System - Security - Hacking

In this final part of the series, we will discover how to strengthen security in Apache by logging and other miscellaneous ways. Configuring a system to be secure is indeed a key task, but it is also important to know that the configuration is working properly — and the only way to do so is through log analysis. Sensible logging helps detect performance problems well before they become apparent to users, and provides evidence of potential security problems. Maintaining logs is also useful for traffic analysis. Apache can produce many types of logs, the two essential ones being the access log, where all requests are noted, and the error log, which is designed to log various informational and debug messages, plus every exceptional event that occurs. You, as Web master, have a limited amount of control over the logging of error conditions, but a great deal of control over the format and amount of information logged about request processing (access log). The server may log activity in...

Right from Part 1 of this series, we’ve covered the major types of attacks being done on Web applications — and their security solutions. In this article, I will reveal the tremendous capabilities of the Apache mod_security module, covering just a small part of what it can do. From the development perspectiv e, implementing security against the many attacks on Web apps doesn’t just require extra coding and stronger validation, but often also results in complex and messy code, which may sometimes cause yet another security loophole. Security is often compared to a football game, where success requires the defense to quickly adapt, outrun, and outplay the attackers. Such a dynamic defense cannot properly survive in complex and messy code. Here, Web application firewalls come to the rescue — and what else is better than mod_security. It is designed as an Apache module that adds intrusion-detection and prevention features to the Web server. In principle, it’s similar to an IDS that ...