Product Reviews

Adding a Line of Defense

Flicks Titan shores up your IIS security

With all the IIS security problems we've been seeing lately, you'd naturally expect some software vendors to release products to fight them. Flicks Software has released Titan, which is aimed at helping you add another level of defense to your Web server.

According to the company's Web site, Titan protects Microsoft IIS Web servers from known and unknown attacks. It wraps around IIS and works within it, verifying and analyzing incoming Web server data for security breaches.

The download and install were fairly standard and uneventful. As the instructions said, I disabled my Internet services before running the setup routine. Toward the end of setup, the program asked me if I wanted it to restart my services; when everything was done, all services were restarted. Total install time: two minutes.

Titan is implemented as an ISAPI filter and, by default, is installed at the computer level so settings apply to all Web sites on the server. Configuration is straightforward via a simple Windows-style configuration screen:

The program gives you enough options to configure it to do most anything you want and even lets you add custom query strings, which it'll then block. How the program responds when a request is denied is configurable as well. You can type in a message, pull it from a file, include an explanation, or even redirect to another URL.

The tests I ran consisted mostly of throwing different things at Titan and seeing if it let them through or not. The things I tossed at it were derived mainly from the log files on my test machine. This machine had been hit by Nimda and a number of variations of requests, including a lot of attempts to get at cmd.exe using .. to go up the directory tree and \ - the physical directory delimiter.

The default settings apparently worked pretty well and stopped most of the requests. I already had URLScan installed, and it also was logging and preventing the still-present Nimda attacks. (When will people stop putting unpatched IIS servers on the Net?)

Flicks Titan
Flicks Titan gives you enough options to configure it to do most anything you want.

The setup program didn't seem as polished as many commercial programs on the market. It's on par with most ASP component install routines; once installed, Titan seemed to work like a charm. If you're experiencing many of these types of attacks or are worried about future ones, this product can be used with other methods to help increase your server's layers of defense.

While this isn't the "cure all" to your Web server security issues, Titan can be can worthwhile investment, assuming the worm type you're trying to prevent can be filtered.

About the Author

Andy Barkl, MCT/MCITP/MCSA, A+, Network+, Security+, CCNA has been studying technology for 30 years. Of the last 15 years, he has spent much of his time parting the knowledge and experience he has gained through IT exams, over 300, to help others be prepared and successful. He teaches classes in Phoenix, Ariz. where he has lived most of his life. He can be reached by e-mail at andy.barkl@gmail.com.

comments powered by Disqus

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.