Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Keeping an eEye on IIS Web Server: Page 2 of 3

Watch it Run

It wasn't difficult to install the components; preparing the database to use REM Events Server was the biggest hurdle of the entire installation process. Fortunately, the purchase of an EWP solution from eEye includes an engineer installation visit. You don't need to worry about installation nuances beyond the integration of future additional SecureIIS clients. Luckily, I found incorporating a new SecureIIS install into the EWP framework a piece of cake. You simply install SecureIIS like normal, then install the REM Events Server Client and supply the public key produced by your REM Events Server.

Good
• Integrates with all eEye products
• Trouble-ticket system greatly streamlines the security incident follow-up process
Bad
• Lacks integrated SecureIIS configuration management support
• Is only valuable in eEye-product-laden environments
Vendor Info
Enterprise Web Protection eEye Digital Security; Price starts at $20,000 for five servers (949) 349-9062 (866)339-3732 www.eeye.com

Once all the components were installed and configured, I tested EWP by triggering a few choice Unicode attacks against my SecureIIS-protected Web server. The attack alerts showed up on the REM Events Manager alerts Web page, and I could view the particulars of each event as well as assign them for handling and remediation.

My main disappointment with EWP is its inability to manage the actual SecureIIS configuration. Fortunately, SecureIIS allows you to import a central configuration policy file. It would be nice, however, if that central policy was integrated into the REM Events Manager.

I also encountered a few minor annoyances. Rule construction for the automatic assigning of predefined incoming events is a bit inflexible and general in nature. The event search functionality is limited to keyword searches of the generic event titles, rather than event specifics, which makes it nearly impossible to search for events generated by a specific source IP address.