This topic describes how to enable and configure the Network Inspection System (NIS), which is the signature-based part of the Forefront TMG Intrusion Prevention System. NIS uses signatures of known vulnerabilities from the Microsoft Malware Protection Center (http://go.microsoft.com/fwlink/?LinkId=160624) to help detect and block malicious traffic. NIS, which is enabled by default, can be configured from the Getting Started Wizard.
The following procedures describe:
|Before Forefront TMG can begin blocking known-vulnerability attacks, you must download the latest NIS signature set. For instructions, see Managing NIS signature downloads.|
To enable NIS
In the Forefront TMG Management console, in the tree, click the server name node.
On the Tasks tab, click Launch Getting Started Wizard.
Make a selection on the Microsoft Update Setup page, and click Next.
On the Forefront TMG Protection Features Settings page, verify that the license for NIS is set to Activate complementary license and enable Network Inspection System.
On the NIS Signature Update Configuration page, note the following:
- If you want to automatically install new signature sets, ensure
that Check for and install updates (recommended) is
- The Automatic polling frequency setting applies to NIS
only. The polling frequency settings for other updatable
protections are located in the Update Center.
- The Effective response policy for new signatures setting
applies to newly downloaded and installed signatures only. The
setting is applied to each set of signatures that is downloaded.
Any signature that is not set to the Microsoft default response is
flagged as requiring attention on the Network Inspection
System tab, which is located on the Intrusion Prevention
System details pane.
- If you want to automatically install new signature sets, ensure that Check for and install updates (recommended) is selected.
Configuring the response to protocol anomalies
To configure the NIS response to protocol anomalies
In the Forefront TMG Management console, in the tree, click the Intrusion Prevention System node.
On the Tasks tab, click Define Network Inspection System Exceptions.
On the Protocol Anomalies Policy tab, configure the NIS’s response to protocol anomalies.
When finished, on the Apply Changes bar, click Apply.
Copyright © 2009 by Microsoft Corporation. All rights reserved.