WinArmor Server
WinArmor Server is specially designed to
protect your server and all the services and applications from all kind of
trojans, viral software and spyware attacks (except for rootkits). It
provides additional security even to paranoid Microsoft Vista security
for services; in addition to credential based protection WinArmor Server
provides separation of file space for any kind of service you need.
With WinArmor Server all services will still work transparently and share
network, pipes, and all other resources, but all system and service-related
files will be strictly bordered by walls. No virtualization - just change
root of all drives to separate place with no performance penalty, and with
additional simple but powerful access checks.
Basically, WinArmor idea is simple: typically we have situation described at
the following picture:
In fact it means every service has an access to data of each other service
(with exceptions if services are limited by separate users). As most of
services works as "Local System" or "Network Service", the ACLs on files
will not help to separate files.
Fortunately, WinArmor Server brings new checks related to service instances.
Every instance of service able to be limited by additional checks like
"All files in folder WebSites are private to this instance; all other attempts
to read or modify it should be broken". Or "these files are read-only and cannot
be touched". There are not ACLs to files (as we have no users to be used).
There are additional policies to specific services. As result, with these
policies separation we'll get the following situation:
But in fact it is not all that WinArmor does.
Practically, every protected service has its' own virtual copy of system
and shared files and even if such a service will be attacked and infected,
the entire system and other services will not affected. Virtual copy means
copy-on-write technology; unless shared file is modified it is not copied
to these walls physically.
Within WinArmor approach simple rules for clearing of non-managed files can
be specified. In this case each restart of service will be the same as "cure"
spell.
The WinArmor Server works on Win2K, Win2K3,
Win2K3 R2. It supports Pentium, AMD64/EM64T, and Itanium architectures.
Read more | Download free trial (2,2 MB) | Buy WinArmor Server now
|