Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aaron Corso COSC356-001 Spring 2012. What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.

Published byValerie Chase Modified over 8 years ago

Similar presentations

Presentation on theme: "Aaron Corso COSC356-001 Spring 2012. What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP."— Presentation transcript:

1 Aaron Corso COSC356-001 Spring 2012

2 What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP Common substitutions are WAMP (using Windows instead of Linux), and LAPP (using PostgreSQL instead of MySQL)

3 Why LAMP?  Linux = Open source, easy to deploy in a server environment  Apache = Most popular web server in the world; approximately 65% of web servers use Apache; over 442 million host names  PHP and MySQL = Popular back-end stack for web applications  Combined, entirely Open Source. Only non-standard software installations are proprietary.

4 NetCraft Survey, April 2012

5 Why LAMP Security?  Being the number one deployed web server makes the stack a popular target of attacks  Result of attacks is highly visible  Sites can contain valuable information to attackers; especially eCommerce websites  Many routes of attack through modularized operating environment

6 The Challenge of Modularized Security  Each component of the solution stack has its own method for security – each must be kept up-to-date  Linux Kernel  Distro applications  Other Application Add-ons  Apache  Apache Modules  PHP  PHP Extensions  MySQL

7 Where does LAMP Security Start?  Choosing a Linux Distribution  Each distribution (“distro”) has its own set of core applications built on top of the kernel  Some distros are created with security and a server environment in mind, others are consumer oriented  Common base distros for LAMP servers are Ubuntu Server and Red Hat Linux

8 Considerations for choosing a distro  Life cycle – avoid distros which release major versions constantly  Package Management – centralize the update process as much as possible  Documentation – more specialized distros have less documentation  Scalability – can the server handle virtualization or be used as part of a server farm easily?

9 Securing the Linux Installation  Kernel Hardening  Use gresecurity to sandbox processes to the kernel role-based access control (RBAC) system  Mandatory Access Control (MAC)  Restrict system processes to the appropriate users  Do not use default accounts – perform an audit  Standard firewalling practices

10 Securing the Apache Installation  Apache breaches are the most common exploit of the stack  Breaching of Apache is very harmful if the objective is to transfer all files from the document root  Security of the web server component is arguably the most important

11 Securing the Apache Installation (continued)  Disable any unnecessary modules (“mods”) via the configuration file  Run the Apache service under its own user and with its own security group  Restrict access to the root directory  Restrict system level files contained in the “bin” and “conf” directories

12 Apache Configuration File  httpd.conf

13 Securing the Apache Installation (continued)  Disable the sending of Apache version information in request headers  Configure CGI (Common Gateway Interface) and SSI (Server Side Includes) to run under their own user  Keep and monitor access logs

14 Security Modules for Apache  Mod_security  Easy configuration of firewall rules based on client request variables such as IP  Automatic detection and response to access to files or unusual behavior  Mod_evasive  Helps to protect against basic DDOS attacks

15 Securing the PHP Installation  PHP security relies on both the administrator and the programmer  Programmers must engage in “defensive coding”  Administrators must secure and update extensions and the process

16 Securing the PHP Installation (continued)  Sandboxing remote resource access – require programmers use wrapping functions rather than native functions  cURL functions or custom wrapper  Limit execution time  Prevent large-scale SQL injection attacks Hide all errors and place in a log  Don’t give attackers hints

17 Securing the PHP Installation (continued)  Disable sending of versioning information in request headers  Disable “magic quotes” and “register globals”  Should rely on defensive programming practices  Find other methods to sandbox developers  When used, programming ambiguity arises

18 PHP Configuration File  php.ini

19 Defensive Coding in PHP  Always “escape” data about to be inserted into the database  Using “\” characters to prevent SQL injection via special characters  PHP provides native wrapper functions for MySQL for this  Developers can also use a “prepared statement” to separate the data being passed from the SQL logic

20 Securing the MySQL Installation  Restrict access to remote MySQL access by IP  Run MySQL under its own user and with its own security group  Protect data, system, and log files under an administrator user  Use a strong username and password

21 Remote MySQL Configuration

22 Tools for Integrated Management  cPanel / WHM  Webmin  Virtualmin  Useful for reseller accounts and virtualizing

23 Conclusions  Secure each component and their appropriate modules  Follow general security practices of isolating processes, maintaining logs, and disabling unused or unnecessary components  Use an integrated update manager for the four components of the stack and their respective add-ons

24 Questions?

Download ppt "Aaron Corso COSC356-001 Spring 2012. What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP."

Similar presentations

File Server Organization and Best Practices IT Partners June, 02, 2010.

File Server Organization and Best Practices IT Partners June, 02, 2010.
Understand Database Security Concepts

Understand Database Security Concepts
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.

Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
Sample School Website Sydney Region ITSU School Support 2007.

Sample School Website Sydney Region ITSU School Support
GreenSQL Yuli Stremovsky /MSN/Gtalk:

GreenSQL Yuli Stremovsky /MSN/Gtalk:
Voyager Server Security and Monitoring Best practices and tools.

Voyager Server Security and Monitoring Best practices and tools.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB

SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB
SYST 28043 Web Technologies SYST 28043 Web Technologies Installing a Web Server (XAMPP)

SYST Web Technologies SYST Web Technologies Installing a Web Server (XAMPP)
BY Zoher & Mahmoud. What is WAMP?  - Acronym for Windows/Apache/MySQL/PHP, Python, (and/or) PERL  - WAMP refers to a set of free open source applications,

BY Zoher & Mahmoud. What is WAMP?  - Acronym for Windows/Apache/MySQL/PHP, Python, (and/or) PERL  - WAMP refers to a set of free open source applications,

Similar presentations

Ads by Google