La présentation est en train de télécharger. S'il vous plaît, attendez

La présentation est en train de télécharger. S'il vous plaît, attendez

ForeFront pour la protection des portails d’entreprise

Présentations similaires


Présentation au sujet: "ForeFront pour la protection des portails d’entreprise"— Transcription de la présentation:

1 ForeFront pour la protection des portails d’entreprise
Frédéric ESNOUF – Microsoft France Benoit HAMET – Microsoft France

2 Agenda Qu’est-ce que la sécurisation des données
Mise en œuvre de la protection des données dans un environnement SharePoint Publication d’un portail à l’aide de ForeFront Unified Access Gateway 2010 Sécurité applicative Sharepoint

3 Qu´est-ce que la sécurisation des données
La sécurité, un problème complexe Accès physique Accès aux données Multiplicité des moyens d´accès Nécessite des moyens matériels et humains Logiciels dédiés (AV, firewall…) Mises à jour logicielles Formations, sensibilisations Procédures…

4 Sécurité dans le contexte Sharepoint
Sharepoint=collaboration Collaboration=données (documents,…) Documents avec différentes $$/€€ Exemple : document fusion/acquisiton, recherche, etc Méthodologie Identifier les données et les valeurs : risque Analyse de ce risque : contremesures Implémenter les solutions/process pour y faire face

5 Sécurisation et portfolio Microsoft
Data Center / Corporate Network SharePoint Exchange CRM, IIS based IBM, SAP, Oracle Mobile Home / Friend / Kiosk HTTPS / HTTP Layer3 VPN Terminal / Remote Desktop Services Internet HTTPS (443) DirectAccess Non web UAG provides services to four types of audiences (from bottom up): Employees that are roamed with their laptops and need access. There are few reasons why they need UAG and not traditional VPN: Behind firewall most IPSec VPNs doesn’t work because they are UDP. Having the portal as one entry point for all corporate resources. No need to install and configure VPN client. Strong authentication (see next slides) Business partners / sub-contractors: today companies either provide them full VPN access which is almost irresponsible thing to do or just collaborate with them over . See the study in the end-point health slides for example about the risk of open the network for partners. Hostile environments like home PC, friends PC, Kiosk. “In any home where there is a teenager, the home PC is hostile environment….” Mobile devices – they are always outside the network. UAG Supports three types of applications delivery: Web / HTTP based where it acts as a reverse proxy. Among the tens of applications that are supported are: Exchange: Outlook Web Access, Outlook Anywhere (RPCoHTTP) and Exchange ActiveSync. SharePoint (all versions including 2007) Microsoft Dynamics CRM (3.0 and 4.0) Non-Microsoft applications such as IBM Lotus, IBM Domino, SAP portals, Oracle PeopleSoft, etc For full list of applications that are supported today with IAG 2007 look here: Terminal Services applications that are served via Terminal Services Gateway that is embedded within UAG. UAG supports RemoteApp and RemoteDesktop Non-Web/HTTP applications by providing ad-hoc tunneling. Business Partners / Sub-Contractors AD, ADFS, RADIUS, LDAP…. NPS, ILM Employees Managed Machines

6 Mise en œuvre de l´accès aux données dans un environnement SharePoint
Aucun système ne peut être totalement sécurisé mais…on peut limiter les failles La difficulté de la sécurité est de donner l´accès aux données en limitant les risques On ne sécurise pas SharePoint mais les données qui y sont stocké Authentification de l´utilisateur IIS MOSS Attribution des droits Administrateur Collaborateur Lecteur « Anonyme »

7 Authentification utilisateur
Valider le compte utilisateur Gérer la sécurité par des utilisateurs/groupes Pas de listes de distribution Authentification Internet Information Services Anonyme, Basic, Windows intégré, Kerberos, Certificats Authentification par formulaire Authentification intégrée (Kerberos/NTLM) Authentification via ADFS

8 Right Management Services
Protection numérique des documents Intégration avec SharePoint Protection automatique des documents postés Conservation des droits

9 ForeFront Protection for SharePoint
Protection contre les codes malicieux Plusieurs moteurs antiviraux Kapersky Labs Microsoft Sophos… Filtrage du type de document

10 Accès distants, UAG &MOSS
Passerelle officielle pour MOSS (quid TMG?) Supporte 100% des scénarios SSO : Web, NTLM/KERB, ADFS, KCD Intégration office Politiques de sécurité : application et fonctions Traçabilité : réseau, et niveau « utilisateur » Sécurité poste de travail (attachment wiper, …) Scénarios externes (mobilité) et internes (SSO) Supporte nombreux systèmes authentification forte

11 Configuration AAM Assistant de publication dans UAG; aussi simple que la publication ISA/TMG MAIS… configuration des AAM nécessaires

12 Publication de SharePoint avec UAG
Demo Publication de SharePoint avec UAG

13 Authentification

14 Portail

15 Assistant de publication pour MOSS Publication à travers UAG
Configuration de la publication dans le portail UAG Définition des autorisations d‘accès à l’application dans le portail UAG Paramétrage des URL’s d‘accès (interne/publique) Sélection de la version de SharePoint à publier Publication d’un serveur ou d’une ferme de serveur Définition du fournisseur d‘authentification Définition des politiques d’accès Nommer l’application

16 Assistant de publication pour MOSS Paramétrage des AAM
Associer l’URL à la zone correspondant à l’URL public Ajouter une URL interne Sélection de la version de SharePoint à publier

17 Microsoft Unified Access Gateway
Office Connections Microsoft Unified Access Gateway Fournit aux employés, partenaires et clients, un accès par politiques de sécurité, aux données et applications depuis poste managé ou non managé Field Consultant Kiosk Limited Webmail: no attachments Partner Desktop Restricted SharePoint Limited Intranet Logistics Partner What is UAG. Several mobility scenario The BLUE one is the most common one “employee + managed PC = full access”. That is the dream What about partners ? Customers ? Employees working from home ?... You need to go from NETWORK to APPLICATION LAYER Project Manager Employee Corporate Laptop Full Intranet Payroll & HR Supply Chain File Access Unmanaged Home PC Production Report Payroll & HR Project Manager Employee 17 Updates will be available at _06/Office_Connections

18 UAG & défense en profondeur
b 4/6/2017 2:39 PM Application Security Application Access set by policy based on earlier stages Layer 7 application traffic monitoring for malicious activity Out of the box network attack prevention Proxy requests protect Servers from direct remote connections. Application Optimizers for multiple Microsoft and non-Microsoft applications UAG & défense en profondeur Information Security Prevents information leakage by clearing cache Attachment wiper automatically: clears browser removes cookies, history, auto-complete Triggers session timeout - varies based on location Out of the box network attack prevention Proxy requests protect Servers from direct remote connections. Who can see this data? What are attempting? What can you Access? Authorisation Group authorization can be tied to each individual application Transparent Web authentication for SharePoint / OWA Single Sign On - No need for directory replication or repetition Role based Authorisation Who are You? Where are you coming from? Authentication Support of multiple authentication options: Active Directory LDAP TACACS RADIUS RSA Smart Card Certificates Customized - using IAG Hooks Endpoint Check Does policy allow non-managed Assets? Is this known Asset? Check and Access from multiple endpoint (OS) without VPN Out of box query parameters for Asset status: Anti-Malware / FW etc Level of access granted based on end point status, eg SharePoint upload? Customizable Endpoint Check Protected Hosts UAG and defense in depth Information Security Remote User Authorization Application Security Authentication End Point Check © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

19 Vérification de la conformité
Demo Vérification de la conformité

20 Authentication and SingleSignOn
TechReady7 Breakout Chalktalk Template 4/6/2017 Authentication and SingleSignOn Strong Authentication Single Sign On STRONG AUTHENTICATION is a must, but very expensive (a token is around 100 Euros). Lot of companies working in this space invested in UAG.. Some of them have very strong/smart approach, and propose very affortable costs. 2 examples : GridSure (use your brain + grid) and Tag Attitude (use phone) © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Ressources additionnelles
ForeFront Security For SharePoint Virtual Lab: Publication de SharePoint avec UAG: Démonstation / labs en ligne: Démonstration ForeFront Protection for SharePoint: Right Management Service avec SharePoint: Démonstration authentification forte avec UAG:

22 Merci de votre attention
4/6/2017 2:39 PM Merci de votre attention Votre potentiel, notre passion TM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Télécharger ppt "ForeFront pour la protection des portails d’entreprise"

Présentations similaires


Annonces Google