New Page 1
IIS web application firewall, web application security, personal firewall, intrusion prevention, security data analytics   Home | News | Company | Contact   
 

>> In the News

 

>> Press Releases

 
September 22, 2009
 Privatefirewall "Highly Recommended" by Bright Hub! 
  
June 27, 2008
 Privacyware Makes CRN 2008 Emerging Vendors List. 
  
September 4, 2006
 Privacyware going corporate: Host-based intrusion-detection software gains management platform.   
  
September 4, 2006
 Privacyware has upgraded its desktop defense software, Privatefirewall 5.0, a multi-layered endpoint security product.  
  
June 13, 2006
 TrimMail's Email Battles - Behavior-based shield aims to nail Zero Day threats.
  
September 22, 2005
 Sarbanes-Oxley Compliance Journal - What is the single most challenging Sarbanes-Oxley issue today?
  
September 1, 2005
 ThreatSentry 2.0 Product Review: Guard the Door - ThreatSentry protects IIS servers from both known and unknown types of attacks.
  
August 21, 2005
 Niche Players, Niche Products Small resellers find success, profit by going with alternative products.
  
August 8, 2005
 Q&A w/e-Convergence Founder Joe Heinzen - Distributor chief talks about the changing market and how he satisfies customers.
  
July 22, 2005
 Compliance can be achieved through Organizational Improvements and Effective Process Automation Projects.
  
July 20, 2005
 Quest InTrust for Windows Enhanced to Support Heterogeneous Environments.
  
July 20, 2005
 Quest InTrust for Active Directory Offers Activity Tracking and Change Auditing in a Single Product.
  
June 6, 2005
 Privatefirewall 4.0 adds antispyware protection.
  
March 24, 2005
 Thou Shalt Not Do Business Carelessly: Managing Compliance Standards.
  
March 22, 2005
 Larkware reviews ThreatSentry version 2.0.
  

 

 
 

 


(click here to view actual article)

March 22, 2005 - Larkware reviews ThreatSentry version 2.0

By Mike Gunderloy
ThreatSentry is an inexpensive intrusion detection and prevention system that integrates well with Microsoft IIS - in fact, it integrates better with IIS than any other intrusion detection software that I've seen. ThreatSentry is implemented as an ISAPI filter, an managed through an MMC snap-in, so its use and technology are a perfect fit for the rest of the IIS world. Basically, it keeps an eye on IIS requests as they go by, and when it sees something suspicious, stomps on it for you. Some of its capabilities overlap those of Microsoft's free UrlScan utility, but ThreatSentry offers more flexibility and a greater range of response options for traffic that you'd rather do without.

Although ThreatSentry comes with its own database of predefined rules to watch out for common web attacks (such as HTTP verbs that you probably don't want to get through and request strings that are part of known worms), that's only the beginning. When you first install it, the software launches in a training mode, where it listens in as normal traffic flows on your server. This gives it a baseline of what requests are supposed to look like, and it uses this to build up a database of known good page requests. If future traffic is markedly different from the training database, ThreatSentry gets suspicious and denies it. The administrator can monitor the log of blocked requests and train ThreatSentry further by confirming them or by marking the requests as OK, further fine-turning its notion of what should be allowed.

You can choose whether you want bad requests to be blocked entirely, or just to be logged with notification to you. If they're blocked, you can also firewall the offending IP address from your server across the board so it can't get into any other mischief.

I tried ThreatSentry on the Larkware server, which also hosts a batch of other sites, and it performed as advertised, knocking down a pile of the nuisance traffic that plagues any server on the Internet these days. Installation was easy, management was simple, and it was basically software I could just forget about and monitor every now and then as it went about its business. For $99, this seems like a pretty cheap bit of peace of mind to add to any server that's on the net. If you want to give it a look yourself, you can download a 30-day trial from the Privacyware site.

 
 

 

©1999-2010 PWI, Inc. All rights reserved. Privacy policy


personal firewall, intrusion prevention, security information management