Network Inspection System (NIS) adds signatures to help in SQL injection and Cross-site scripting prevention
Forefront Threat Management Gateway 2010 (TMG) added a Network Inspection System (NIS) feature which detects vulnerabilities and exploits in multiple protocols. To learn more about NIS read this whitepaper.
Forefront TMG comes with a free complementary NIS subscription, through which we constantly update NIS with new signatures to help protect against current vulnerabilities and exploits.
We are happy to announce that we have published signatures to help protect from commonly used exploitations of the SQL injection and Cross-site scripting vulnerabilities.
The Microsoft Malware Protection Center encyclopedia has more information about these signatures:
- Expl:Win/HTTP.URL.SQLInj!0000-0000 contains information about the SQL injection signature
- Expl:Win/HTTP.URL.XSS!0000-0000 contains information about the Cross-site scripting signature
If you are using Forefront TMG and have chosen to use NIS (you should!!), you will receive these signatures automatically through the update center.
Author:
Ori Yosefi - Senior Program Manager, Forefront TMG
Reviewers:
Ziv Mador - Senior Program Manager, Protection Team
Gabriel Koren – Test Team, Forefront Edge
Comments
Anonymous
December 23, 2010
I have a test TMG 2010 server setup. The NIS filter is enabled, and signatures from MS update hourly. Yet by default, HTTP.URL.XSS! is set for 'Enabled / Detect Only' and HTTP.URL.SQLInj! is set for 'disabled / detect only'. Is this by design? Are these filters exceptionally processor consuming if set for 'Enable / Block'? So even if the Signatures are set to auto update, by default these pretty important filters wont be doing anything even with NIS enabled. My primary concern is to block SQL attacks fromweb applications (in there own vLAN, which are web published) servers, by placing production SQL servers in there own vLAN and using TMG to ‘publish’ the SQL servers. My understanding is the NIS filters will continue to work, can you confirm this. ALSO, should we be looking at more (3rd party) SQL NIS filters for SQL servers, or are these two default filters ‘enough’? I am also concerned on what type of hardware is need for TMG to keep up w/ 1G wire speed when using the NIS filters. Thanks. Jreininger (at) yahooAnonymous
August 12, 2012
blogs.mcafee.com/.../mcafee-a-leader-in-2012-gartner-magic-quadrant If we look at the latest Gartner report. MS NIS is no where in the quadrant ? Can you publish details about how to disable NIS from TMG and from Forefront ?