Product Reviews

Adding a Line of Defense

Flicks Titan shores up your IIS security

With all the IIS security problems we've been seeing lately, you'd naturally expect some software vendors to release products to fight them. Flicks Software has released Titan, which is aimed at helping you add another level of defense to your Web server.

According to the company's Web site, Titan protects Microsoft IIS Web servers from known and unknown attacks. It wraps around IIS and works within it, verifying and analyzing incoming Web server data for security breaches.

The download and install were fairly standard and uneventful. As the instructions said, I disabled my Internet services before running the setup routine. Toward the end of setup, the program asked me if I wanted it to restart my services; when everything was done, all services were restarted. Total install time: two minutes.

Titan is implemented as an ISAPI filter and, by default, is installed at the computer level so settings apply to all Web sites on the server. Configuration is straightforward via a simple Windows-style configuration screen:

The program gives you enough options to configure it to do most anything you want and even lets you add custom query strings, which it'll then block. How the program responds when a request is denied is configurable as well. You can type in a message, pull it from a file, include an explanation, or even redirect to another URL.

The tests I ran consisted mostly of throwing different things at Titan and seeing if it let them through or not. The things I tossed at it were derived mainly from the log files on my test machine. This machine had been hit by Nimda and a number of variations of requests, including a lot of attempts to get at cmd.exe using .. to go up the directory tree and \ - the physical directory delimiter.

The default settings apparently worked pretty well and stopped most of the requests. I already had URLScan installed, and it also was logging and preventing the still-present Nimda attacks. (When will people stop putting unpatched IIS servers on the Net?)

Flicks Titan
Flicks Titan gives you enough options to configure it to do most anything you want.

The setup program didn't seem as polished as many commercial programs on the market. It's on par with most ASP component install routines; once installed, Titan seemed to work like a charm. If you're experiencing many of these types of attacks or are worried about future ones, this product can be used with other methods to help increase your server's layers of defense.

While this isn't the "cure all" to your Web server security issues, Titan can be can worthwhile investment, assuming the worm type you're trying to prevent can be filtered.

About the Author

Andy Barkl, MCT/MCITP/MCSA, A+, Network+, Security+, CCNA has been studying technology for 30 years. Of the last 15 years, he has spent much of his time parting the knowledge and experience he has gained through IT exams, over 300, to help others be prepared and successful. He teaches classes in Phoenix, Ariz. where he has lived most of his life. He can be reached by e-mail at andy.barkl@gmail.com.

Featured

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

  • Microsoft Browser Support for TLS 1.0 and 1.1 Ending 2H 2020

    Microsoft announced on Tuesday that its plans to drop support for Transport Layer Security (TLS) protocols 1.0 and 1.1 in its browsers will get delayed by a few months until the second half of this year.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.