Network Inspection System (NIS) in Forefront TMG Release Candidate

  • Article

TMG Community,

We are pleased to announce that the release candidate (RC) update for Forefront Threat Management Gateway (TMG) will include several important developments for the Network Inspection System (NIS), the signature-based part of the Forefront TMG Intrusion Prevention System:

  • TheNIS Enginecan now be updated dynamically, in conjunction with NIS Signature set update, which allows us to introduce, over time, support for a wider range of protocols and protection scenarios.
  • We have completed development of traffic parsers for the most common protocols: HTTP, DNS, SMB, SMB2, NetBIOS, MSRPC, SMTP, POP3, IMAP and MIME, thus supporting comprehensive Web, mail and file sharing protection scenarios. These protocol decoders lay the foundation for signature development and rapid response by the Microsoft Malware Protection Center to newly discovered threats.

Please make sure to upgrade your Forefront TMG beta deployments to the Forefront TMG RC release. In this release, NIS signature updates, including the dynamic engine update, will be available through Microsoft Update. We will no longer support NIS signature updates to earlier beta versions once the RC is released.

If you have configured NIS with the default configuration for automatic signature set updates, NIS should have the latest signature set version (4.0 or higher, see a screenshot below).

clip_image002

If you need to update the signature set manually, please refer to Configuring Network Inspection System (NIS) for instructions.

Thank you for your feedback

A significant factor in the protocol quality assessment and enhancement is the community effort of the Microsoft Telemetry Service. Telemetry reports are monitored on a regular basis, and reported anomalies and suspected quality issues are analyzed in order to drive quality enhancements in future signature updates. We would like to take this opportunity to thank everyone who joined the telemetry reporting community, and encourage others to join and have a direct impact on the quality of protocol parsing and signature detection.

Authors:

Evgeny Skarbovsky, Senior Development Lead, Forefront TMG

Moshe Golan, Senior Program Manager, Forefront TMG

Reviewers:

David B. Cross, Product Unit Manager, Forefront TMG

Avi Ben-Menahem, Principal Group Manager – Forefront, GAPA

Alon Yardeni, Program Manager, Forefront TMG

Asaf Rosenfeld, Software Development Engineer, Forefront TMG

David Strasberg, Technical Writer