Mod_Security .. Intro

Mod_Security 2.5

Need for a Webserver Security Module

It is pretty difficult to secure application softwares. Common targets are Open Source software like PHPNuke. An attacker can easily find out vulnerabilities in the code.

If your application is vulnerable to SQL injection, invoking the URL above may very well delete all user data from your application.
You can use mod_rewrite to avoid this attack. it is very easy to detect the words drop and table, and then redirect the client away from the original URL. A determined attacker could simply invoke the same URL as above but use the POST method instead of GET. Since POST variables are not considered in the normal processing of most modules, the attack would go through.

To prevent the drop table SQL injection attack with mod_security, add the following to your Apache configuration:

SecFilter drop[[:space:]]table

The only parameter is a regular expression to be applied to the incoming request. This seems achievable with mod_rewrite, but the difference here is that mod_security will detect and prevent attacks performed using either GET or POST.

Continue reading…

SuPHP, a brief Intro

suPHP

suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.

Main Features of SuPHP

suPHP provides an additional layer of protection on servers. It causes php scripts to run under the account username instead of the user nobody which is the user that apache/php would run under on a server that is not running suPHP.

This feature allows us to more easily track any potential security breaches that come in via insecure php script(s) that a user is running.

suPHP also does away with the requirement of using 777 permissions on directories/files that need write permission. In fact if a directory and/or file has the permission set to (CHMOD) 777 and it is access via a browser, then an internal server error 500 will be generated. The highest level of permissions that a user can use on a suPHP enabled server is 755. This permission setting is sufficient enough for any directories/files that needs to be written to.

Continue reading…

SSH Securing and Keygen ..

 

SSH Securing

What is SSH.. ?

  • Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Used primarily on Linux and Unix based systems to access shell accounts,
  • SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, leaving them open for interception. The encryption used by SSH provides confidentiality and integrity of data over an insecure network, such as the Internet.
  • SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.
  • SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols.
  • SSH uses the client-server model.

Continue reading…

IPTables

IPTABLES

Introduction

The Internet Protocol (IP) is a data-oriented protocol that allows multiple hosts to talk to each other across network connections. Data in an IP network are sent in blocks referred to as packets or datagrams. They typically have a source host, destination host, and source and destination ports associated with the communication. Layered on top of the IP protocol are other protocols. These are typically transport layers. There are two main transport protocols that are heavily used. The transmission control protocol (TCP) is a stateful delivery mechanism that makes a best effort to deliver the packets requested. If the first attempt fails, multiple attempts are made to route and deliver the packet. This protocol is very good at delivering text files that can not tolerate data corruption. With this protocol, clients have the ability to request redelivery of packets that were not properly received and can handle our of order delivery of packets. This protocol is very good for applications like patch delivery, email, network file shares, and web pages. It is not very good for delivery of streaming video or voice over IP applications. Continue reading…