In a previous issue of this newsletter, I discussed Microsoft's security problems and, specifically, the vulnerabilities of Internet Explorer and Internet Information Server (see links below).The problems with the latter arise, I suspect, out of a product that has been developed and enhanced amazingly quickly but because of Microsoft's interest in supporting its own technologies, has acquired a clumsy "kitchen sink" type of architecture. Be that as it may ...I explored the question of what to do about IE in my Backspin column last week (link below). Today, I want to discuss a product that will go a long way in creating a safe IIS implementation.The product is called SecureIIS Web Server Protection from eEye Digital Security.\u00a0The company\u00a0claims that SecureIIS protects IIS servers from known and unknown vulnerabilities.This feat is achieved by auditing incoming and outgoing IIS data for anomalies - protocol exchanges that are not within expected limits. This is essentially a heuristic attack detection system. Even unpatched servers are protected from damaging "known" and "unknown" attack attempts, eEye says.SecureIIS inspects data exchanges at multiple levels within the server: As they come in from the network level, as they are handed off at the kernel level, and at every level of processing in between, to prevent issues such as buffer overflows, parser evasions, directory traversal and other attacks.SecureIIS provides centralized policy management for a group of secured servers. Policies can be defined and exported from the central machine and other machines can be set to automatically import that policy so that changes are propagated. The system also includes real time attack and response statistics and extensive logging.The product is priced at $1,295 per physical server and includes the first year of maintenance and a year of free upgrades and technical support.