New NetIQ Security Module Provides Real-Time Protection

NetIQ Corp. announced it has made available a new module that in real time identifies the security holes in the e-commerce and e-banking sites running Windows NT and immediately prevents the hacker from exploiting them.

The solution is available to NetIQ Security Manager users as a new ActiveKnowledge module downloadable from NetIQ’s Web site.

The FBI recently released information about a series of economic extortion attacks that have already hit more than 40 e-banking and e-commerce sites running Windows NT. There are three vulnerabilities that comprise the attack. The first allows hackers to access the IIS server. Once access has been established, the second vulnerability involves the modification of certain registry keys and code that on restart allows the hackers to disable key security measures. The third allows unauthorized actions to be taken on the SQL or MSDE database.

Unique features of the Security Manager module that help stop the attack include its ability to detect the attack in real time and to take immediate automated action to stop the attack before security is compromised. For example, Security Manager monitors the IIS and SQL logs in real time and detects when someone attempts to utilize the IIS or SQL server exploit. Upon seeing the identifying signature, Security Manager launches an automated response to automatically block the attacking host’s IP address to that server. In addition, Security Manager identifies file signatures left behind in attacks. This allows IT personnel to take appropriate action if an attack has already occurred.

Contact NetIQ, (408) 856-3000,

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.