Mod Security, it, security, mod security
[ Pobierz całość w formacie PDF ]
//-->Slide 1Web Intrusion Detection And PreventionSANS@Night - Mod_SecurityAuthor: Ryan C. BarnettPresentation: Mod_Security – An Intrusion Prevention module for ApacheEmail: RCBarnett@hushmail.comDate: Dec. 4th, 2003Copyright © 2003 Ryan C. BarnettAll Rights ReservedSlide 2Who Am I?• Center for Internet Security’s Apache Benchmark ProjectTeam Leader• Web Application Security Consortium (WASC) Member• Member of SANS Top 20 Vulnerabilities Team• SANS Instructor – Securing Apache– Intrusion Analyst (GCIA)– Forensic Analyst (GCFA)– Incident Handler (GCIH)– Unix Security (GCUX)– Security Essentials (GSEC)• Incident Response Team MemberSANS@Night - Mod_SecurityThis page intentionally left blank.Slide 3What Will This Presentation Cover?• Why current network security strategiesfail to protect the web tier• Why Firewalls, NIDS and HIDS fails• Introducing Mod_Security• Whisker vs. Mod_Security– Common web attacks with Mod_Securitycountermeasures• Real ExamplesSANS@Night - Mod_SecurityThis page intentionally left blank.Slide 4Updated Class Slides Available• SANS has quarterly updates for coursecontent• Unfortunately, Whitehat/Blackhat toolsand tactics are NOT on this schedule!• I am constantly updating the livepresentation to provide current info• Class participants can downloadupdated PDF slidesSANS@Night - Mod_SecurityThis page intentionally left blank.Slide 5What Will This Presentation Cover?• Mixed Audience– Technical – Web Admins/Security Admins– Management – Information Security Officers• Basic Knowledge of Unix and Web Administration– HTTP – Web Servers• Focus on Apache/Unix Servers (RedHat for Examples)• Discuss many web security strategies• Dragnet Approach– Examples ARE real – Names/IPs have been changed or removed• Ask Questions– If you don’t understand an issue ask – This is YOUR class– Q&A sessions before/after breaksSANS@Night - Mod_SecurityThis page intentionally left blank.
[ Pobierz całość w formacie PDF ]