Test TMG Intrusion Detection System (Network Inspection System) Signatures

by [Published on 13 April 2009 / Last Updated on 13 April 2009]

One of the very cool new features included with the TMG Beta 2 firewall is the Network Inspection System (NIS), which is an Intrusion Detection and Prevention System (IDS/IPS).image

While previous versions of the firewall had a very rudimentary IDS/IPS system, the NIS is a full fledged, enterprise grade, IDS/IPS. NIS uses GAPA, the Generic Application Protocol Analyzer to look at the data stream and match components of the traffic with signatures the TMG firewall downloads from the MS site.

Unlike the old IPS/IDS feature, this one looks at more than just network layer exploits (the hint was that it uses the “application” protocol analyzer). This give NIS the ability to look at traffic to see if there are matches for traffic patterns above layer 3.

But in order to get more of an appreciation of how NIS works, and indeed see some evidence that it does work, you need to see it actually do something. That’s where the article Exercising NIS with test signature on the ISA/TMG Firewall Team Blog at https://blogs.technet.com/isablog/archive/2009/04/12/exercising-nis-with-test-signature.aspx comes in handy. Evgeney Ryzhyk does nice job show you the TMG firewalls IPS chops in that piece.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com

PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Add Review or Comment

Featured Links