|
[networknewsletters]
||
[Date Prev]
[02-2007 Date Index]
[Date Next]
||
[Thread Prev]
[02-2007 Thread Index]
[Thread Next]
[ECP] In Focus: Evading DoS Attacks Against Apache
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 20 Feb 2007 05:00:00 -0500
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤,¸¸,ø¤º
Please link to the Educational CyberPlayGround
http://www.edu-cyberpg.com
Add your K12 SCHOOL OR SCHOOL DISTRICT URL
http://www.edu-cyberpg.com/schools/
Please Share and Add Your Song
http://www.edu-cyberpg.com/ncfr/
Educational CyberPlayGround Network Newsletters Mailing List ©1994
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤,¸¸,ø¤º
=== CONTENTS ======
IN FOCUS: Evading DoS Attacks Against Apache
NEWS AND FEATURES
- DNS Root Servers Fell Under Brief Attack
- Skype Teams with Symantec and FaceTime to Offer Security Tools
- New Direction, Product for Check Point
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Root Access Through a User-Installed MySQL
Back Door
- FAQ: Managing Group Policy for Vista
- Share Your Security Tips
PRODUCTS
- Data Auditing Solution Adds Content Scanning
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== IN FOCUS: Evading DoS Attacks Against Apache ===============
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Last week, I began working with mod_evasive, a Web-based security tool
that helps defend Apache HTTP Server against Denial of Service (DoS)
attacks. Mod_evasive is a typical loadable module that looks for
particular behavior and then blocks it.
Mod_evasive is similar to Suhosin, which I wrote about back in December
(at the URL below). You might remember that Suhosin is a patch for the
PHP scripting engine that makes it far more secure. It helps detect and
prevent all sorts of potentially bad Web-based content from reaching
your systems and network beyond the PHP engine.
http://list.windowsitpro.com/t?ctl=4A4D7:57B62BBB09A692794697634C744D5ADC
The way mod_evasive works is to keep track of IP addresses that send
URL requests to your Apache server, where it then gauges whether the
request rates from any given IP address exceed your acceptable
predefined limits. If the limits are exceeded, then the IP address is
temporarily blocked from making any more requests.
Like many other Apache modules, mod_evasive allows the administrator to
set various parameters that control module behavior. For example, you
can set the maximum number of pages that one IP address can request
from your entire site (DOSSiteCount) within a specified time period
(DOSPageInterval), the maximum number of page reloads one IP address
can request(DOSPageCount) within a specified time period
(DOSPageInterval), and the period of time to block the requesting IP
address if it exceeds the limits (DOSBlockingPeriod).
To help clarify, here's an example. If you set DOSSiteCount to 100,
DOSPageCount to 3, DOSPageInterval to 2, and DOSBlockingPeriod to 10,
then mod_evasive will work like this: If an IP address requests more
than 100 different pages or reloads the same page more than three times
in two seconds, that IP address will be blocked for 10 seconds.
There are a few other parameters you can configure too. You can set the
size of the hash table mod_evasive uses to track IP addresses. The
larger the hash table, the more IP addresses it can keep track of. You
can also define an email address that will receive a short notice any
time an IP address is blocked. And you can set a logging directory that
records the IP addresses about which you've received email messages.
Mod_evasive uses the log to keep from sending you numerous messages
about the same IP address.
Overall mod_evasive seems like a reasonable addition to Apache. It will
in fact help fend off some intruders. However, if you aren't careful
about the settings, it might block relatively innocent users whose
browsers or proxy servers perform aggressive preloading of Web pages--
typically used to enhance the browsing experience and speed up overall
browsing. So be careful configuring the settings and be sure to monitor
the email mod_evasive sends (if you use that feature) to determine
whether you've configured it to be too restrictive.
Mod_evasive is available from the developer, Jonathan A. Zdziarski, in
source code format (at the URL below), so you must compile it by using
Apache's apxs tool (see the readme file for details). That typically
isn't a problem for Linux administrators; however it might present a
problem for Windows users, who might not have apxs or other required
tools.
http://list.windowsitpro.com/t?ctl=4A4DF:57B62BBB09A692794697634C744D5ADC
You can get apxs for Windows at Apache Lounge, at the URL below,
provided as a Perl script. Be aware that you'll need some Apache-
related libraries to use it, so when you install Apache on Windows you
need to choose the custom install and select "Build Headers and
Libraries" as part of your installation. Make sure the libraries are
located in the lib subdirectory of your Apache installation directory
before using the apxs tool.
http://list.windowsitpro.com/t?ctl=4A4E3:57B62BBB09A692794697634C744D5ADC
Or, to simplify matters, you can get a precompiled copy of mod_evasive
for Windows, including source code, at the URL below.
http://list.windowsitpro.com/t?ctl=4A4D3:57B62BBB09A692794697634C744D5ADC
Finally, keep in mind that while mod_evasive is effective at protecting
Apache against DoS attacks, it's not a cure-all. Attackers could still
saturate your bandwidth or overload your Web server's CPU. So keep that
in mind and take other measures, if you can, to prevent those
possibilities from becoming reality.
=== SECURITY NEWS AND FEATURES =================================
DNS Root Servers Fell Under Brief Attack
On February 6, some of the root DNS servers that provide the
backbone for the Internet's global domain name system fell under
attack.
http://list.windowsitpro.com/t?ctl=4A4D9:57B62BBB09A692794697634C744D5ADC
Skype Teams with Symantec and FaceTime to Offer Security Tools
Skype will offer Symantec's Norton tools to its base of small
business and home office users. FaceTime will work with Skype's
business users to provide end-to-end security within the enterprise.
http://list.windowsitpro.com/t?ctl=4A4DC:57B62BBB09A692794697634C744D5ADC
New Direction, Product for Check Point
Check Point Software Technologies is moving into the data security
market and enhancing its core network security product line after its
recent acquisitions of Protect Data (which owns Pointsec) and NFR
Security.
http://list.windowsitpro.com/t?ctl=4A4D8:57B62BBB09A692794697634C744D5ADC
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=4A4D2:57B62BBB09A692794697634C744D5ADC
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Root Access Through a User-Installed MySQL Back Door
by Mark Joseph Edwards,
http://list.windowsitpro.com/t?ctl=4A4E1:57B62BBB09A692794697634C744D5ADC
Did you know that someone can gain root shell access (or system-level
access in Windows) through quirks in the load_file feature of MySQL?
Hopefully you've locked down your system to prevent that.
http://list.windowsitpro.com/t?ctl=4A4DA:57B62BBB09A692794697634C744D5ADC
FAQ: Group Policy for Windows Vista
by John Savill,
http://list.windowsitpro.com/t?ctl=4A4DE:57B62BBB09A692794697634C744D5ADC
Q: How can I manage Group Policy for Windows Vista machines?
Find the answer at
http://list.windowsitpro.com/t?ctl=4A4DB:57B62BBB09A692794697634C744D5ADC
=== PRODUCTS ===================================================
by Renee Munshi, products@xxxxxxxxxxxxxxxx
Data Auditing Solution Adds Content Scanning
Tizor Systems claims that its new 5.0 release of Mantra is the first
data auditing and protection solution to feature content scanning
capabilities, which let enterprises discover, monitor, and report on
the activity of specific types of data (such as credit card and Social
Security numbers) in databases and file systems and on mainframes.
Other new functionality in Mantra 5.0 lets enterprises track all
database changes and reconcile them with authorized change control
tickets and better enforce segregation of duties through roles. Mantra
5.0 also offers enhanced support for Microsoft SQL Server, including NT
LAN Manager (NTLM) authentication and named pipes support, and better
network monitoring of Distributed Relational Database Architecture
(DRDA) mainframes. Mantra 5.0 will be available first quarter 2007. For
more information, go to
http://list.windowsitpro.com/t?ctl=4A4E6:57B62BBB09A692794697634C744D5ADC
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=4A4DD:57B62BBB09A692794697634C744D5ADC
Learn how to use consolidation and selected technology updates to build
an infrastructure that handles change effectively.
http://list.windowsitpro.com/t?ctl=4A4D0:57B62BBB09A692794697634C744D5ADC
A secure mail and messaging infrastructure is fundamental to your
business, and every organization should plan for the appropriate
message hygiene, availability, and control services from the start.
This eBook introduces three fundamental mail and messaging management
services--security, availability, and control services--and explains
how you can implement them in a Microsoft-centric email and messaging
environment. Download now!
http://list.windowsitpro.com/t?ctl=4A4CC:57B62BBB09A692794697634C744D5ADC
Are you planning to deploy or increase your use of Group Policy? Attend
this free Web seminar and learn how to design a solid deployment plan,
get tips on the best ways to set up delegation, discover the importance
of good Group Policy change control, and learn how to optimize
processing performance. Live event: February 28, 2007 at 12:00 PM EST.
http://list.windowsitpro.com/t?ctl=4A4CD:57B62BBB09A692794697634C744D5ADC
=== FEATURED WHITE PAPER =======================================
Devote your time, energy, and resources to serving your customers, not
your servers. Want to focus on high-value activities instead of
applying OS patches and updates, dealing with security vulnerabilities,
and managing disk drives? Download this free white paper now and find
out how you can have a business-class Web hosting solution with secure
application pooling to protect your data.
http://list.windowsitpro.com/t?ctl=4A4CE:57B62BBB09A692794697634C744D5ADC
=== ANNOUNCEMENTS ==============================================
Introducing a Unique Exchange and Outlook Resource
Exchange & Outlook Pro VIP is an online information center that
delivers new articles every week on topics such as administration,
migration, security, and performance. Subscribers also receive tips,
cautionary advice, direct access to our editors, and a host of other
benefits! Order now at an exclusive charter rate and save up to $50!
http://list.windowsitpro.com/t?ctl=4A4D4:57B62BBB09A692794697634C744D5ADC
Copyright 2007, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Educational CyberPlayGround Network Newsletters Mailing List
Subscribe - Unsubscribe - Set Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Copyright statements to be included when reproducing
annotations from the
Educational CyberPlayGround Network Newsletter
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Network Newsletters copyright
Email Prefrences - Subscribe - Unsubscribe - Digest
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Advertise Network Newsletters Guidelines
http://www.edu-cyberpg.com/Community/Subguidelines.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
|
