Forefront
Páginas: 48 (11751 palabras)
Publicado: 25 de agosto de 2011
Guide for Configuring, Monitoring and Troubleshooting the Network Inspection System (NIS) in Forefront Threat Management Gateway (TMG) 2010
Authors and Contributors
Authors
Avi Ben-Menahem, Microsoft
Tanmay Ganacharya, Microsoft
Moshe Golan, Microsoft
Ziv Mador, Microsoft
Evgeney Ryzhyk, Microsoft
Contributors
Tom Bolt, Microsoft (Liane Morley Marketing LLC)
Jim Harrison, MicrosoftAdwait Joshi, Microsoft
Scott Lambert, Microsoft
Vladimir Lifliand, Microsoft
Duane Okamoto, Microsoft
Eli Pozniansky, Microsoft
Evgeny Skarbovsky, Microsoft
Jeff Williams, Microsoft
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing marketconditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is theresponsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patentapplications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Unless otherwise noted, the example companies, organizations, products,domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place or event is intended or should be inferred.
2009 Microsoft. All rights reserved.
Microsoft, the Microsoft logo, Forefront, the Internet Explorer logo, the Security Shield logo, andWindows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Contents
Authors and Contributors 1
Overview 6
Microsoft Threat Management Gateway 2010 Overview 6
Microsoft NIS Overview 7
NIS Signature Types 9Exploring NIS Components 10
General Architecture 10
GAPA Language (GAPAL) and Compiler 10
Run Time Architecture 12
GAPA Inspection Engine 13
Supported Protocols 14
Signature and Engine Updates 15
Telemetry Service 15
NIS Encyclopedia 16
Deploying NIS 19
Planning NIS Deployment 19
Deciding What Network Traffic to Inspect 19
Performing Capacity Planning 21
ConfiguringNIS 21
Enabling NIS 21
Configuring Signature Updates 26
Verifying that NIS is Receiving Updates 27
Selecting an Older Signature Set 28
Granular Configuration 29
Using NIS Tasks 30
Configuring Exceptions 31
Configuring Protocol Anomalies Policy 32
Configuring Global Response Policy Setting 33
Configuring Signatures Overrides 34
Configuring Telemetry 36
Testing NIS Deployment37
Testing with the HTTP test signature 37
Testing with the SMB test signature 42
Monitoring NIS 42
Monitoring NIS Signatures 43
Manual Flagging for Attention 43
Automatic Flagging for Attention 44
Using Automatic Flagging for Staging 44
Automatic Flagging of Signatures with Overridden Policy 45
Monitoring NIS Performance 45
Troubleshooting NIS 46
Signature Set Updates...
Authors and Contributors
Authors
Avi Ben-Menahem, Microsoft
Tanmay Ganacharya, Microsoft
Moshe Golan, Microsoft
Ziv Mador, Microsoft
Evgeney Ryzhyk, Microsoft
Contributors
Tom Bolt, Microsoft (Liane Morley Marketing LLC)
Jim Harrison, MicrosoftAdwait Joshi, Microsoft
Scott Lambert, Microsoft
Vladimir Lifliand, Microsoft
Duane Okamoto, Microsoft
Eli Pozniansky, Microsoft
Evgeny Skarbovsky, Microsoft
Jeff Williams, Microsoft
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing marketconditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is theresponsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patentapplications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Unless otherwise noted, the example companies, organizations, products,domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place or event is intended or should be inferred.
2009 Microsoft. All rights reserved.
Microsoft, the Microsoft logo, Forefront, the Internet Explorer logo, the Security Shield logo, andWindows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Contents
Authors and Contributors 1
Overview 6
Microsoft Threat Management Gateway 2010 Overview 6
Microsoft NIS Overview 7
NIS Signature Types 9Exploring NIS Components 10
General Architecture 10
GAPA Language (GAPAL) and Compiler 10
Run Time Architecture 12
GAPA Inspection Engine 13
Supported Protocols 14
Signature and Engine Updates 15
Telemetry Service 15
NIS Encyclopedia 16
Deploying NIS 19
Planning NIS Deployment 19
Deciding What Network Traffic to Inspect 19
Performing Capacity Planning 21
ConfiguringNIS 21
Enabling NIS 21
Configuring Signature Updates 26
Verifying that NIS is Receiving Updates 27
Selecting an Older Signature Set 28
Granular Configuration 29
Using NIS Tasks 30
Configuring Exceptions 31
Configuring Protocol Anomalies Policy 32
Configuring Global Response Policy Setting 33
Configuring Signatures Overrides 34
Configuring Telemetry 36
Testing NIS Deployment37
Testing with the HTTP test signature 37
Testing with the SMB test signature 42
Monitoring NIS 42
Monitoring NIS Signatures 43
Manual Flagging for Attention 43
Automatic Flagging for Attention 44
Using Automatic Flagging for Staging 44
Automatic Flagging of Signatures with Overridden Policy 45
Monitoring NIS Performance 45
Troubleshooting NIS 46
Signature Set Updates...
Leer documento completo
Regístrate para leer el documento completo.