eEye SecureIIS Web Server Security Overview:

Secure Vulnerabilities with a Web Application Firewall that Exceeds Regulatory Compliance Requirements.

SecureIIS web server security delivers integrated multi-layered windows server protection. SecureIIS provides application layer protection via integration with the IIS platform as an ASAPI filter, protecting against known exploits, zero day attacks, and unauthorized web access.

Vulnerabilities in software applications are responsible for the vast majority of network security breaches and data loss today. Specifically, web server applications like Microsoft's IIS are consistently targeted because of the ease of application deployment and potential flaws inherent with coding and configuration mistakes. Because web servers often provide a portal to the internal network, they require a more formidable and customized level of protection above and beyond what network firewalls or intrusion detection systems can provide. Developed by eEye Digital Security as the most comprehensive IIS application firewall, SecureIIS™ operates within IIS to actively inspect all incoming requests at each stage of data processing. In this way, SecureIIS prevents potentially damaging network traffic, whether encrypted or unencrypted from penetrating your servers and compromising your web based applications.

Web Server Protection - Complete zero day protection for one of the primary portals to your internal network.

Application Layer Protection - eEye Digital Security pioneered the concept of application-layer protection, which has revolutionized proactive security. Unlike network-layer protection products, an application-layer solution works within the application that it is protecting. SecureIIS inspects requests as they come in from the network layer, as they are passed up to the kernel, and at every level of processing in between. If at any point SecureIIS detects a possible attack, it can take over and prevent unauthorized access and/or damageto the web server and host applications.

IIS ISAPI Integration - SecureIIS was developed as an ISAPI filter, which allows for a tighter integration with the web server as compared to other application firewalls. SecureIIS monitors data as it is processed by IIS and can block a request at any point if it resembles one of many classes of attack patterns; including SQL injection and cross site scripting. Because of eEye's extensive knowledge of the various ways in which IIS servers and web applications can be attacked, as well as the nature of an application firewall, even undiscovered vulnerabilities are secured and thwarted.

Zero Day Protection - Unlike network firewalls and intrusion detection systems, SecureIIS does not rely upon a database of attack signatures that require regular updating. Instead, it uses multiple security filters to inspect web server traffic that could cause buffer overflows, parser evasions, directory traversal, or other attacks. Therefore, SecureIIS is able to block entire classes of attacks, including those attacks that have not yet been discovered. SecureIIS provides true zero day protection for entire classes of attacks whether known or unknown.

Compatibility and Key Features - SecureIIS works with and protects all common web-based applications such as Flash, Cold Fusion, FrontPage, Outlook Web Access, and many third party and custom applications. Configurations can be modified without having to restart the web server, thus preventing disruption of the active website. SecureIIS runtime logs provide detailed explanations as to why requests were denied and allow for data to be exported in any number of different formats including tab delimited, text, and Excel. This activity can also be graphed in real-time based on class of attack. Regardless of the communications protocol, SecureIIS offers protection without affecting service levels on your web server, and even stops attacks on encrypted sessions based on the ability to analyze the content of HTTPS sessions before and after SSL encryption.

Designed by Security Research Experts - eEye is recognized as one of the most trusted and respected sources dedicated to improving IIS security. eEye's research team is credited with having discovered several high-severity IIS vulnerabilities that would have allowed an attacker to gain complete remote control over a susceptible server.

Features and Benefits:

Features:

Application Layer Protection - Inspect requests as they come in from the network, handed off at the kernel, and at every level of processing in between. SecureIIS will prevent unauthorized access and/or damage to the web server.

Integration with IIS - SecureIIS integrates as an ISAPI filter, monitoring data as it is processed by IIS, blocking requests at any point if it resembles one of many an attack pattern.

Zero Day Protection - eEye's extensive research and knowledge of the many ways in which IIS servers can be compromised, both know and yet-to-be-discovered vulnerabilities specific to IIS are secured.

Complete Attack Protection - SecureIIS protects these attacks, and more: buffer overflow, parser evasion, directory traversal, high-bit shellcode, RFC compliancy, and general exploitation.

Encrypted Session Protection - Unlike traditional network firewalls, SecureIIS can analyze HTTPS sessions before and after SSL (Secure Socket Layer) encryption, and can therefore stop attacks on both unencrypted and encrypted sessions.

Additional Features and Benefits

SecureIIS protects against the following attack types:

SQL Injection - SecureIIS is designed to filter the most common commands and characters used in SQL injection attacks. This stops SQL injection attempts dead in their tracks and can be verified with Retina Web Security Scanner.

Buffer Overflow Attacks - SecureIIS checks the lengths of all client-supplied buffers. If the data is larger than the maximum size allowed, SecureIIS will drop the connection, thereby avoiding a buffer overflow

Parser Evasion Attacks and High-Bit Shellcode Protection - Insecure string parsing can allow attackers to remotely execute commands on the machine running the web server. SecureIIS checks for various characters in a string that would allow an attacker to add on commands to a normal value. If these characters are found, SecureIIS will drop the connection. In addition, normal English-language web traffic does not contain high bit characters. SecureIIS will drop all requests containing high bit characters, which often signal a potential buffer overflow attack.

Directory Traversal Attacks - In certain situations, various characters and symbols can be used to break out of the web server's root directory and access files on the rest of the file system. SecureIIS checks for these characters and also blocks access to specific directories and can even alert when specified files or directories are accessed or modified or even deleted.

RFC Compliancy and Other Attack - SecureIIS prevents attacks from manipulating the HTTP protocol in attempts to bypass security systems and exploit security holes. SecureIIS has aditional checks in place to identify and drop requests that contain recognized patterns. Limitations are also placed on the size of uniform resource locators (URL/URI), HTTP variables, request methods, request header size and other HTTP-related content and payloads that try to use common commands like cmd.exe.

Enterprise Vulnerability Management

Designed for a range of small business, medium business (SMB), to large enterprises, Retina Network Security Scanner is available as both a network security software solution plus a vulnerability management appliance solution.

• Centralized Vulnerability Managementt
  Integrated vulnerability assessment, policy enforcement, policy auditing; improving enterprise network security.
• Centralized Incident Management
  Prioritized vulnerability management plus client security threats and attacks; reducing security risk plus network security response.
• Enterprise Security Reporting
  With integrated vulnerability, attack and policy information provided by Retina and Blink, REM provides organizations with metrics and graphical representations of their enterprise security posture.
• Executive Dashboard
  Customizable reports and charts; integrated asset management, client security, risk assessment, plus vulnerability assessment.

Specifications:

SecureIIS Web Server Security integrates directly with your Windows IIS Servers. SecureIIS requires the following minimum system requirements:

• Windows 2000 Server SP1+ with IIS 5.0
• Windows 2003 Server (32-bit and 64-bit) with IIS 6.0
• Windows Server 2008 (32-bit and 64-bit) with IIS 7.0
• Intel Pentium II 400Mhz (or compatible)
• 256MB Memory
• 80MB Free Hard Disk Space
• Network Interface Card (NIC) with TCP/IP enabled
• Note: IIS Proxy Server is NOT supported
• Note: IIS 6.0 Personal Edition is NOT supported

SecureIIS Screenshots:

	SecureIIS Quick Start Wizard SecureIIS Quick Start Wizard walks you through the initial steps to secure your IIS Web server.
	SecureIIS Monitoring SecureIIS allows you to manage and monitor which files can be accessed via the Web.
	SecureIIS Site Security SecureIIS gives you the ability to narrow or broaden the scope of your protection.
	SecureIIS Log Viewer SecureIIS Log Viewer gives you all the pertinent information related to attempted attacks on your Web servers.

Awards:

Windows IP Pro Readers Choice Award — SecureIIS Web Server Protection was selected second runner-up in the Web Application Security category of the WindowSecurity.com Readers’ Choice Awards February 26, 2009

Documentation:

Download the eEye SecureIIS Web Server Security Software Datasheet (PDF).