Home > Downloads > ServerDefender AI

ServerDefender AI

By port80

Category	Security Administration
License	Free
Downloads	642
Supported by	Email, Phone, Knowledge base, Forums
Works with	IIS 5, IIS 5.1, IIS 6
Documentation	ServerDefender AI Documentation
Updated on	2/27/2009 6:18 PM

Overview

Advanced Behavioral Learning Web Application Firewall

The new ServerDefender Artificial Intelligence (AI) Web application firewall is designed to provide immediate protection for Web sites and applications running on the Microsoft IIS Web server by blocking known HTTP, IIS, Windows, and application attack signatures:

HTTP methods
URL characters and request elements
URL query strings
POST data
Specific HTTP request headers.

ServerDefender AI then goes beyond mere signature blacklisting by learning, from your Web logs or by monitoring traffic with your guidance, exactly what is legitimate traffic for your site and blocking anything else:

An advanced behavioral engine organizes IIS server requests into a multi-dimensional baseline of normal system activity.
Each server connection and request is scrutinized by the rule-set configured in ServerDefender AI and also by the behavioral baseline to identify and take action against any activity falling outside trusted parameters.
ServerDefender's anomaly detection and intrusion prevention capabilities progressively improve as the baseline evolves automatically or based on input from Web administrators.

Combining attack countermeasures -- ranging from 404 error presentation, robust IP blocking to IIS shut-down -- with reporting and real time alerts (via e-mail, SMS/text message, and instant messaging services), ServerDefender AI is the complete solution. The software analyzes, detects and responds to suspicious activity, accurately differentiating between trusted and untrusted behavior to thwart hacker attacks such as:

SQL injection
cross-site scripting (XSS)
request forgery (CSRF)
buffer overflows
directory traversal
zero-day
brute force
dictionary

In short, only safe, trusted requests are allowed to the application and database layers of your Web site or app.

ServerDefender AI adds its own external layer to protect application source code and database layers from attack with no additional hardware infrastructure, no single point of failure, and low overhead. This Web app firewall leverages your existing IIS Web server resources to stop unauthorized access or remote control of your network, site defacement, and loss of data.

Features

Attack signature and behavioral learning Web application firewall protects against known, unknown, and new Web hacking attacks against Microsoft IIS Web servers, Windows operating systems, and popular Web application platforms like ASP.NET, ColdFusion, Java/JSP/J2EE, Perl, PHP, Python, Ruby -- and now, even Ajax and JavaScript
Configurable, predefined HTTP/HTTPS request event classifications offer signature-based defense, with specific rule enforcement by:
- HTTP Methods (OPTIONS, GET, POST, HEAD, and all possible HTTP methods/operations)
  - New! Supports local proxy servers using the XFF (X-Forwarded-For) request header
- URL Paths (Any characters, extensions or symbols possible in a request URL)
  - Request Throttling: Special Request Frequency feature in URL Path rules allows for control of requests per second to a given URL to avoid automated attacks on key entry points
- URL Query Strings (Length of variables + Signature rules for detecting SQL injection and XSS)
- HTTP Request Headers
- IP addresses and address ranges (Whitelist/blacklist with duration control and included WHOIS lookup for accuracy)
Artificial intelligence (AI)-based behavioral engine in Training Mode reviews Web traffic patterns to establish a baseline of Trusted and Untrusted Events
- New requests are screened against the baseline to determine if request should be trusted based on previous request history and training database
- Offers both supervised and self-learning capabilities
- Adjustable sensitivity levels and percentage of requests to be analyzed
- Requires periodic event review, classification and retraining of database for maximum effectiveness
Extensive Threat Management Options when a request falls outside of an allowed or trusted profile, including:
- Block request by serving HTTP 404 File Not Found response
- Block IP for subsequent HTTP requests
- Deny all ports for IP requests with Network IP Blocking feature
  - Advanced Network IP Blocking via NDIS driver provides performant blocking at TCP/IP and UDP layers for all ports so hacker requests never get to IIS!
- Stop Microsoft IIS Web services
Inactive monitoring mode allows for easy testing of ServerDefender AI without interrupting production Web serving
Multiple, configurable notification alert options for blocked requests in real-time via:
- Pager
- E-mail
- SMS or text message
- MS Messenger service
- On-screen/audio security alert notification on Web server's desktop
Microsoft Management Console (MMC)-based UI Settings Manager with settings stored in Windows registry
Remote Deployment and Management to install, manage and monitor Web app security on multiple servers (settings applied across server, not by individual virtual server or site)
Full consolidated logging of events and request event details (with exportable log files)
HTML reporting on most frequently requested URLs and request IP addresses
Compatible with IIS Lockdown, URLScan, major third party server-side scripting platforms like ASP, ASP.NET, PHP, JSP, ColdFusion, and Perl
Supports FrontPage publishing, Outlook Web Access (OWA), and other Microsoft platforms running on the IIS Web server
Super-fast, stable ISAPI filter with no noticeable server performance impact
Adjust settings without an IIS restart
Quick and easy installation and configuration

Benefits

Server protection

Requirements

System Requirements

IIS 6.0 / Windows Server 2003 (all x86-32 Bit versions; sign up for the x86-64 Bit Beta Alert)
IIS 5.1 / Windows XP (not recommended for production use)
IIS 5 / Windows 2000
Note: IIS 7 / Windows Server 2008 not yet supported (sign up for the IIS 7 Beta Alert)