1. Do not allow direct root/administrator login 2. Make sure passwords are secure and changed regularly (by force if necessary) 3. Use a network firewall, such as APF 4. Use an application firewall, such as ModSecurity 5. Chroot all non-root users to keep them out of system directories 6. Use …
July, 2010
December, 2009
-
15 December
Book Review: ModSecurity 2.5 by Magnus Mischel
Title: ModSecurity 2.5: Securing your Apache installation and web applications Author: Magnus Mischel Publisher: Packt Publishing Price: £26.34 Securing a web server can be a difficult task. Large companies hire professionals or consulting companies to ensure their customers have access to their content and any would-be attackers have access to …
November, 2009
-
12 November
New ModSecurity Book
ModSecurity, a free and open source application firewall, is one of the best in the industry. Packt Publishing will soon be releasing a book about the software called ModSecurity 2.5 by Magnus Mischel. “This book is written for system administrators or anyone running an Apache web server who wants to …
September, 2009
-
14 September
How to Turn Off ModSecurity for a Site
Question: My dedicated server is running ModSecurity, but one of the websites needs it turned off in order to operate correctly. How do I turn it off for just one site? Answer: Before you proceed, keep in mind the reason you have ModSecurity installed in the first place. It is …
-
2 September
Securing Apache with ModSecurity
Apache HTTP Server is the most widely used web server application and is arguably the best available. Nevertheless, being a good application does not automatically make Apache secure. If your websites are simple html pages with no dynamic web applications or scripts, you probably do not have need for much …