Mod security

ShruthiKamath 1,972 views 15 slides Mar 23, 2017
Slide 1
Slide 1 of 15
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15

About This Presentation

Introduction to Mod Security talk at the Null Monthly March meet.

Size: 96.02 KB
Language: en
Added: Mar 23, 2017
Slides: 15 pages

Slide Content

Introduction to Mod Security - Shruthi Kamath Null Bangalore Meet - March

Who am I Co-Founder Infosecgirls (infosecgirls.in) Security Consultant at Synopsys Active member of Null Bangalore Committee member at OWASP Women in Appsec Twitter : @ShruthiKamath30

Agenda What is WAF? What is mod security? Mod security rules examples Setup Demo

Introduction to WAF A web application firewall is used as a security device protecting the web server from attack. Web application firewalls (WAF) are an evolving information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't. They do not require modification of application source code.

Source : http ://searchsecurity.techtarget.com/magazineContent/Comparative-Product-Review-Six-Web-Application-Firewalls

Introduction to M od Security ModSecurity is a popular Open-source Web application firewall (WAF). Originally designed as a module for the Apache HTTP Server. Used across a number of different platforms including Apache HTTP Server, Microsoft IIS and NGINX.

The platform itself provides a rule configuration language known as ' SecRules ' . It is used for real-time monitoring, logging, and filtering of Hypertext Transfer Protocol communications based on user-defined rules. ModSecurity is known to have the following capabilities: Security monitoring and access control Full HTTP traffic logging Security assessment Web application hardening Simple request or Regular expression based Filtering URL Encoding Validation

Mod security rules Rule Example 1 – XSS attack SecRule ARGS|REQUEST_HEADERS “@ rx <script>” id:101,msg: ‘XSS Attack’, severity:ERROR,deny,status:404 Rule Example 2 – Whitelist IP Address SecRule REMOTE_ADDR “@ ipMatch 192.168.1.101” \ id:102,phase:1,t:none,nolog,pass,ctl:ruleEngine=off

mod_security with Apache Set Up on Ubuntu Ubuntu LAMP Server installation sudo apt-get install apache2 sudo apt-get install mysql -server sudo apt-get install php5 libapache2-mod-php5 sudo / etc / init.d /apache2 restart apt-get install libapache2-modsecurity apachectl -M | grep --color security service apache2 reload ls -l / var /log/apache2/modsec_audit.log

Configuring mod_security nano / etc / modsecurity / modsecurity.conf SecRuleEngine DetectionOnly logs requests and doesn't block anything. SecRuleEngine On Blocks according to rule match. SecResponseBodyAccess On B uffer response bodies SecRequestBodyLimit 13107200~ 12.5MB specifies the maximum POST data size. SecRequestBodyNoFilesLimit 131072~128KB size of POST data minus file uploads SecRequestBodyInMemoryLimit 131072 maximum request body size that ModSecurity will store in memory

Setting Up Rules ls -l / usr /share/ modsecurity-crs / nano / etc /apache2/mods-enabled/ modsecurity.conf Add the following directives inside < IfModule security2_module> </ IfModule >: Include "/ usr /share/ modsecurity-crs /*. conf “ Include "/ usr /share/ modsecurity-crs / activated_rules /*. conf "

cd / usr /share/ modsecurity-crs / activated_rules / ln -s / usr /share/ modsecurity-crs / base_rules /modsecurity_crs_41_xss_attacks.conf service apache2 reload

Demo Time

Useful links http:// www.modsecurity.org/about.html https:// github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual https ://modsecurity.org/crs /

Thank You
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1,972
  • Slides 15
  • Favorites 4
  • Age 3175 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category