Enabling and configuring the Network Inspection System

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

This topic describes how to enable and configure the Network Inspection System (NIS), which is the signature-based part of the Forefront TMG Intrusion Prevention System. NIS uses signatures of known vulnerabilities from the Microsoft Malware Protection Center (http://go.microsoft.com/fwlink/?LinkId=160624) to help detect and block malicious traffic. NIS, which is enabled by default, can be configured from the Getting Started Wizard.

The following procedures describe:

  • Enabling NIS

  • Configuring the response to protocol anomalies

Note

Before Forefront TMG can begin blocking known-vulnerability attacks, you must download the latest NIS signature set. For instructions, see Managing NIS signature downloads.

Enabling NIS

To enable NIS

  1. In the Forefront TMG Management console, in the tree, click the server name node.

  2. On the Tasks tab, click Launch Getting Started Wizard, and then click Define deployment options.

  3. Make a selection on the Microsoft Update Setup page, and click Next.

  4. On the Forefront TMG Protection Features Settings page, verify that the license for NIS is set to Activate complementary license and enable Network Inspection System.

  5. On the NIS Signature Update Configuration page, note the following:

    1. If you want to automatically install new signature sets, ensure that Check for and install updates (recommended) is selected.

    2. The Automatic polling frequency setting applies to NIS only. The polling frequency settings for other updatable protections are located in the Update Center.

    3. The Select the response policy for new signatures setting applies to newly downloaded and installed signatures only. The setting is applied to each set of signatures that is downloaded. Any signature that is not set to the Microsoft default response is flagged as requiring attention on the Network Inspection System tab, which is located on the Intrusion Prevention System details pane.

Configuring the response to protocol anomalies

To configure the NIS response to protocol anomalies

  1. In the Forefront TMG Management console, in the tree, click the Intrusion Prevention System node.

  2. On the Tasks tab, click Define Network Inspection System Exceptions.

  3. On the Protocol Anomalies Policy tab, configure the NIS’s response to protocol anomalies.

  4. When finished, on the Apply Changes bar, click Apply.

Concepts

Configuring protection from known vulnerabilities
Planning to protect against known vulnerabilities