Entercept shields Microsoft IIS from attacks

Entercept shields Microsoft IIS from attacks

By William Jackson

GCN Staff

Entercept 2.0 intrusion protection software from ClickNet Security Technologies Corp. of San Jose, Calif., runs under additional Web server operating systems and now protects Microsoft Internet Information Server.

The original release ran under Microsoft Windows NT. Version 2.0 also supports Windows 2000 and SunSoft Solaris.

The host-based Entercept has a centralized management console and a server-resident agent. The agent initiates communication with the management console, leaving no ports open for listening. The agent filters calls to the server OS and compares them against signatures of known attacks before it allows calls to execute.

If an improper call is identified, the agent consults security policy to determine its actions, which can range from logging and notification to terminating the session.

Attack strategy

Entercept uses signatures of specific known attacks as well as profiles of attack categories, such as buffer overflows. The new version adds Trojan horse signatures to its specific attack database.

The biggest change is the addition of specific protection for Internet Information Server from both known and unknown attacks by applying the signature method in reverse. Instead of looking for attack signatures that are excluded, it follows a signature of normal application behavior and allows only activities that fit the signature. All other activities are excluded.

Entercept uses the same process to protect itself from hackers, said Robin L. Matlock, ClickNet senior vice president of sales and marketing.

The Entercept 2.0 Web Server Edition with Internet Information Server protection is available only for Windows NT and 2000. Pricing is not yet available.

Contact ClickNet at 800-599-3200.


  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected