Places the emphasis on prevention, rather than cure.
Works only with IIS on NT/2000, and there is no alerting functionality.
Applock/Web offers a good solution to locking down both the web server and the operating system.
Applock/Web works for web servers based on Microsoft IIS running on Windows NT/2000. It locks down both operating system and web server application. It auto-discovers which files are associated with web server functions (this may include web content and web scripts) and locks them down. It works within the operating system at the kernel level.
Installation is very easy, and the AutoDiscovery feature automatically searches for over 200 different file extensions commonly used to support IIS web servers. You can add to this list of file extensions and manually configure which files and folders need to be protected, but the default setting will be suitable for most situations.
It is easy to make authorized changes. Applock/Web uses password authentication and public-key-encrypted communications to enable an authorized administrator to make necessary changes. Then the server is locked down again immediately. Strong passwords are enforced to prevent easily crackable passwords.
AppLock/Web protects user accounts, date and time, the Microsoft IIS metabase, and the stack buffer against overflows and other common attack methods. Even someone with web server administrator privileges cannot make changes to protected files or the registry without the lockdown password.
Although it works at the kernel level, AppLock/Web does not modify the NT/2000 kernel. AppLock/ Web is installed as a device driver, which extends the capabilities of the Microsoft kernel. Because Applock/Web uses programming methods commonly used by encryption and anti-virus programs, there is no need for any special kernel certification. It uses well-known and published entry points that require no proprietary knowledge of or access to the inner workings of the operating system.
Logging is provided for later analysis or forensics. When access to a protected file is denied by Applock/Web, a record is kept in the Windows System Event Log. This log may be used later to identify intrusion attempts and provide evidence of hacking attacks.
Central management of multiple instances of Applock/Web is easy with WatchGuard's ServerLock Manager application. ServerLock Manager uses a combination of kernel-based PKI, a 239-bit eliptical curve cryptosystem (ECC) from Certicom, and triple-DES encryption to protect instructions and communications from the management console.