Protection design guide for Forefront TMG

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

The protection design guide for Forefront TMG is intended to help you plan to protect the computers and servers in your extended network, using the Forefront TMG protection mechanisms. It guides you through the design process, and provides you with information that will help you make the protection design choices that are appropriate for your business goals and for your environment.

About this guide

This guide is intended for the system administrator or security officer who is responsible for protecting corporate resources against threats, such as, Web-based and e-mail-based threats, or from network attacks. It is assumed that the reader of this guide is familiar with the concepts of network and Web attacks and threats, attack prevention, and threat protection.

Identifying and mapping your protection design goals

The following table is designed to help you identify your Forefront TMG protection design goals. After you identify the goals that are appropriate for your organization, you can map them to the relevant Forefront TMG design or designs.

Design goal Forefront TMG designs

Protect your network against operating system and application vulnerabilities.

Network Inspection System (NIS). For information, see Planning to protect against known vulnerabilities.

Protect your network against attacks that use sophisticated attack detection features, such as, intrusion detection, flood mitigation, and spoof detection.

Behavior-based intrusion detection. For information, see Planning to protect against network attacks.

Protect your organization from malware and other Web-based threats.

  • Malware inspection

  • URL filtering

  • HTTP filtering

  • HTTPS inspection

For information, see Planning to protect against web browsing threats.

Protect your network against e-mail spam and viruses.

E-mail protection. For information, see Planning to protect against e-mail threats.

Keep protection definitions constantly updated.

  • E-mail protection

  • Malware inspection

  • NIS

For information, see Planning for updates of protection definitions.

Concepts

Protecting your networks
Forefront TMG Planning and Design