Portal Home > Knowledgebase > Articles Database > Best Web application Firewall for IIS
Best Web application Firewall for IIS
| Posted by nashenas, 05-03-2012, 02:00 AM |
| Hi there,
Someone defaces all of our websites in windows server 2008.
He removed all files in hosting spaces and upload his index files.
Please advise which web application firewall exist for IIS ?
I have installed windows server 2008 with websitepanel control panel.
There are many tools for apache like mod_security but I don't have any idea for IIS .
|
| Posted by Softsys Hosting, 05-03-2012, 02:08 AM |
| I'll rather recommend you to check permissions of your folder to ensure that it is not exploited and there are no folders with access to "Everyone" or Anonymous FTP access enabled. You can use inbuilt Windows Firewall and it should suffice for most cases.
|
| Posted by boonchuan, 05-03-2012, 02:31 AM |
| Try zonealarm, cheap and free. Maybe pay a bit more for the Pro edition
|
| Posted by nashenas, 05-03-2012, 03:10 AM |
| The permissions are correct.
The permission of hosting_spaces folder as follow :
SYSTEM ( Group ) has Full control
Administrators ( Group ) has full control
Users ( Group ) has Read&execute only .
Should I remove Users Group for hoting_spaces ?
Zonealarm is a firewall for PC . I'm looking a firewall for web server as prevent SQL Injection, XSS,filtering for specific request types POST, GET and etc.
|
| Posted by lifewithcause, 05-03-2012, 01:45 PM |
| No such software on Windows yet, AFIK
|
| Posted by BiggyMike, 05-03-2012, 04:23 PM |
| Found this on the IIS Website
http://www.iis.net/download/UrlScan
|
| Posted by mugo, 05-03-2012, 04:40 PM |
| Also, look at what your IIS Inet user is, and what groups and permissions they have applied.
Should have read execute at most, write, only where very well defined by some chroot.
Note that no firewall will stop this. If they are uploading over FTP or exploiting a script via permission over port 80, you would still have to have that open...you could find and block the attackers via IP, but that usually leaves you running around in circles chasing your tail.
MS IIS sets some funky default perms, especially in the cgi areas, in the past their default "example" scripts were actually exploited. Ahem.
Also, if you are using PHP, especially with CGI (not fastcgi) there is a current exploit going around for that.
What other than html is in use on the defaced sites? PHP, ASP, any Databases, etc? If the data being changed is, say, content and they are not actually overwriting web files, it could be a sql injection...think along those lines also. A light bulb will eventually go on.
|
| Posted by plumsauce, 05-03-2012, 08:01 PM |
| Who in their right mind runs a server without checking permissions, runs code that they don't know, and runs code meant as examples? Ahem.
IIS run by experienced, security minded IIS admins are quite secure. IIS run by inexperienced people poking around looking for the equivalents that they are used to in LAMP are a disaster waiting to happen.
|
| Posted by mugo, 05-03-2012, 08:23 PM |
| As I remember back in 2000 almost everyone.
Just trying to help OP. everyone isn't the uber admin you and I are.
|
| Posted by prickett233, 05-03-2012, 08:51 PM |
| You could run modsecurity with apache configured as a reverse proxy to IIS
|
| Posted by prashant1979, 05-04-2012, 06:30 AM |
| I have tested DotDefender in the past and would save it is an awesome piece of software which blocks almost all types of web attacks. Obviously there are false positives too, but they are more due to poor programming than Software bugs. Overall a good product and highly recommended.
|
| Posted by nashenas, 05-04-2012, 10:24 AM |
| Thank you for your good link. I'll try it.
What is the price of this product . I couldn't find any information about costs in their website.
|
| Posted by brianoz, 05-05-2012, 09:23 AM |
| check to see if the defacement is being done via ftp; if it is then you will need to find out where your ftp passwords are being stolen. This is pretty likely to be the vector and would be simpler to block than finding a website exploit - although something like urlscan would probably be a great idea.
|
| Posted by andycola, 05-09-2012, 02:46 PM |
| Are you interested in software options? ServerDefender VP is a very user-friendly and super powerful software WAF for IIS... They have a free trial if you want to give it a try. Really like the level of customization available for policies.
Also, I would recommend checking out mosaicsecurity.com as a comparison tool and the OWASP site for more info on Web app firewalls and Web security in general.
|
| Posted by top hosting, 05-09-2012, 11:42 PM |
| DO you have try this ones?
"DotDefender for web application security" from applicure technology.
|
| Posted by andycola, 05-10-2012, 01:45 PM |
| Here's a review of dotdefender - it's kind of pricey...
Just paste this in - I still can't post hyperlinks
scmagazine.com/applicure-dotdefender-for-iis/review/2681/
I actually thought about trying it out a while back until I saw that review.
|
| Posted by Collabora, 05-10-2012, 01:53 PM |
| Addressing OP: Use the built in Windows Firewall with Advanced Security. If you need something better an external appliance is the way to go. The Windows Firewall with Advanced Security console can be opened from the Administrative Tools menu
|
Add to Favourites 
Print this Article
Also Read
PHP Defunct (Views: 794)