Mission Critical Systems

Providing Comprehensive Network & Information Security Since 1997

Contact us:
Call: 877.744.3444
sales@locked.com
Home Solutions Services Training Compliance Support Company Contact

eEye SecureIIS Web Server Protection

Web servers provide a portal to your internal network, so they require a more formidable and customized level of protection above and beyond what network firewalls or IDS can provide. SecureIIS provides web server security for the Microsoft IIS platform, with windows server firewall protection from both known and unknown vulnerabilities. SecureIIS works within the IIS web server, actively inspecting all incoming requests at each stage of data processing to prevent potentially harmful network traffic — whether encrypted or not — from penetrating your server. Even un-patched web servers security needs are addressed and protected from potentially damaging "known" and "unknown" attacks. Unlike intrusion detection systems or server firewalls that rely on signature databases to determine if an attack is taking place, SecureIIS provides webserver security against entire classes of attacks, without the resource drain of constantly updating signature attack profiles.

Features

Application Layer Protection

SecureIIS inspects requests as they come in from the network level, as they are handed off at the kernel level, and at every level of processing in between. If at any point SecureIIS detects a possible attack, it will prevent unauthorized access and/or damage to the web server.

Integration with the IIS Platform

SecureIIS was developed as an ISAPI filter, which allows it to integrate more tightly with the web server. SecureIIS monitors data as it is processed by IIS, and can block a request at any point if it resembles one of many classes of attack patterns. Because of eEye's extensive knowledge of the many ways in which IIS servers can be attacked, as well as the nature of an application firewall, even undiscovered vulnerabilities specific to IIS are secured.

Blocks Against Entire Classes of Known & Unknown Attacks

SecureIIS does not rely upon a database of attack signatures that require regular updating. Instead, it uses multiple security filters to inspect web server traffic for such issues as buffer overflows, parser evasions, directory traversal and other attacks. Therefore, SecureIIS is able to block entire classes of attacks, including those attacks that have not yet been discovered.

SecureIIS protects against the following attack types:

  • Buffer Overflow Attacks: SecureIIS checks the lengths of all client-supplied buffers. If the data is larger than the maximum size allowed, SecureIIS will drop the connection, thereby avoiding a buffer overflow.
  • Parser Evasion Attacks: Insecure string parsing can allow attackers to remotely execute commands on the machine running the web server. SecureIIS checks for various characters in a string that would allow an attacker to add on commands to a normal value. If these characters are found, SecureIIS will dropthe connection.
  • Directory Traversal Attacks: In certain situations, various characters and symbols can be used to break out of the web server's root directory and access files on the rest of the file system. SecureIIS checks for these characters and also blocks access to specific directories.
  • General Exploitation: By checking for common attacker "payloads" such as cmd.exe in the exploiting data, SecureIIS can prevent an attacker from gaining unauthorized access to your web server and its data.
  • High-Bit Shellcode Protection: Normal English-language web traffic does not contain high-bit characters. SecureIIS will drop all requests containing high-bit characters, which often signal a potential buffer overflow attack.
  • RFC Compliancy: SecureIIS prevents attackers from manipulating the HTTP protocol in attempts to bypass security systems and exploit security holes.
  • Other Attacks: SecureIIS has additional checks in place to identify — and drop — requests that contain recognized patterns. Limitations are also placed on the size of uniform resource locators (URL/URI), HTTP variables, request methods, request header size and other HTTP-related content.

Central Policy Management

SecureIIS gives you the ability to manage settings for any number of machines from a single central machine. Once a policy is configured and exported from the central machine, other machines can be set to automatically import the policy and any future changes made to it.

Logging of All Blocked Requests

SecureIIS maintains a log of all dropped requests that is easily accessible from the main SecureIIS interface. The log provides detailed explanations as to why requests were denied. In addition, regular analysis of these logs can help you identify performance issues with your website such as non-existent pages, links to restricted directories and more.

Real-Time Charting

SecureIIS also allows you to monitor activity in real time by viewing graphs that represent a count of current log entries. There is a chart for each of the most common classes of attack as well as for the number of successful, non-attack hits on the website.

Protection Against SSL Encrypted Sessions

Unlike traditional network firewalls, SecureIIS has the ability to analyze HTTPS sessions before and after SSL (Secure Socket Layer) encryption, and can therefore stop attacks on both unencrypted and encrypted sessions.

Flexible Export Capability

SecureIIS maintains a log of all dropped requests that is easily accessible from the main SecureIIS interface and can be exported in any number of different formats including tab delimited, text, Excel, SQL and more.

Technical Support

Phone: 949-333-1900

Solutions

Services

Support

Training

Compliance

© 1997-2008 Mission Critical Systems. All Rights Reserved. Call: 877.744.3444
Email: sales@locked.com