This topic is designed to help you plan how to use Forefront TMG to protect your network against operating system and application vulnerabilities.

Forefront TMG protects your network against exploits of known vulnerabilities in operating systems and applications with the Network Inspection System (NIS), the signature-based part of the Forefront TMG Intrusion Prevention System.

NIS is a traffic inspection system based on protocol decoding that uses signatures of known vulnerabilities to detect and potentially block attacks on network resources by providing:

NIS inspects internal users’ Web traffic and, based on protocol analysis by the Microsoft Generic Application-level Protocol Analyzer (GAPA), detects and blocks malicious traffic. NIS can be updated with MMPC signatures as soon as they are created, to protect against new classes of attacks and vulnerabilities, including zero-day attacks, to minimize the vulnerability window between vulnerability disclosures and patch deployment, from weeks to a few hours. For information on GAPA, see Generic Application-Level Protocol Analyzer and its Language (

When you plan to deploy NIS in your organization, consider the following:

Related Topics