Synopses & Reviews
Get your Web security, network perimeter security, and application layer security gateway up and running smoothly. This indispensible, single-volume reference details the features and capabilities of Microsoft(R) Forefront(R) Threat Management Gateway (TMG). You'll gain the real-world insights, implementation and configuration best practices, and management practices you need for on-the-job results. Discover how to:
Implement TMG integrated security features Analyze your Web and perimeter security requirements and infrastructure Plan, install, and configure TMG Implement network intrusion prevention, proxy, caching, filtering Configure security for the Web, Microsoft(R) Exchange Server, and SharePoint(R) Products and Technologies Implement remote access and site-to-site VPNs Select and configure clients Monitor and troubleshoot protected systems with Network Monitor 3 and other tools Use scripting to configure systems and automate administration Plus, get a fully searchable eBook on the companion CD A Note Regarding the CD or DVD
The print version of this book ships with a CD or DVD. For those customers purchasing one of the digital formats in which this book is available, we are pleased to offer the CD/DVD content as a free download via O'Reilly Media's Digital Distribution services. To download this content, please visit O'Reilly's web site, search for the title of this book to find its catalog page, and click on the link below the cover image (Examples, Companion Content, or Practice Files). Note that while we provide as much of the media content as we are able via free download, we are sometimes limited by licensing restrictions. Please direct any questions or concerns to firstname.lastname@example.org.
The comprehensive, one-volume guide to deploying and managing Microsoft Forefrint TMG for Wec security, newtwork perimeter security, and application security.
Get your Web security, network perimeter security, and application layer security gateway up and running smoothly. This indispensible, single-volume reference details the features and capabilities of Microsoft Forefront Threat Management Gateway (TMG). You'll gain the real-world insights, implementation and configuration best practices, and management practices you need for on-the-job results. Discover how to:
- Implement TMG
- integrated security features
- Analyze your Web and perimeter security requirements and infrastructure
- Plan, install, and configure TMG
- Implement network intrusion prevention, proxy, caching, filtering
- Configure security for the Web, Microsoft Exchange Server, and SharePoint Products and Technologies
- Implement remote access and site-to-site VPNs
- Select and configure clients
- Monitor and troubleshoot protected systems with Network Monitor 3 and other tools
- Use scripting to configure systems and automate administration
- Plus, get a fully searchable eBook on the companion CD
For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook.
- Understanding Forefront Unified Access Gateway
- Planning Forefront Unified Access Gateway Deployment
- Publishing Applications through Forefront Unified Access Gateway
- Implementing VPN Access with Forefront Unified Access Gateway
- Implementing Direct Access with Forefront Unified Access Gateway
- Planning Exchange Security
- Configuring Forefront Security for Exchange
- Protecting E-mail at the Edge
Get the focused, scenario-based guidance you need to plan and deploy Forefront Threat Management Gateway (TMG) as your network perimeter firewall. The evolution of Microsoft ISA Server, Forefront TMG provides multiple layers of continuously updated protections against the latest Web-based threats, including URL filtering, antimalware inspection, and intrusion prevention. Led by two members of the Microsoft Forefront team, you\'ll get pragmatic, inside insights into system components and capabilities; identify software, hardware, and business requirements; and step through essential planning and design considerations, including network topology, remote access, publishing rules, performance, administration, and more.'
Get focused, real-world guidance for planning and implementing Forefront Protection for Exchange Server--and help protect enterprise e-mail from viruses, spam, phishing, and policy violations. Guided by key members of the Microsoft Forefront team, you'll delve into system components, features, and capabilities, and step through essential planning and design considerations. Deployment scenarios for Forefront Protection for Exchange include the Edge server, to inspect e-mail moving into and out of the corporate network; Exchange Hub Transport Server, to inspect e-mail moving within the organization; and mailbox servers, to inspect the contents of the user e-mail boxes and provide real-time protection against malicious attachments.
Plan, design, and deploy Forefront United Access (UAG) with insights straight from the Forefront team at Microsoft. Forefront Unified Access Gateway (UAG)--the evolution of the Microsoft Intelligent Application Gateway (IAG)--delivers a more robust and transparent solution for inbound access from anywhere. This pragmatic guide drills into system components and capabilities, identifies software and hardware requirements, and provides scenario-based advice for planning and design, including policy control and availability and scalability considerations. You'll learn how to plan and deploy an SSL VPN solution for your environment, and how to publish applications through Forefront UAG, including Microsoft Exchange Server, SharePoint® 2010, and Windows Server® 2008 Remote Desktop Services.
About the Author
Yuri Diogenes is a Microsoft senior support escalation engineer specializing in Forefront Edge Security. He is coauthor of the Forefront Community Site "Tales from the Edge", writes Forefront security articles for Microsoft TechNet Magazine, and is a primary contributor to the Microsoft ISA Server Team Blog. Before joining Microsoft, Yuri was a network advisor for a Microsoft Gold Partner and taught Network and Operating System disciplines at the University in Brazil.
Jim Harrison is a program manager on the Microsoft Forefront Edge Security Team who also designs integrated security solutions for Microsoft extranets and intranets. He is the coauthor of Microsoft's Forefront Community Page "Tales from the Edge". Jim is a former tester on the Microsoft ISA Server Sustained Engineering Team, and prior to that, served as an electronics technician for the US Navy.
Mohit Saxena is a senior technical lead on the Microsoft Forefront Edge Security Team. He advises Microsoft Support Escalation Engineers on Forefront Edge Security support issues, bugs, and design changes.
Table of Contents
Foreword; Acknowledgments; From "The Collective"; From Jim; From Yuri; From Mohit; Introduction; The Target Audience; Organization and Usage; Terminology; Companion CD; System Requirements; Feedback and Support for This Book; Part I: A New Era for the Microsoft Firewall; Chapter 1: What's New in TMG; 1.1 Introducing TMG; 1.2 Beyond the Firewall; 1.3 What's New?; 1.4 Summary; Chapter 2: What Are the Differences Between TMG and UAG?; 2.1 Enabling Anywhere Access; 2.2 Understanding IAG 2007; 2.3 IAG 2007 Integration with ISA Server 2006; 2.4 Forefront UAG: The Next Generation of IAG 2007; 2.5 What's New in UAG?; 2.6 Aligning UAG with Security Needs; 2.7 Designing Network Protection; 2.8 Summary; Part II: Planning for TMG; Chapter 3: System Requirements; 3.1 Hardware Requirements; 3.2 Software Requirements; 3.3 General Recommendations; 3.4 Deploying in Virtual Environments; 3.5 Summary; Chapter 4: Analyzing Network Requirements; 4.1 Determining Your Traffic Profile; 4.2 TMG Deployment Options; 4.3 Addressing Complex Networks; 4.4 Configuring TMG Networks; 4.5 Understanding How Name Resolution Impacts TMG; 4.6 Summary; Chapter 5: Choosing the Right Network Topology; 5.1 Choosing the Network Template; 5.2 Examining High Availability; 5.3 Joining the Firewall to a Domain or Workgroup; 5.4 Summary; Chapter 6: Migrating to TMG; 6.1 General Considerations; 6.2 Scenarios; 6.3 Example Checklists; 6.4 Example Migration from ISA 2006 SE to TMG 2010 EE Forward Proxy Scenario; 6.5 Summary; Chapter 7: Choosing a TMG Client Type; 7.1 Web Proxy Client; 7.2 SecureNET Client; 7.3 Forefront TMG Client; 7.4 Choosing the Right Client for Your Environment; 7.5 Summary; Part III: Implementing a TMG Deployment; Chapter 8: Installing TMG; 8.1 Final Considerations Before Installing TMG; 8.2 Installing TMG MBE; 8.3 Installing TMG 2010; 8.4 Summary; Chapter 9: Troubleshooting TMG Setup; 9.1 Understanding Setup Architecture; 9.2 Setup Options; 9.3 What to Look for When Setup Fails; 9.4 Summary; Chapter 10: Exploring the TMG Console; 10.1 TMG Medium Business Edition; 10.2 Updates for TMG 2010; 10.3 New Wizards; 10.4 Summary; Part IV: TMG as Your Firewall; Chapter 11: Configuring TMG Networks; 11.1 Understanding Network Relationships; 11.2 Creating Networks; 11.3 Configuring Your Protected Networks; 11.4 Summary; Chapter 12: Understanding Access Rules; 12.1 Traffic Policy Behavior; 12.2 Understanding Policy Re-Evaluation; 12.3 Troubleshooting Access Rules; 12.4 Summary; Chapter 13: Configuring Load-Balancing Capabilities; 13.1 Multiple Paths to the Internet; 13.2 Implementing ISP Redundancy; 13.3 Understanding and Implementing NLB; 13.4 Summary; Chapter 14: Network Inspection System; 14.1 Understanding Network Inspection System; 14.2 Implementing Network Inspection System; 14.3 Implementing Intrusion Detection; 14.4 Summary; Part V: TMG as Your Caching Proxy; Chapter 15: Web Proxy Auto Discovery for TMG; 15.1 WPAD as Protocol and Script; 15.2 Configuring Automatic Discovery in the Network; 15.3 Configuring Client Applications; 15.4 Summary; Chapter 16: Caching Concepts and Configuration; 16.1 Understanding Proxy Cache; 16.2 Configuring the Forefront TMG 2010 Cache; 16.3 Troubleshooting Cache; 16.4 Summary; Part VI: TMG Client Protection; Chapter 17: Malware Inspection; 17.1 Understanding Malware Inspection in TMG; 17.2 Configuring Malware Inspection; 17.3 Creating Reports with Malware Statistics; 17.4 Summary; Chapter 18: URL Filtering; 18.1 How URL Filtering Works; 18.2 Configuring URL Filtering; 18.3 Update Center; 18.4 Summary; Chapter 19: Enhancing E-Mail Protection; 19.1 Understanding E-Mail Threats; 19.2 How SMTP Protection Works in TMG; 19.3 Configuring SMTP Protection on TMG; 19.4 Summary; Chapter 20: HTTP and HTTPS Inspection; 20.1 The Web Proxy Application Filter; 20.2 Configuring HTTPS Inspection; 20.3 Configuring the HTTP Filter; 20.4 Summary; Part VII: TMG Publishing Scenarios; Chapter 21: Understanding Publishing Concepts; 21.1 Core Publishing Scenarios; 21.2 Publishing Rule Elements; 21.3 Planning Publishing Rules; 21.4 Summary; Chapter 22: Publishing Servers; 22.1 How to Publish a Web Server; 22.2 Publishing a Non-Web Server; 22.3 Troubleshooting Publishing Rules; 22.4 Summary; Chapter 23: Publishing Microsoft Office SharePoint Server; 23.1 Planning to Publish SharePoint; 23.2 Configuring SharePoint Publishing; 23.3 Troubleshooting; 23.4 Summary; Chapter 24: Publishing Exchange Server; 24.1 Planning; 24.2 Configuring Exchange Client Access through Forefrrrrrront TMG; 24.3 Troubleshooting; 24.4 Summary; Part VIII: Remote Access; Chapter 25: Understanding Remote Access; 25.1 Understanding VPN Concepts; 25.2 Planning VPN Access; 25.3 NAP Integration; 25.4 Summary; Chapter 26: Implementing Dial-in Client VPN; 26.1 Configuring VPN Client Access; 26.2 Configure VPN Client Access with NAP Integration; 26.3 Configuring VPN Client Access Using SSTP; 26.4 Summary; Chapter 27: Implementing Site-to-Site VPN; 27.1 Configuring L2TP Over IPsec Site-to-Site VPN; 27.2 Configuring PPTP Site-to-Site VPN; 27.3 Troubleshooting VPN Client Connections; 27.4 Summary; Part IX: Logging and Reporting; Chapter 28: Logging; 28.1 Why Logging Is Important; 28.2 Configuring TMG Logging; 28.3 Logging Best Practices; 28.4 Summary; Chapter 29: Enhanced NAT; 29.1 Understanding Enhanced NAT; 29.2 Configuring Enhanced NAT; 29.3 Troubleshooting Enhanced NAT; 29.4 Summary; Chapter 30: Scripting TMG; 30.1 Understanding the TMG Component Object Model (COM); 30.2 Administering TMG with VBScript or JScript; 30.3 Administering TMG with Windows PowerShell; 30.4 Summary; Part X: Troubleshooting; Chapter 31: Mastering the Art of Troubleshooting; 31.1 General Troubleshooting Methodology; 31.2 Troubleshooting Tools; 31.3 Putting It All Together; 31.4 Summary; Chapter 32: Exploring HTTP Protocol; 32.1 Understanding the HTTP Protocol; 32.2 How HTTP Authentication Works; 32.3 Understanding HTTPS; 32.4 Summary; Chapter 33: Using Network Monitor 3 for Troubleshooting TMG; 33.1 Using Network Monitor to Capture Traffic; 33.2 Data Gathering with Network Monitor; 33.3 Reading a Network Monitor Capture; 33.4 Troubleshooting TMG Using Network Monitor; 33.5 Summary; From Proxy to TMG; Understanding the HTTP Protocol; Understanding Proxy Servers; The History Behind TMG; TMG Performance Counters; TMG Performance Counters; How to Use These Counters; Summary; Windows Internet Libraries; WinHTTP vs. WinInet; Autoproxy (WPAD); Applications That Use WinHTTP; Summary; WPAD Script CARP Operation; CARP Logic; CARP Action Examples; Summary;