פתרון אבטחה לשרתי IIS

בתאריך 26 דצמבר, 2010

פתרון אבטחה לשרתיIIS מבוסס על ISAPI Filter ומספק הגנה אפליקטיבית בפני התקפות Web שונות . בין היתר התקפות כגון : Cross-site-scripting Cross Site Tracing Cache Poisoning Full Path Disclosure LDAP injection Relative Path Traversal SQL Injection

פתרון אבטחה לשרתי IIS

AQTRONIX WebKnight  

 

פתרון הגנה אפליקטיבי לשרתי IIS

פתרון זה הינו פתרון בתצורת ISAPI Filter

המותקן על שרת ה- IIS ומספק הגנה בפני התקפות ונסיונות פריצה לאתרים.

הפתרון מומלץ בין היתר ע"י ארגון ה- OWSP, ארגון המוביל את נושא אבטחת המידע האפליקטיבית בעולם.

http://www.owasp.org/index.php/Web_Application_Firewall

פתרון זה ניתן כתוכנת קוד חופשי אשר לא דורש רישון ,הטמעת הפתרון מהירה ומתאימה לשרתי IIS 5 /6 /7

פתרון זה נותן מענה למספר הנחיות ורגולציות בתחום אבטחת המידע ,כגון PCI

להלן תיאור הפתרון :

 

AQTRONIX WebKnight is an application firewall for IIS and other web servers and is released under the GNU General Public License. More particularly it is an ISAPI filter that secures your web server by blocking certain requests. If an alert is triggered WebKnight will take over and protect the web server. It does this by scanning all requests and processing them based on filter rules, set by the administrator. These rules are not based on a database of attack signatures that require regular updates. Instead WebKnight uses security filters as buffer overflow, SQL injection, directory traversal, character encoding and other attacks. This way WebKnight can protect your server against all known and unknown attacks. Because WebKnight is an ISAPI filter it has the advantage of working closely with the web server, this way it can do more than other firewalls and intrusion detection systems, like scanning encrypted traffic.

These are some features of WebKnight.

Open Source 
WebKnight is free software under the terms of the GNU General Public License.

Logging 
By default all blocked requests are logged. In addition all allowed requests can be logged as well, or you can run WebKnight in logging only mode. This last operation mode allows you to see the attacks in the log files without blocking them. WebKnight can also prevent blocked attacks from being logged to the web server log files. This way your web server log files will be kept clean and accurate.

Customizable 
The firewall can be customized for any need, including blocking certain 0-day exploits before the vendor released a patch.

Compatible with Web-Based Applications 
WebKnight is compatible with Frontpage Extensions, WebDAV, Flash, Cold Fusion, Outlook Web Access, Outlook Mobile Access, SharePoint…

HTTP Error Logging 
WebKnight can be configured to log the HTTP errors from the web server. This way you can log common errors like ’404 Not Found’ or more severe ones like ’500 Server Error’ to the logfile. Doing so allows you to detect errors in scripts or attacks on them. You can also use it to simply find broken links in your web site or configuration mistakes.

SSL Protection 
Unlike traditional firewalls, WebKnight can protect encrypted sessions over HTTPS.

Third-Party Application Protection 
WebKnight not only protects the web server, but can also be configured to protect third-party web server applications, e-commerce web sites or your custom web site.

RFC compliant 
WebKnight is RFC compliant and also includes the ability to scan the requests for RFC compliance.

Low Total Cost of Ownership (TCO) 
WebKnight comes with a Windows Installer package and remote installation scripts making it easy to deploy WebKnight in your enterprise. WebKnight also comes with a graphical user interface for changing WebKnight settings.

Run-Time Update 
Changes to the settings of WebKnight do not require restarting the web server and can thus be done without disrupting any services for your users. For performance reasons, detecting these changes only occurs every 1 minute


להסברים ולפתרונות אבטחה נוספים פנו ל-

info@zeroday.co.il

מאמרים נוספים...