One of the very cool new features included with the TMG Beta 2 firewall is the Network Inspection System (NIS), which is an Intrusion Detection and Prevention System (IDS/IPS).
While previous versions of the firewall had a very rudimentary IDS/IPS system, the NIS is a full fledged, enterprise grade, IDS/IPS. NIS uses GAPA, the Generic Application Protocol Analyzer to look at the data stream and match components of the traffic with signatures the TMG firewall downloads from the MS site.
Unlike the old IPS/IDS feature, this one looks at more than just network layer exploits (the hint was that it uses the “application” protocol analyzer). This give NIS the ability to look at traffic to see if there are matches for traffic patterns above layer 3.
But in order to get more of an appreciation of how NIS works, and indeed see some evidence that it does work, you need to see it actually do something. That’s where the article Exercising NIS with test signature on the ISA/TMG Firewall Team Blog at https://blogs.technet.com/isablog/archive/2009/04/12/exercising-nis-with-test-signature.aspx comes in handy. Evgeney Ryzhyk does nice job show you the TMG firewalls IPS chops in that piece.
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)