Mod Security (Is it worth it?) By Rich Helton. Abstract (see my paper for sources)  Based on statistics, Apache is the most used web server being used.

Slides:

Advertisements

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

SmartSoft Network Solutions, Inc.  Project Presentation  21/12/2005.

Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Firewall Configuration Strategies

Petros Lam VP, Sales & Marketing The Hong Kong School Net Ltd.

1. Prelude Diebold’s electronic voting system source code was discovered and subsequently leaked due to it being on a Diebold web server. Although it.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1 Project Part II Double Deuce Jibran Ilyas, Frank LaSota, Paul Lowder, Juan Mendez.

Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Installing and Configuring a Secure Web Server COEN 351 David Papay.

Department Of Computer Engineering

Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060

Appliance Firewalls A Technology Review By: Brent Huston T h e B l a c k H a t B r i e f i n g s July 7-8, 1999 Las Vegas.

Security Scanning OWASP Education Nishi Kumar Computer based training

Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology.

Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

What is IIS? IIS (Internet Information Server) is a group of Internet servers (including a Web or Hypertext Transfer Protocol server and a File Transfer.

IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Web Application Firewall (WAF) RSA ® Conference 2013.

URLSCAN – it’s back James Leinweber Hygiene Lab / UW-MIST.

MIS Week 6 Site:

P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

SIGITE 2008: Oct Integrating Web Application Security into the IT Curriculum James Walden Northern Kentucky University.

WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010.

7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.

MIS Week 6 Site:

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител

Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc.

Module 7: Advanced Application and Web Filtering.

Network Security Lewis R. Folkerth, P. E. Consumers Energy Energy Management Systems

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

7200 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/4- OfficeServ 7200 Enterprise IP Solutions - Data Server –

NetTech Solutions Protecting the Computer Lesson 10.

CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.

Winter 2001C.Watters1 Apache Proxy Notes. winter 2001C.Watters2 Proxy Intermediary between clients and the web Configure browser to go to the proxy Proxy.

Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.

Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.

Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

By: Keith Reiter COSC 356. Today’s Agenda Introduction Types of firewalls Firewall Access Rules Firewall Logging Who needs a firewall Summary.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Top 5 Open Source Firewall Software for Linux User

Securing Your Web Application in Azure with a WAF

(A CORPORATE NETWORK APPROACH)

Click to edit Master subtitle style

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Information Security Session October 24, 2005

Intro to Ethical Hacking

Intrusion Detection & Prevention

Double Deuce Jibran Ilyas, Frank LaSota, Paul Lowder, Juan Mendez

Intro to Ethical Hacking

ISMS Information Security Management System

Detecting Targeted Attacks Using Shadow Honeypots

Firewalls Types of Firewalls Inspection Methods Firewall Architecture

Double Deuce Jibran Ilyas, Frank LaSota, Paul Lowder, Juan Mendez

Securing web applications Externally

Presentation transcript:

Mod Security (Is it worth it?) By Rich Helton

Abstract (see my paper for sources)  Based on statistics, Apache is the most used web server being used today.  Based on statistics, the web site is the most likely entry point for a hacker to enter.  Re-writing code does not always block vulnerabilities.  Blocking attacks need to become an interactive process.  An network IDS/IPS does not adequately protect websites.  By knowing a tool, like ModSecurity, well, a person not only just logs and blocks attacks from the Internet but can modify the behavior of a website.

Web Application Firewalls (WAF)  WAFs are filters that sit in front of the Web Application.  Depending on their configuration, they will deny, or log, validated information from the Internet into the Application.  They are a good source in auditing the information that is hitting the Web site and the scans that are constantly taking place.

WAF  ModSecurity is the most popular Open Source WAF today,  A WAF will not protect common sense mistakes in architecture and code, st_Practices:_Use_of_Web_Application_Firewalls st_Practices:_Use_of_Web_Application_Firewalls  ModSecurity, works very similar in ways to an open source Intrusion Detection System like Snort, and can even convert the rules from ModSecurity to Snort,

WAF  Snort is network specific.  ModSecurity is a plugin to an Apache website.  ModSecurity can apply different rules per Apache instance, being website specific.  Apache has plugins to most Application servers, and can proxy all web and application servers.  Apache/ModSecurity can even proxy in front of Microsoft’s IIS Web Server.

Apache mod_security (There are many rules from experts)  The mod_security module information can be found at  Load the mod_security and unique id modules (this example is XP) in conf/httpd.conf:  LoadModule security2_module modules/mod_security2.so  LoadModule unique_id_module modules/mod_unique_id.so  Add the base configuration and some of the base rules:  Include conf/mod_security.conf  Include conf/base_rules/modsecurity_crs_41_xss_attacks.conf  Include conf/base_rules/modsecurity_crs_23_request_limits.conf  Include conf/base_rules/modsecurity_crs_35_bad_robots.conf  Include conf/base_rules/modsecurity_crs_40_generic_attacks.conf  Include conf/base_rules/modsecurity_crs_41_sql_injection_attacks.conf

Here is an Apache server configured by ModSecurity to look like IIS 6.0

Cons  WAFs are limited by their rulesets.  WAF rules require maintaining as vulnerabilities and the website changes.  WAFs have broken websites because the website does not follow standards.  When adding rules, a strong understanding of the website, its code and pages, and its environment is required.  WAFs are not a cure all, and requires code changes as well to maintain the websites, such as upgrading SQL7 to SQL 2005.

Pros  Installing a WAF is usually quicker than rewriting a website.  WAF rules are extensive, usually free, and built by industry experts.  WAFs can detect vulnerabilities and attacks that web scanners do not always detect.  A WAF can change the behavior of a website that website code cannot change.