Toolbox: New products for IT professionals
This month’s troika of products lets you beef up your firewall security, visualize SQL task automation and test HTTP services.
If you’re running a public-facing Web server secured only by a port-blocking firewall, you may want to consider adding a Web application firewall. Using a port-blocking firewall to expose services is a good first step, but having port 80 or 443 open for Web applications still leaves a pretty large surface area for malicious intruders. A Web application firewall gives you an extra layer of protection by inspecting all requests coming into your server on those open ports.
ServerDefender VP may do the trick. The PCI-compliant ServerDefender VP works with IIS version 6 on Windows Server 2003 SP2, IIS 7 on Windows Server 2008 SP2, IIS 7.5 on Windows Server 2008 R2 SP1, and IIS 7 and 7.5 on Windows Server 2012. It’s compatible with 32- and 64-bit systems. It runs as an ISAPI filter, intercepting requests before they hit your sites. Then it lets them through, and logs them or blocks them.
Setting up ServerDefender VP is straightforward. After installation, ServerDefender VP jumps to the Configuration Wizard. Here you can tailor the setup to your server’s IIS configuration in either Standard Mode or Expert Mode. Standard Mode does most of the lifting for you. Expert Mode lets you configure more program options up front. You can toggle between modes after your initial configuration once you’re more familiar with the program functions. Once you’ve stepped through the Configuration Wizard, ServerDefender VP is up and running.
The application runs in Log Only mode by default, so you won’t have to worry about blocking legitimate traffic. You can tailor the application firewall rules to block only those requests that are a legitimate nuisance or viable threat. You can also give each site on your IIS server its own application profile. ServerDefender VP has five application profiles: General Public Site, Outlook Web Access, Microsoft SharePoint, DotNetNuke and Custom. The names define how the application firewall will behave.
In Standard Mode, you can “crank up” the logging and enforcement levels with a simple scale of one to five. As you change the levels, the view shows you what levels of protection and logging you get. ServerDefender VP will try to protect you from SQL injection, cross-site scripting (XSS) attacks, directory browsing, unused or un-favored HTTP methods, cookie tampering, bots, Denial of Service (DoS) attacks and session tampering. Click the Expert View toggle and you can jump deeper into the configuration and you can tailor the different attributes of each type of protection.
You’ll want to keep the application firewall running in log-only mode for a while to ensure the rules are customized to your applications. It’s comforting to know that toggling from Log Only to On or vice versa takes only a simple mouse click. If you do end up blocking legitimate traffic, you can switch back without much headache. To see how and what ServerDefender VP is doing, check the Site Status panel. Here you can see summary stats on all of your Web sites, including request counts, session counts and basic attack type counts.
Click on a particular site to bring up the Log Viewer. Here you can see detailed views into requests, the threat level, and which action would be or was taken against the request. You can also see request details such as the point of origin, hostnames, IP addresses, request URLs and other various details about the event.
There are find and filtering features in the Log Viewer as well, so you can tailor the view to find the requests you want to look at. The Log Viewer can work in real time, so you can watch events come through the pipeline. If you pause the Log Viewer, you can then sort by the various columns. Right-click on a particular event to bring up a context menu with options for filtering to that session, IP, or URL, as well as block IPs and add exceptions. You can also jump to tools like traceroute, ping, and nslookup or browse to the target URL.
For notifications, you can choose e-mails or Simple Network Management Protocol (SNMP) alerts; route data to syslog; or write events to the Windows Event Log. The Daily Report sends an e-mail of summary statistics each day at a specified time as a reminder of how your sites are doing and the types of threats being filtered.
ServerDefender VP is $995 for a single-server license; volume discounts are available. There’s a 30-day free trial on the site as well. If you’re looking for that next layer of security on your Windows Server IIS instances, it would be worth checking out the Port80 Software ServerDefender VP Web application firewall.
Microsoft SQL Server Agent provides powerful task automation. As your data and administrative complexities increase, though, it’s hard to see which scheduled jobs might conflict with others. One tool that aims to help you visualize those complexities is the free SQLjobvis utility from the U.K.-based SQLsoft.
SQLjobvis is built on the Microsoft .NET Framework, and supports SQL Server 2000 and higher. After installing SQLjobvis, simply connect to the SQL Server instance for which you’d like to visualize the SQL Agent jobs and click OK. SQLjobvis also has a portable no-installer version you can download, so you could easily keep the application with you as you go from place to place or keep it on your network share. Either way, once you start the application, you’ll then see a timeline-based, colorized representation of the current SQL Agent jobs on the target system.
You can then tailor the view in a number of ways. You can set the date range to see both historical runs and future schedules. You can filter jobs by category, hide disabled jobs, hide inactive jobs, show only failed jobs, show long-running jobs or show only “clashing” jobs. You can also sort the jobs by name, total runtime, frequency, time clashing or earliest start time.
There’s also a “zoom-to-fit” feature. This lets you compress the date range in your view for easier long-term planning. The view will auto-refresh by default, so you could keep this view on your network operations screen as a constant reminder of SQL Agent processing. The interface is tabbed, so you can easily toggle between different SQL Server Agents. You can also export the data to a CSV file for record keeping or repurposing.
You can define the default start date, set which days are considered “working days,” define what constitutes a long-running job and set colors for the various job states. It’s simple, useful and free. So, if all those SQL Agent jobs are giving you a headache, take a look at SQLjobvis. Its SQL Agent job history visualization might be just the relief you need.
When setting up a new application monitor on your host- and service-monitoring tool, sometimes you can’t use the production environment as a test bed. The new monitor might not be configured correctly or provide the correct notification in response to an outage. One useful tool for testing HTTP-based services is httpbin. This is hosted at httpbin.org.
The site is a general HTTP request and response service. This can be quite helpful for testing out HTTP clients. The homepage gives you the overview of the various service endpoints available for testing, such as “/get,” which will return an HTTP GET response; “/gzip,” which returns gzip-encoded data; and “/cookies,” which, naturally, returns cookie data.
In terms of service monitoring and health checks, there are a few more endpoints tuned to administrative tasks. The “/status” check lets you request a particular HTTP response. For example, you could request “/status/500” to ensure your monitor behaves correctly when you encounter an HTTP error code of 500. There’s also “/delay/:n” check, which delays for n seconds before returning a response. This is helpful for verifying a monitor that requires a service responds in a timely manner, and notifying you if it doesn’t.
There’s an “/html” check, which lets you verify a content-check, and “/redirect/:n,” which redirects you n times. You can use this to set up a monitor for “infinite” loops on a site. httpbin is available as an HTTP and HTTPS request as well, so you can also test secure services monitors.
Greg Steen* is a technology professional, entrepreneur and enthusiast. He’s always on the hunt for new tools to help make operations, QA and development easier for the IT professional.*