|
SecureIIS
protects against the following types of attacks:
Buffer
Overflow Attacks
Buffer overflow
vulnerabilities stem from problems in string handling. Whenever a
computer program tries copying a string or buffer into a buffer
that is smaller than itself, an overflow is sometimes caused. If
the destination buffer is overflowed sufficiently it will
overwrite various crucial system data. In most situations an
attacker can leverage this to takeover a specific program's
process, thereby acquiring the privileges that process or program
has. SecureIIS limits the size of the "strings" being
copied. Doing this greatly reduces the chance of a successful
buffer overflow.
Parser
Evasion Attacks
Insecure string parsing can
allow attackers to remotely execute commands on the machine
running the Web server. If the CGI script or Web server feature
does not check for various characters in a string, an attacker
can append commands to a normal value and have the commands
executed on the vulnerable server.
Directory
Traversal Attacks
In certain situations,
various characters and symbols can be used to break out of the
Web server's root directory and access files on the rest of the
file system. By checking for these characters and only allowing
certain directories to be accessed, directory traversal attacks
are prevented. In addition, SecureIIS only allows clients to
access certain directories on the server. Even if a new hacking
technique arises, breaking out of webroot will still be
impossible.
General
Exploitation
Buffer overflows, format bugs,
parser problems, and various other attacks will contain similar
data. Exploits that execute a command shell will almost always
have the string "cmd.exe" in the exploiting data. By
checking for common attacker "payloads" involved with
these exploits, we can prevent an attacker from gaining
unauthorized access to your Web server and its data.
SecureIIS
also has the following features:
HTTPS/SSL
Protection
SecureIIS resides inside the Web
server, thus capturing HTTPS sessions before and after SSL
(Secure Socket Layer) encryption. Unlike any Intrusion Detection
System or firewall currently on the market, SecureIIS has the
ability to stop attacks on both encrypted and unencrypted
sessions.
High
Bit Shellcode Protection
Shellcode is what
is sent to a system to effectively exploit a hole called a
"buffer overflow". High Bit Shellcode Protection offers
you a high degree of protection against this type of attack
because it will drop and log all requests containing characters
that contain high bits. All normal Web traffic, in English,
should not contain these types of characters and almost all
"shellcode" requires them to produce the effective
exploit.
Third
Party Application Protection
The power of
SecureIIS is not limited to IIS specific vulnerabilities.
SecureIIS can also protect third party applications and custom
scripts from attack. If your company has developed customized
components for your Web site, components that might be vulnerable
to attack, you can use SecureIIS to protect those components from
both known and unknown vulnerabilities. Let SecureIIS work as
your own web based “Security Quality Assurance”
system.
Logging
of Failed Requests
In the installed
SecureIIS directory, we post a file called SecureIIS.log. This
file contains a log of all attacks and what triggered the event
that caused SecureIIS to drop the connection. This is an
effective way to monitor why requests are being stopped, and who
is requesting things that they shouldn't. Since SecureIIS
enforces a strong security policy for how sites are configured,
you can use this log to find places where your Web site may not
be acting correctly due to an insecure setting. Also, since
Internet Information Server has the unfortunate habit of not
logging attacks like buffer overflows that are successful, a
twofold security benefit is provided here. Such attacks are not
only stopped, but also logged so you can take action accordingly.
Additional
Checks
Additional checks are in place for
attacks that do not follow recognized patterns, such as the
common ones listed above. This approach provides extra security
and protects against various attacks that involve data conversion
problems. Limitations are also placed on the size of Uniform
Resource Locators (URL/URI), HTTP variables, Request methods,
Request Header Size, and other HTTP related content.
All
of these additional protection features make SecureIIS the
product of today that protects you from the attacks of tomorrow,
making it the ultimate proactive security tool.
System
Requirements
|
