Internet Security and Acceleration (ISA) Server is a great solution for not only branch office, forward proxy, and reverse proxy but many other scenarios in customer environments that can solve edge security issues. In this session, we go through some of the lesser known scenarios that are easy to configure and deploy. In this session, learn how to get the most of ISA Server and take advantage of its rich features and functionality.

Presenter: Sandeep Modhvadia, BDM – Security and Management, Microsoft Corporation

6/5/2008 11:30 AM Pacific Time (US & Canada)- 6/5/2008 1:00 PM | Duration:90 Minutes

Primary Language:   English

Primary Target Audience:   IT Professionals

Add to Calendar

TechNet Webcast: Managing Exchange Server and SharePoint Protection with Forefront Server Security Management Console (Level 300)

In this session, we provide an in-depth technical review of the features within Microsoft Forefront Server Security Management Console that help administrators more easily manage their Microsoft Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Antigen protections for messaging and collaboration environments. We provide attendees with best practices for improving efficiencies around updating multiple malware signature engines, distributing configuration changes, and setting alerts. Also, learn best practices for deploying Forefront Server Security Management Console in a clustered environment.

Presenter: Kelli Cook, Product Manager, Microsoft Corporation

5/21/2008 1:00 PM Pacific Time (US & Canada)- 5/21/2008 2:30 PM | Duration:90 Minutes

Primary Language:   English

Primary Target Audience:   IT Professionals

Add to Calendar

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032377108&culture=en-US

TechNet Webcast: Forefront Code Name “Stirling” Technical Overview (Level 300)

Microsoft Forefront code name “Stirling” is an integrated security system that delivers comprehensive, coordinated protection across endpoints, messaging and collaboration applications, and the network edge. Forefront “Stirling” is also easier to manage and control. By delivering simplified management and providing critical visibility into threats, vulnerabilities, and configuration risks, Forefront “Stirling” can help you reduce costs and achieve greater insight into your enterprise security state. Once released, Forefront “Stirling” will include: A single management console and dashboard for security configuration and enterprise-wide visibility.The next-generation versions of Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Internet Security and Acceleration Server (which will be renamed the Forefront Threat Management Gateway). Dynamic response to threats. Attend this webcast to get a technical overview of this new security system from Microsoft.

Presenters: Nic Sagez, Product Manager, Microsoft Corporation, and Brad Wright, Principal Product Unit Manager, Microsoft Corporation

5/20/2008 1:00 PM Pacific Time (US & Canada)- 5/20/2008 2:30 PM | Duration:90 Minutes

Primary Language:   English

Primary Target Audience:   IT Professionals

Add to Calendar

TechNet Webcast: Forefront Security for SharePoint Content Filtering Drill-Down (Level 300)

Microsoft Forefront Security for SharePoint protects SharePoint libraries against infected documents, but it also enables IT administrators to block the upload and download of out-of-policy file types and documents containing inappropriate keywords. Join this session for an in-depth view of the content filtering features within Forefront Security for SharePoint, including key filtering components and services, scanning options, and diagnostic tools.

Presenter: Noelle Mendez-Villamil, Senior Product Manager, Microsoft Corporation

5/19/2008 9:30 AM Pacific Time (US & Canada)- 5/19/2008 11:00 AM | Duration:90 Minutes

Primary Language:   English

Primary Target Audience:   IT Professionals

Add to Calendar

TechNet Webcast: Securing SharePoint End-to-End with Microsoft Forefront (Level 300)

Not always viewed as a security target, Microsoft Office SharePoint Server 2007 libraries are key repositories of corporate information.  Protecting this information and the users that access it – whether internally or externally – is a key security concern for companies today. In this session, we provide a technical overview of how Microsoft Forefront Security for SharePoint, Internet Security Acceleration (ISA) Server, and Intelligent Application Gateway (IAG) combine to provide end-to-end protection for SharePoint deployments. Learn how to block infected documents, scan for out-of-policy files, prevent attacks from Internet-based threats, publish SharePoint safely, and to use secure socket layer (SSL) VPN connections for improved performance and security.

Presenters: Noelle Mendez-Villamil, Senior Product Manager, Microsoft Corporation, and Uri Lichtenfeld, Product Manager, Microsoft Corporation

5/14/2008 1:00 PM Pacific Time (US & Canada)- 5/14/2008 2:30 PM | Duration:90 Minutes

Primary Language:   English

Primary Target Audience:   IT Professionals

Add to Calendar

Viele Grüße
Dieter

—
Dieter Rauscher
MVP Forefront

Seit heute sind nun einige Informationen rund um die neu Forefront-Generation (Codename “Stirling”) verfügbar. Unter dem Arbeitstitel Forefront Threat Management Gateway (TMG) wird an der nächsten Version von ISA Server gearbeitet.

We have been very busy for the past year and we also have been fairly quiet on the messaging front of our plans. Well, the time is over, and I am excited to say that we can announce what we have been up to! Today we (publicly) announced our next-generation network security product, the Forefront Threat Management Gateway (TMG), a comprehensive network protection solution. Forefront TMG is the future version of the Microsoft Internet Security & Acceleration Server (ISA Server) and will extend the capabilities of ISA Server with new features and security technologies. I know many of you have loved and embraced the ISA Server name and brand for a long time – but it is time for new naming, new logos, blogs, books and of course new technology directions.

Forefront TMG will be available as both a standalone solution but also part of new integrated suites to be released in the future such as the Microsoft Windows Essential Business Server, the recently announced server solution designed for mid-sized companies due out later this year as well as the Forefront “Stirling” suite announced today, a unified protection solution that combines Forefront client, server, and edge security solutions with a single management and policy layer. A “first look” preview of Stirling Beta 1 was shown at RSA this week. It is also available for download.

Why am I so excited about this announcement? To begin, it is the first version of ISA Server that will fully support the Windows Vista and Server 2008 platforms. It also will natively support the 64-bit Windows Server platform which provides significant scalability and security capabilities to the Threat Management Gateway. The three other main areas of enhancement we are announcing today are the following:

1. Multiple Threat Protection: We will enable numerous new protection technologies and capabilities, including integration of the Microsoft Anti-Virus Engine for protection against Internet-based malware and other threats. As part of Stirling, Forefront TMG will also include the “Dynamic Response” functionality to enable shared intelligence and response. This is a major step forward in how our customers rely upon the Microsoft gateway for protection and access to the Internet.
2. Simplified Management: Forefront TMG will include new set-up wizards, improved management interface and enhanced reporting. As part of the Stirling suite, Forefront TMG will be part of the Stirling central visibility dashboard and policy control.
3. Secure Connectivity: Forefront TMG will build on current ISA Server capability around secure Internet access and other connectivity features.

More details about the features in Forefront TMG will be available with the public beta scheduled for the second half of 2008. I wish I could share more details and plans now, but that will come with time. I promise to personally keep you updated as our plans and product evolve to keep you updated here. We really look forward to your feedback on our plans and our first beta. I am sure you will be as excited as we are in finally announcing this next generation of our network security product line. Stay tuned to this channel!

Da ich gerade in San Diego auf der Interact 2008 bin, fehlt mir die Zeit, mir die öffentliche Beta anzusehen. Ich werde das bald nachholen und berichten.

Weitere Infos:

• Introducing a New Era for ISA Server
• Micrsoft Forefront Codename “Stirling” Home

Viele Grüße
Dieter

—
Dieter Rauscher
MVP Forefront