Product Reviews

Thwarting Hackers

SecureIIS provides a solid brick in your defensive wall

SecureIIS is an application firewall intended to remedy the lack of hacker protection that was assumed to be out-of-the-box on an IIS server. Because conventional IIS defenses are pitifully inadequate, IIS has been a sitting duck to hackers (novices and experts).

SecureIIS wraps around the IIS Web server to protect IIS 4.0 and newer versions from a number of attacks (known with signatures and unknowns). The software installs easily on an NT 4.0 server with Service Pack 6 and IIS 4.0. It also installs on a Windows 2000 Web Server with SP1 and newer. Configuration is straightforward. A user with administrator rights can set defense rules by using the SecureIIS GUI. The interface is divided into four windows, each containing configurable selections. The leftmost window contains a list of attack categories such as Buffer Overflow and ShellCode Protection. The three rightmost windows contain the Web site selection window, the list of controls for a selected attack category, and a definition (explanation) of each of the attack groups, respectively. Clicking on any of the seven attack categories lists a set of user-selectable defense rules, with checkboxes in the center window.

Once the user is satisfied with the defense rules for each of the IIS attack-groups, it's time to "arm" SecureIIS. When the user clicks the "arm" button, SecureIIS is ready to defend IIS against almost all attacks, per the defense rules. The ease with which the software loads and configures is a big plus. Tests have shown that it does defend against many of the attacks that have plagued IIS for a long time. SecureIIS, too, has come a long way from version 1.2.5 to Version 1.2.7, and it has improved by adding strength from version to version.

On the downside, the application does not cater to legacy IIS servers. It assumes every IIS server is either IIS 4.0 or newer and should run on NT 4.0/Win2K with the latest service packs.

I subjected SecureIIS to a variety of tests to ensure it stood up to what it claims using both commercial and freeware scanners and worms. It doesn't interfere with or hamper performance when used with browsers such as Microsoft Explorer or Netscape Navigator. Some of the attacks were simulated using IIShack and netcat, and the defense configurations held up well by rebutting any probes. Vulnerability of the server was scanned using Retina (also made by eEye), which produced no audit reports when SecureIIS was armed.

Note, though, that server protection should not be left to any one product. The security professional should adhere to the principle of "defense-in-depth" and supplement SecureIIS with other security controls. All tests, however, have shown SecureIIS to be robust in defending IIS web servers.

[eEye has released SecureIIS 2.0, which offers upgrades such as enterprise-level functionality, centralized policy management, events management, logging of blocked requests and real-time statistical charts. Visit www.eEye.com for more information.-Editor.]

About the Author

Dr. Seyoum "Zeg" Zegiorgis, CISSP, MCSE, MCT, CCNA, CCAI, has more than ten years of experience teaching and working in the IT field. In addition to Infosec market research, consulting and speaking, he does IT technical reviewing for publications including the ACM's Computing Review. Dr. Zeg lives in Bloomington, Illinois.

Featured

  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus