SecureIIS™ Application Firewall
SecureIIS protects Microsoft IIS (Internet Information Services) web servers from known and unknown attacks. SecureIIS works between the layers of IIS, allowing it to analyze incoming data for security threats before the data reaches your server. Unlike conventional firewalls that can only protect against publicized security breaches, SecureIIS is able to block a new attack before it is discovered and its patch is made public. Named as one of the "Three Great Security Tools" by Windows 2000 Magazine, SecureIIS has created quite a stir in the market as it has raised the bar for proactive security tools.

The power for SecureIIS to stop known and unknown attacks is provided by its use of CHAM (Common Hacking Attack Methods) technology. An eEye Digital Security innovation, CHAM gives SecureIIS the capability to understand the web server protocol and also various classes of attack that web servers are vulnerable to. SecureIIS has the ability to give your web server up-to-the-minute security that is unmatched by any other product in the market.

What's New in SecureIIS 1.2.5

SecureIIS protects against the following types of attack:

Buffer Overflow Attacks
Buffer overflow vulnerabilities stem from problems in string handling. Whenever a computer program tries copying a string or buffer into a buffer that is smaller than itself, an overflow is sometimes caused. If the destination buffer is overflowed sufficiently it will overwrite various crucial system data. In most situations an attacker can leverage this to takeover a specific program's process, thereby acquiring the privileges that process or program has. SecureIIS limits the size of the "strings" being copied. Doing this greatly reduces the chance of a successful buffer overflow.

Parser Evasion Attacks
Insecure string parsing can allow attackers to remotely execute commands on the machine running the web server. If the CGI script or web server feature does not check for various characters in a string, an attacker can append commands to a normal value and have the commands executed on the vulnerable server.

Directory Traversal Attacks
In certain situations, various characters and symbols can be used to break out of the web server's root directory and access files on the rest of the file system. By checking for these characters and only allowing certain directories to be accessed, directory traversal attacks are prevented. In addition, SecureIIS only allows clients to access certain directories on the server. Even if a new hacking technique arises, breaking out of webroot will still be impossible.

General Exploitation
Buffer overflows, format bugs, parser problems, and various other attacks will contain similar data. Exploits that execute a command shell will almost always have the string "cmd.exe" in the exploiting data. By checking for common attacker "payloads" involved with these exploits, we can prevent an attacker from gaining unauthorized access to your web server and its data.

SecureIIS also has the following features:

HTTPS/SSL Protection
SecureIIS resides inside the web server, thus capturing HTTPS sessions before and after SSL (Secure Socket Layer) encryption. Unlike any Intrusion Detection System or firewall currently on the market, SecureIIS has the ability to stop attacks on both encrypted and unencrypted sessions.

High Bit Shellcode Protection
Shellcode is what is sent to a system to effectively exploit a hole called a "buffer overflow". High Bit Shellcode Protection offers you a high degree of protection against this type of attack because it will drop and log all requests containing characters that contain high bits. All normal web traffic, in English, should not contain these types of characters and almost all "shellcode" requires them to produce the effective exploit.

Third Party Application Protection
The power of SecureIIS is not limited to IIS specific vulnerabilities. SecureIIS can also protect third party applications and custom scripts from attack. If your company has developed customized components for your website, components that might be vulnerable to attack, you can use SecureIIS to protect those components from both known and unknown vulnerabilities. Let SecureIIS work as your own web-based "Security Quality Assurance" system.

Logging of Failed Requests
In the installed SecureIIS directory, we post a file called SecureIIS.log. This file contains a log of all attacks and what triggered the event that caused SecureIIS to drop the connection. This is an effective way to monitor why requests are being stopped, and who is requesting things that they shouldn't. Since SecureIIS enforces a strong security policy for how sites are configured, you can use this log to find places where your website may not be acting correctly due to an insecure setting. Also, since Internet Information Server has the unfortunate habit of not logging attacks like buffer overflows that are successful, a twofold security benefit is provided here. Such attacks are not only stopped, but also logged so you can take action accordingly.

Additional Checks
Additional checks are in place for attacks that do not follow recognized patterns, such as the common ones listed above. This approach provides extra security and protects against various attacks that involve data conversion problems. Limitations are also placed on the size of Uniform Resource Locators (URL/URI), HTTP variables, Request methods, Request Header Size, and other HTTP related content.

All of these additional protection features make SecureIIS the product of today that protects you from the attacks of tomorrow, making it the ultimate proactive security tool.

System Requirements
· Windows NT 4.0, IIS 4.0 and Service Pack 6
or
· Windows 2000, IIS 5.0 and Service Pack 1 or greater

Note: IIS Proxy Server is NOT supported