Test TMG Intrusion Detection System (Network Inspection System) Signatures

One of the very cool new features included with the TMG Beta 2 firewall is the Network Inspection System (NIS), which is an Intrusion Detection and Prevention System (IDS/IPS).image

While previous versions of the firewall had a very rudimentary IDS/IPS system, the NIS is a full fledged, enterprise grade, IDS/IPS. NIS uses GAPA, the Generic Application Protocol Analyzer to look at the data stream and match components of the traffic with signatures the TMG firewall downloads from the MS site.

Unlike the old IPS/IDS feature, this one looks at more than just network layer exploits (the hint was that it uses the “application” protocol analyzer). This give NIS the ability to look at traffic to see if there are matches for traffic patterns above layer 3.

But in order to get more of an appreciation of how NIS works, and indeed see some evidence that it does work, you need to see it actually do something. That’s where the article Exercising NIS with test signature on the ISA/TMG Firewall Team Blog at https://blogs.technet.com/isablog/archive/2009/04/12/exercising-nis-with-test-signature.aspx comes in handy. Evgeney Ryzhyk does nice job show you the TMG firewalls IPS chops in that piece.



Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com

PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top