SecureIIS operates as an ISAPI filter for Microsoft's IIS (Internet Information Services) Web server, examining network requests in an attempt to identify potential attacks or intrusions.

SecureIIS examines information received by the server in real time; the vendor states that the product inspects the data from its receipt to the point where it is passed to the kernel "...and at every level of processing in between." The module relies not on a specific "attack signature" database, that is, a listing of specific, known programs used in the past by hackers to gain access to the Web server; but instead identifies and prevents attacks based on their attack methods - i.e., the means by which the individual programs gain access to the system. Such methods that are identified by SecureIIS include buffer overflow attacks (SecureIIS compares the length of provided data to that of all defined client-supplied buffers, dropping the connection if the maximum size is exceeded); checking for the existence of special characters within passed parameters that may lead to the execution of server-side commands; and directory traversal attacks (again, the presence of special characters that may allow an attacker to access directories outside of the document root are checked for; and access to specific directories can be completely blocked).

Other key features of the SecureIIS module include support for both standard and secure (HTTPS, or SSL) Web traffic analysis; logging features allowing administrators to see all requests denied by SecureIIS and the source of the request; and the ability to block requests containing characters with high bits, which are often used to gain access to the Web server shell.

New in the latest release of SecureIIS is support for the blocking of SQL Injection attacks; which the vendor states is accomplished through the filtering of common commands and characters used in such attacks.

SecureIIS is available now, with a price of $995. Visit the eEye Digital Security Web site for further information.