Product Reviews

Thwarting Hackers

SecureIIS provides a solid brick in your defensive wall

SecureIIS is an application firewall intended to remedy the lack of hacker protection that was assumed to be out-of-the-box on an IIS server. Because conventional IIS defenses are pitifully inadequate, IIS has been a sitting duck to hackers (novices and experts).

SecureIIS wraps around the IIS Web server to protect IIS 4.0 and newer versions from a number of attacks (known with signatures and unknowns). The software installs easily on an NT 4.0 server with Service Pack 6 and IIS 4.0. It also installs on a Windows 2000 Web Server with SP1 and newer. Configuration is straightforward. A user with administrator rights can set defense rules by using the SecureIIS GUI. The interface is divided into four windows, each containing configurable selections. The leftmost window contains a list of attack categories such as Buffer Overflow and ShellCode Protection. The three rightmost windows contain the Web site selection window, the list of controls for a selected attack category, and a definition (explanation) of each of the attack groups, respectively. Clicking on any of the seven attack categories lists a set of user-selectable defense rules, with checkboxes in the center window.

Once the user is satisfied with the defense rules for each of the IIS attack-groups, it's time to "arm" SecureIIS. When the user clicks the "arm" button, SecureIIS is ready to defend IIS against almost all attacks, per the defense rules. The ease with which the software loads and configures is a big plus. Tests have shown that it does defend against many of the attacks that have plagued IIS for a long time. SecureIIS, too, has come a long way from version 1.2.5 to Version 1.2.7, and it has improved by adding strength from version to version.

On the downside, the application does not cater to legacy IIS servers. It assumes every IIS server is either IIS 4.0 or newer and should run on NT 4.0/Win2K with the latest service packs.

I subjected SecureIIS to a variety of tests to ensure it stood up to what it claims using both commercial and freeware scanners and worms. It doesn't interfere with or hamper performance when used with browsers such as Microsoft Explorer or Netscape Navigator. Some of the attacks were simulated using IIShack and netcat, and the defense configurations held up well by rebutting any probes. Vulnerability of the server was scanned using Retina (also made by eEye), which produced no audit reports when SecureIIS was armed.

Note, though, that server protection should not be left to any one product. The security professional should adhere to the principle of "defense-in-depth" and supplement SecureIIS with other security controls. All tests, however, have shown SecureIIS to be robust in defending IIS web servers.

[eEye has released SecureIIS 2.0, which offers upgrades such as enterprise-level functionality, centralized policy management, events management, logging of blocked requests and real-time statistical charts. Visit www.eEye.com for more information.-Editor.]

About the Author

Dr. Seyoum "Zeg" Zegiorgis, CISSP, MCSE, MCT, CCNA, CCAI, has more than ten years of experience teaching and working in the IT field. In addition to Infosec market research, consulting and speaking, he does IT technical reviewing for publications including the ACM's Computing Review. Dr. Zeg lives in Bloomington, Illinois.

comments powered by Disqus

Reader Comments:

Tue, Sep 14, 2004 Jim Freedle

This product is absolutely useless now. We had it in 2003, but it was never updated by eeye. Now it is obsolete anyway. Stay away from eeye products -- horrible support.

Thu, Oct 24, 2002 George Denark

Well , I have also tested the trial version of the SecureIIS on a test server (one of the earlyer versions) but then I encountred some problems when installed some cgi aplications that had to write on the server. Configured correctly then SecureIIS is a powerfull tool that responded nice to any known and unknown hack atacks.

Fri, Aug 9, 2002 g frieri albany, ny

our escrow company used Sanctum after some configuration management problems. we switched to SecureIIS in Feb and have been using version 2 for the last 2 months. performs exceptionally well.

Fri, Aug 9, 2002 Timothy Hoctor Connecticut

We've used SecureIIS since last year after Code Red and have had no incidents since implementation. I highly recommend the product.

Fri, Aug 2, 2002 Anonymous Anonymous

Downloaded the free trial and did a quick install test on our stage box this afternoon. Easy setup and got a perfect score on our penetration test.

Fri, Aug 2, 2002 C. Richardson Seattle

SecureIIS is great. I'm using version 2.0 for installs on my clients web servers. Simple and quick install... perfect for my consulting business.

Product pricing is wrong on the MCP website, it only costs about $1,000 per server.

CR

Fri, Aug 2, 2002 Anonymous US

This article is outdated... I am using v2.0 and its light years ahead of v1.2. The GUI is very well designed, settings are a breeze to change, and they added a bunch of ways to view events. The price is not as high too. But I hear eEye just came out with a central management console for large deployments.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.