Authors: Jim Harrison, Yuri Diogenes, and Mohit Saxena from the Microsoft Forefront TMG Team
Publisher: Microsoft Press (www.microsoft.com/mspress)
Published: February 2010
ISBN 13: 9780735626386
ISBN 10: 0-7356-2638-3
Format: Soft cover, 1056 pages (also available as an eBook on the book's companion CD)
Prices: $59.99
Protection from Web-based Threats
When it comes to learning about, and mastering, a new technology, it makes sense to tap into the expertise of people who know most about that technology. And often that is the group of people who are leading and driving the development of a particular technology. In the case of Microsoft Forefront Threat Management Gateway (TMG) a technology concerned with providing the best possible security when accessing the Internet expert knowledge about this technology has been assembled into a book written by three people at the forefront of that technology. Those people are:
Jim Harrison, program manager on the Microsoft Forefront Edge Security team and a former test engineer on the Microsoft ISA Server team.
Yuri Diogenes, a Microsoft senior support escalation engineer specializing in Forefront Edge Security.
Mohit Saxena, a senior technical lead on the Microsoft Forefront Edge Security team.
A fourth person involved with the book is Dr. Tom Shinder, the book's technical reviewer. Shinder is a technical writer for the Microsoft Forefront Edge team as well as the author of a number of books about ISA Server.
The title of their book is "Microsoft Forefront Threat Management Gateway (TMG): Administrators Companion." TMG is the successor technology to Microsoft ISA Server, and as described in the book's introduction, you can benefit from reading this book if you are an IT professional "with at least a year of experience deploying and troubleshooting networks with at least 2 to 10 routed subnets. Ideally, you would have some experience configuring switches, routers, and basic firewalls and also have had some experience with ISA Server 2004 or ISA Server 2006. You should also have some basic understanding of common Internet protocols such as HTTP, SMTP, IMAP, IPsec, PPTP, and so on, and be familiar with the OSI network model."
The content of "Microsoft Forefront Threat Management Gateway (TMG): Administrators Companion" has been divided into ten parts, along with four appendices. There is also a companion CD to the book. The titles of the major parts of the book, along with an overview of each part, are as follows:
1. A New Era for the Microsoft Firewall: I recommend that you don't skip reading this part of the book because this is where will you find a well-written introduction to TMG including details of new features and design goals. The book's authors point out that "although TMG is the Microsoft firewall solution, you need to think in multiple layers when you are talking about security. Security solutions need to address the threats at each layer to be effective; otherwise, your weakest point might expose you to threats that are beyond the control of the firewall". This is also the part of the book where will find a discussion of the differences between TMG and UAG (Unified Access Gateway).
2. Planning for TMG: The five chapters that comprise this part of the book cover everything that you need to know about planning for TMG deployments, including product requirements, client traffic considerations, and virtual deployments. The chapters are respectively devoted to hardware and software requirements for TMG; the analysis of network requirements; the choice of the most appropriate network topology; the actual migration from an ISA Server deployment to a Forefront TMG deployment; and a thorough understanding of what is involved in the selection of TMG client types.
3. Implementing a TMG Deployment: As well as giving readers of the book the information they need to install TMG and troubleshoot TMG setup failures, this part of the book also has a chapter dedicated to exploring the TMG console.
4. TMG as Your Firewall: This part of the book is concerned with understanding TMG network concepts as well as explaining the tasks involved in configuring TMG networks. Other topics that are investigated are access rules; load-balancing concepts in general and Network Load Balancing (NLB), DNS Round-Robin (DNS-RR) and ISP Redundancy (ISP-R) in particular. The last chapter in this part of the book introduces and discusses NIS (Network Inspection System) which the book's authors reveal is "a new traffic analysis mechanism included in TMG. NIS is built on network protocol analysis work done by Microsoft Research on the Generic Application-Level Protocol Analyzer (GAPA). GAPA was completed and expanded by the TMG development team and is used by all Forefront Security products to protect against network-level misbehavior for servers, clients, and TMG for network edge traffic protection."
5. TMG as Your Caching Proxy: The couple of chapters that make up this part of the book discuss caching from two perspectives: firstly, general caching concepts; and secondly, the TMG caching mechanism and controls.
6. TMG Client Protection: The four chapters in this part of the book discuss security issues and protection mechanisms from a number of different viewpoints, namely, malware inspection; URL filtering; enhanced e-mail protection; and HTTP and HTTPS inspection.
7. TMG Publishing Scenarios: the authors of the book report that "one of the most common reasons for deploying Microsoft Forefront Threat Management Gateway (TMG) 2010 is to publish applications to the Internet or to an isolated network. TMG makes use of two different types of publishing rules, Web Publishing and Server Publishing, to securely publish Web or non-Web servers and services." Consequently, one chapter in this part of the book covers publishing Microsoft Office SharePoint Server while another chapter covers publishing Exchange Server.
8. Remote Access: Concepts related to remote access, including the various protocols involved, are put under the spotlight in this part of the book. Specific information is also supplied for configuring TMG for dial-in and site-to-site VPN access.
9. Logging and Reporting: In addition to discussing the logging and reporting functionality of TMG, this part of the book also discusses Enhanced Network Address Translation (ENAT) concepts, configuration, and troubleshooting, along with information about the administrative scripting capabilities for TMG, with scripting examples presented in VBScript, JScript, and Windows PowerShell.
10. Troubleshooting: The last part of the book is where to turn to for help when problems strike. It discusses the art of troubleshooting from a general perspective as well as helping readers of the book hone their skills when troubleshooting TMG scenarios (advice about both techniques and tools are provided by the book's authors).
The book's four appendices have been written to include extra information that is useful to know but which, for various reasons, doesnt specifically fit into any of the ten major parts of the book discussed above. Just some examples of the types of information that you will find in these appendices include help with understanding HTTP protocol and proxy servers; some of the history associated with TMG; an explanation of TMG performance counters and how to use them; and details of the Windows Internet libraries. The book's companion CD contains a collection of sample scripts written in VBScript, JScript, and Windows PowerShell. As well, the CD contains the SOCKS parser for Network Monitor 3.3 along with instructions on how to use the parser. An electronic version of the book, in PDF format, is also available on the companion CD. Access to the contents of the book in this format is valuable because it means you can search through the book's contents to quickly locate a specific piece of information that you require.
In conclusion, the importance of learning about Microsoft Forefront Threat Management Gateway 2010 (TMG) is best summarized by the book's authors who state that it is "a firewall that has application-layer intelligence and anti-malware capabilities that can be used to identify and mitigate many of the threats facing modern networks. Forefront TMG is the successor to Microsoft ISA Server and includes all of the ISA Server functionality you're accustomed to while improving usability, security, and functionality. All the feature changes and troubleshooting updates included in the ISA Server 2006 Supportability Update are included in TMG."
There's no doubt that the book, "Microsoft Forefront Threat Management Gateway (TMG): Administrators Companion", is a comprehensive read a lot of useful information has been packed into its nearly 1100 pages. It has been specifically written to be an administrator's guide, and it definitely fulfills its role of delivering what the book's authors themselves refer to as "functional usage."