RTM’d today: Microsoft Forefront Threat Management Gateway (TMG) Administrator's Companion

  • Article

9780735626386x Greetings! We’re pleased to announce that Microsoft Forefront Threat Management Gateway (TMG) Administrator's Companion was released to the printer today. The authors are Yuri Diogenes, Jim Harrison, Mohit Saxena from the Microsoft TMG Server Team, with Dr. Tom Shinder, and the book’s ISBN is 9780735626386.

The book will be available the second week of February, and we’ll post more book excerpts then. In the meantime, here is the book’s Foreword, by David B. Cross:

Foreword
As the Product Unit Manager for the Forefront Threat Management Gateway
(TMG) 2010 release, I was able to take advantage of a unique opportunity to
change the industry regarding how we protect small business users and enterprise
customers when connecting to the Internet in a world of ever-evolving threats,
malicious software, and dynamic criminal activities. It was a challenge I could not
pass up and I jumped at the opportunity to see how we could simplify the secure
Web gateway (SWG) experience for customers and still provide the flexibility and
security that hardcore security professionals have grown to love with the existing
Internet Security and Acceleration (ISA) Server platform.

TMG has introduced a new era not only for Microsoft but also for the industry
in how we create a comprehensive network protection solution for both small and
large enterprise customers. Customers have told us that they love the Microsoft
infrastructure integrated firewall and proxy that allows configuration and
management using the tools and management infrastructure they are familiar
with, such as Active Directory. But as we saw the threats and the workforce evolve,
we realized that our customers needed something more to protect their users
when accessing the Internet.

I wish I could summarize the full set of capabilities and potential in a short
foreword for this book, but it proved to be impossible. The simple answer comes
in the product name itself: Threat Management Gateway. The name deservedly
implies the dynamic and integrated nature of the product and its extensible
capability as it integrates with the Forefront Protection Suite. When you put it all
together, the product really has six unique value propositions that emphasize our
comprehensive approach to network protection:

  • Enforce network policy access at the edge (Firewall)
  • Protect users from Web browsing threats (Web Client Protection)
  • Protect users from e-mail threats (E-mail Protection)
  • Protect desktops and servers from intrusion attempts
    (Network Intrusion System)
  • Enable users to remotely access corporate resources
    (VPN, Secure Web Publishing)
  • Simplify management (Deployment)

In the end, the quality and the value proposition of the product speak for
themselves. Throughout the beta program, we have had more downloads and
production deployments than all the other betas of the ISA platform combined.
The breadth of the new features has driven new customers and new deployments
never possible with the ISA product line. On the firewall side, we have added key
components such as VoIP traversal (SIP), Enhanced NAT, and ISP Link Redundancy.
Combined with our NAP (Network Access Protection) integration with the VPN
functionality, the firewall and remote access capabilities are richer than ever.
On the Web client protection area, we now have integrated URL filtering, HTTP
anti-virus/spyware scanning, and HTTPS forward inspection. The new secure
e-mail relay deployment option enables a hardened edge–based anti-virus
and anti-spam solution not previously available. And last but not least, the fully
integrated and new Forefront Network Inspection System (NIS) has changed
the game of network intrusion prevention and detection. Not only does the NIS
provide the capability for administrators to provide threat management in the
face of zero-day attacks, but it also enables security assessment and responses
when deployed in conjunction with the Forefront Protection Suite.

What’s next for the future of secure Web gateways and the threat landscape?
If I were to be an oracle and predict the future, I would expect first that the trend
of more complex malware and malicious attacks will continue to grow in volume
and in criminal intent. I would also suspect that we will see a demand from the
marketplace for further integration of information protection and control (IPC) with
access and protection. We will see consolidation not only of solutions, but we’ll also
see the management and policy capabilities being integrated and unified across
solution verticals. I believe TMG 2010 will be a product foreshadowing the future
when it comes to network and virtualized datacenter protection.

In summary, this book is a must-have for the Forefront Threat Management
Gateway administrator—it embodies the core of the product team development
knowledge, the best practices from the Microsoft consultants around the world,
and the learning from our customer deployments to date, and it distills this all
into a one-stop resource kit of knowledge. Jim Harrison is known throughout
Microsoft and the broader industry as the foremost ISA—and now TMG—expert.
His in-depth understanding of the product internals combined with real-world
deployment and operational experience provide a perspective unlike any other
expert in the community. Yuri Diogenes and Mohit Saxena have not only been on
the front lines of the top ISA deployments around the world, but have also been
on the forefront (no pun intended) of the TMG beta program. Their firsthand
guidance and best practices will help you ensure a smooth and easy deployment
by avoiding mistakes in advance and suggesting the most secure configuration
from the start. Tom Shinder, a recognized Microsoft security professional and
widely known ISA expert, brings his extended ISA experience to bear as a valued
technical reviewer for this book.

The availability of this book helps to achieve the goal that we set with the
original inception of the TMG project: to enable customers to deploy protection
easily in a cost-effective and manageable way to achieve their security and
application-protection requirements in an ever-changing threat landscape.
I believe we have achieved that goal with our upcoming release and with
security experts such as Jim, Yuri, and Mohit evangelizing the knowledge.

David B. Cross
Product Unit Manager
Microsoft Corporation