The result is a somewhat limited range of protection, yet the solution is very accurate and produces few false positives.
The signature set is relatively small, but laser-focused. NIS is designed to prevent known vulnerabilities in Microsoft operating systems and applications from being exploited remotely. Signatures are made available to NIS concurrently with security updates released during the normal Microsoft update release cycle (second Tuesday of each month) or they can be released out-of-band in response to a zero-day threat if necessary. NIS is signature based, and those signatures are developed by the Microsoft Malware Protection Center (MMPC). NIS analyzes network traffic and performs low-level protocol inspection to detect and prevent attacks on vulnerabilities in Microsoft operating systems and applications.
The Network Inspection System (NIS) is an all-new intrusion detection and prevention system that was first introduced with Forefront Threat Management Gateway (TMG) 2010. In part two we’ll examine closely the Network Inspection System (NIS), which provides both traditional exploit-based and enhanced vulnerability-based intrusion detection and prevention. In part one of this two-part series we looked at the basic behavioral-based intrusion detection and prevention functionality. In addition to integrated URL filtering, virus and malicious software scanning, and HTTPS inspection, the TMG firewall also includes intrusion detection and prevention capabilities.
Microsoft Forefront Threat Management Gateway (TMG) 2010 is a multi-layered perimeter defense system that includes several advanced protection technologies. If you would like to read the first part in this article series please go to rusion Detection and Prevention in Forefront TMG (Part 1) - Behavioral Detection.
0 kommentar(er)
