Category : Web Security
BEGINNERS GUIDE TO MOD_SECURITY
It is an open source ,cross-platform WAF i.e Web Application Firewall.It is also known as “SWISS ARMY KNIFE” of WAFs.It blocks commonly known exploits by using some defined regular expressions and rule sets.mostly it is found enabled on all InMotion servers .It is helpful in blocking common code injection attacks.It provides outstanding protection against threats to data with the help of applications and protecting against known attacks that target vulnerabilities in public software.
What Mod_Security can do?
Mod_security makes sense of as much supported data formats as available and then extracts bits of data for using as rules in future.
When we do typical installation ,then both the resquest and response bodies are buffered ,resulting that Mod_Security sees complete request and response before these request are passed to application for processing.
It is one of the imp. Feature in modsecurity
Audit logging/transaction logging is main part of what modsecurity do .Because of this feature we are able to record complete HTTPs traffic .Request header ,response header response body -these all bits are available to us because of this feature.
Before the Rule Engine start ,all bits and pieces of data are prepared and made ready for inspection.
COMMERCIAL MOD_SECURITY RULES
1. Virtual patching
2. IP reputation
3. Web Based malware detection
4. Webshell or backdoor detection
5. Botnet attack detection
6. http denial of service attack detection
7. antivirus scanning of file attachments.
IMPACT OF MOD_SECURITY ON WEB SERVERS
Installing mod_security on our servers changes how our web servers operates.When we install mod_security on our server our resources like CPU and RAM comsumption increases .
Below is a list of various activities of mod_security which increase resource consumption:
· Mod_security adds to the parsing already done by Apache ,which results in slight inc. of CPU consumption.
· Parsers like XML are more expensive.
· Input/output operations are required for handling of uploaded files
· Parsing results in RAM consumption because every extracted element needs to be copied in its own space.
Note:- Always install mod_security from source as it is best way to be updated with the latest versions and rules ,and even we are able to make changes we want to make
For downloading mod_security just go to official site of mod_security or follow the given link http://www.modsecurity.org/download/
Now there download both the main distribution and the cryptographic signature or Just type the followings commands in your OS
$ wget http://www.modsecurity.org/download/modsecurity-apache_2.5.10-dev2.tar.gz.asc
NOTE:- Beware of trojans which may be planted by the third parties
Main config files are given below :-
1. main.conf Main configuration file
2. rules-first.conf Rules that need to run first
3. rules.conf Your principal rule file
4. rules-last.conf Rules that need to run last
NOTE :- Our main configuration file i.e, (modsecurity.conf) should only contain followings lines.
Now setup mod_security to APACHE server
FURTHER INSTALLATION STEPS ARE IN BEGINNERS GUIDE TO MOD_SECURITY 2 (article will be uploaded soon)
So keep visiting cyberintelligence.in article portal.
Proudly Operated from India
© 2016 Copyrights. All Rights Reserved