Cantitate/Preț
Produs
Update 23 martie - COVID-19 - Informații privind activitatea Books Express

Preventing Web Attacks with Apache

De (autor)
Notă GoodReads:
en Limba Engleză Paperback – 2006
"Ryan Barnett has raised the bar in terms of running Apache securely. If you run Apache, stop right now and leaf through this book; you need this information."
-Stephen Northcutt, The SANS Institute
The only end-to-end guide to securing Apache Web servers and Web applications
Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won't protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you'll need to do that: step-by-step guidance, hands-on examples, and tested configuration files.
Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.
Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and your underlying OS; Apache downloading, installation, and configuration; application hardening; monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured "in the wild."
For every sysadmin, Web professional, and security specialist responsible for Apache or Web application security.
With this book, you will learn to
  • Address the OS-related flaws most likely to compromise Web server security
  • Perform security-related tasks needed to safely download, configure, and install Apache
  • Lock down your Apache httpd.conf file and install essential Apache security modules
  • Test security with the CIS Apache Benchmark Scoring Tool
  • Use the WASC Web Security Threat Classification to identify and mitigate application threats
  • Test Apache mitigation settings against the Buggy Bank Web application
  • Analyze an Open Web Proxy Honeypot to gather crucial intelligence about attackers
  • Master advanced techniques for detecting and preventing intrusions
Citește tot Restrânge

Preț: 27061 lei

Preț vechi: 33826 lei
-20%

Puncte Express: 406

Preț estimativ în valută:
5305 6290$ 4843£

Carte disponibilă

Livrare economică 03-17 octombrie
Livrare express 02-10 octombrie pentru 2934 lei

Preluare comenzi: 021 569.72.76

Specificații

ISBN-13: 9780321321282
ISBN-10: 0321321286
Pagini: 582
Dimensiuni: 178 x 235 x 29 mm
Greutate: 0.87 kg
Ediția: 1
Editura: Addison-Wesley Professional
Locul publicării: Boston, United States

Cuprins

About the Author     xix
Foreword     xxi
Acknowledgments     xxv
Introduction     xxvii
Chapter 1     Web Insecurity Contributing Factors     1
A Typical Morning     1
Why Web Security Is Important     3
Web Insecurity Contributing Factors     4
Managerial/Procedural Issues     4
Management and the Bottom Line     4
Selling Loaded Guns     5
The Two-Minute Drill     5
Development Environment Versus Production Environment     6
Firefighting Approach to Web Security (Reacting to Fires)     7
Technical Misconceptions Regarding Web Security     7
“We have our web server in a Demilitarized Zone (DMZ).”     8
“We have a firewall.”     9
“We have a Network-Based Intrusion Detection System.”     9
“We have a Host-Based Intrusion Detection System.”     11
“We are using Secure Socket Layer (SSL).”     11
Summary     11
Chapter 2     CIS Apache Benchmark     13
CIS Apache Benchmark for UNIX: OS-Level Issues     13
Minimize/Patch Non-HTTP Services     13
Example Service Attack: 7350wu–FTP Exploit     19
Vulnerable Services’ Impact on Apache’s Security     22
Apply Vendor OS Patches     23
Tune the IP Stack     24
Denial of Service Attacks     25
Create the Web Groups and User Account     28
Lock Down the Web Server User Account     31
Implementing Disk Quotas     32
Accessing OS-Level Commands     35
Update the Ownership and Permissions of System Commands     39
Traditional Chroot     40
Chroot Setup Warning     41
Mod_Security Chroot     41
Chroot Setup     41
Summary     50
Chapter 3     Downloading and Installing Apache     53
Apache 1.3 Versus 2.0     53
Using Pre-Compiled Binary Versus Source Code     54
Downloading the Apache Source Code     56
Why Verify with MD5 and PGP?     56
Uncompress and Open: Gunzip and Untar     63
Patches–Get ’em While They’re Hot!     64
Monitoring for Vulnerabilities and Patches      66
What Modules Should I Use?     70
Summary     80
Chapter 4     Configuring the httpd.conf File     81
CIS Apache Benchmark Settings     84
The httpd.conf File      85
Disable Un-Needed Modules     86
Directives     86
Server-Oriented Directives     87
Multi-Processing Modules (MPMs)     87
Listen     88
ServerName     88
ServerRoot     89
DocumentRoot     89
HostnameLookups     89
User-Oriented Directives     90
User     90
Group     91
ServerAdmin     91
Denial of Service (DoS) Protective Directives     92
Testing with Apache HTTP Server Benchmarking Tool (ab) in Default Configuration      92
TimeOut     94
KeepAlive     95
KeepAliveTimeout     95
MaxKeepAliveRequests     95
StartServers     96
MinSpareServers and MaxSpareServers     96
ListenBacklog     96
MaxClients and ServerLimit     97
Testing with Apache HTTP Benchmarking Tool (ab) with Updated Configuration      97
Forward Reference     99
Software Obfuscation Directives     99
ServerTokens     99
ServerSignature     101
ErrorDocument     102
Directory Functionality Directives     104
All          104
ExecCGI     104
FollowSymLinks and SymLinksIfOwnerMatch     105
Includes and IncludesNoExec     105
Indexes     106
AllowOverride     106
Multiviews     107
Access Control Directives     107
Authentication Setup     108
Authorization     109
Order     110
Order deny, allow     110
Order allow, deny     110
Access Control: Where Clients Come From     111
Hostname or Domain     111
IP Address and IP Range     112
Client Request ENV     112
Protecting the Root Directory     113
Limiting HTTP Request Methods     114
Logging General Directives     114
LogLevel      114
ErrorLog      115
LogFormat      115
CustomLog      115
Removing Default/Sample Files     116
Apache Source Code Files      116
Default HTML Files      116
Sample CGIs      117
Webserv User Files     118
Updating Ownership and Permissions     118
Server Configuration Files      119
DocumentRoot Files      119
CGI-Bin      119
Logs     120
Bin          120
Updating the Apachectl Script     120
Nikto Scan After Updates     122
Summary     122
Chapter 5     Essential Security Modules for Apache     125
Secure Socket Layer (SSL)     125
Why Should I Use SSL?     126
How Does SSL Work?     128
Software Requirements     132
Installing SSL     133
Creating an SSL Certificate     133
Testing the Initial Configuration     134
Configuring mod_ssl     137
SSL Summary     144
Mod_Rewrite     144
Enabling Mod_Rewrite     145
Mod_Rewrite Summary     147
Mod_Log_Forensic     147
Mod_Dosevasive     149
What Is Mod_Dosevasive?     149
Installing Mod_Dosevasive     149
How Does Mod_Dosevasive Work?     150
Configuration     151
Mod_Dosevasive Summary     155
Mod_Security     155
Installing Mod_Security     156
Mod_Security Overview     156
Features and Capabilities of Mod_Security     157
Anti-Evasion Techniques     158
Special Built-In Checks     159
Filtering Rules     162
Actions     164
Wait, There’s Even More!     168
Summary     169
Chapter 6     Using the Center for Internet Security Apache Benchmark Scoring Tool     171
Downloading, Unpacking, and Running the Scoring Tool     171
Unpacking the Archive     173
Running the Tool     174
Summary     180
Chapter 7     Mitigating the WASC Web Security Threat Classification with Apache     181
Contributors     182
Web Security Threat Classification Description     182
Goals     183
Documentation Uses     183
Overview     183
Background     184
Classes of Attack     184
Threat Format     186
Authentication     186
Brute Force     187
Insufficient Authentication     191
Weak Password Recovery Validation     192
Authorization     195
Credential/Session Prediction     195
Insufficient Authorization     198
Insufficient Session Expiration     199
Session Fixation     201
Client-Side Attacks     205
Content Spoofing     205
Cross-Site Scripting     207
Command Execution     210
Buffer Overflow     210
Format String Attack     215
LDAP Injection     218
OS Commanding     220
SQL Injection     223
SSI Injection     228
XPath Injection     230
Information Disclosure     232
Directory Indexing     232
Information Leakage     236
Path Traversal     239
Predictable Resource Location     242
Logical Attacks     243
Abuse of Functionality     244
Denial of Service     246
Insufficient Anti-Automation     250
Insufficient Process Validation     251
Summary     253
Chapter 8     Protecting a Flawed Web Application: Buggy Bank     255
Installing Buggy Bank     256
Buggy Bank Files     257
Turn Off Security Settings     258
Testing the Installation     258
Functionality     261
Login Accounts     262
Assessment Methodology     262
General Questions     262
Tools Used     263
Configuring Burp Proxy     263
Buggy Bank Vulnerabilities      266
Comments in HTML     266
Enumerating Account Numbers     267
How Much Entropy?     270
Brute Forcing the Account Numbers     270
Enumerating PIN Numbers     273
Account Unlocked     274
Account Locked     274
Brute Forcing the PIN Numbers     276
Command Injection     277
Injecting Netstat     278
SQL Injection     282
SQL Injection Mitigation     285
Cross-Site Scripting (XSS)     287
Mitigations     289
Balance Transfer Logic Flaw     290
Mitigation     292
Summary     293
Chapter 9     Prevention and Countermeasures     295
Why Firewalls Fail to Protect Web Servers/Applications     296
Why Intrusion Detection Systems Fail as Well     299
Deep Packet Inspection Firewalls, Inline IDS, and Web Application Firewalls     304
Deep Packet Inspection Firewall     304
Inline IDS     305
Web Application Firewall (WAF)     307
Web Intrusion Detection Concepts     309
Signature-Based     309
Positive Policy Enforcement (White-Listing)     314
Header-Based Inspection     325
Protocol-Based Inspection     329
Uniform Resource Identifier (URI) Inspection     336
Heuristic-Based Inspection     339
Anomaly-Based Inspection     340
Web IDS Evasion Techniques and Countermeasures     342
HTTP IDS Evasion Options     342
Anti-Evasion Mechanisms     347
Evasion by Abusing Apache Functionality     348
Identifying Probes and Blocking Well-Known Offenders     352
Worm Probes     352
Blocking Well-Known Offenders     354
Nmap Ident Scan     357
Nmap Version Scanning     358
Why Change the Server Banner Information?     359
Masking the Server Banner Information     361
HTTP Fingerprinting     363
Implementation Differences of the HTTP Protocol     364
Banner Grabbing     370
Advanced Web Server Fingerprinting     370
HTTPrint     371
Web Server Fingerprinting Defensive Recommendations     373
Bad Bots, Curious Clients, and Super Scanners     379
Bad Bots and Curious Clients     379
Super Scanners     381
Reacting to DoS, Brute Force, and Web Defacement Attacks     388
DoS Attacks     388
Brute Force Attacks     389
Web Defacements     392
Defacement Countermeasures     397
Alert Notification and Tracking Attackers     399
Setting Up Variables     402
Creating Historical Knowledge     403
Filtering Out Noise and Thresholding Emails     403
Request Snapshot and Attacker Tracking Links     403
Send Alert to Pager     404
Crude Pause Feature     404
Send the HTML     404
Example Email Alerts     404
Log Monitoring and Analysis     412
Real-Time Monitoring with SWATCH     413
Heuristic/Statistical Log Monitoring with SIDS     417
Honeypot Options     424
Sticky Honeypot     424
Fake PHF     425
OS Commanding Trap and Trace     427
Mod_Rewrite (2.1) to the Rescue     428
Summary     429
Chapter 10     Open Web Proxy Honeypot     431
Why Deploy an Open Web Proxy Honeypot?     431
Lack of Knowledge That an Attack Even Occurred     432
Lack of Verbose/Adequate Logging of HTTP Transactions     432
Lack of Interest in Public Disclosure of the Attack     432
What Are Proxy Servers?     433
Open Proxy Background     434
Open Web Proxy Honeypot     435
Linksys Router/Firewall     435
Turn Off Un-Needed Network Services     436
Configure Apache for Proxy     436
Data Control     439
Mod_Dosevasive     439
Mod_Security     439
Utilizing Snort Signatures     441
Brute Force Attacks     441
Data Capture     442
Real-Time Monitoring with Webspy     444
Honeynet Project’s Scan of the Month Challenge #31     444
The Challenge     445
Initial Steps     446
Question: How Do You Think the Attackers Found the Honeyproxy?      447
Question: What Different Types of Attacks Can You Identify? For Each Category, Provide Just One Log Example and Detail as Much Info About the Attack as Possible (Such as CERT/CVE/Anti-Virus ID Numbers). How Many Can You Find?      448
Search Logs for Mod_Security-Message     449
Utilization of the AllowCONNECT Proxying Capabilities     450
Search Logs for Abnormal HTTP Status Codes     451
Abnormal HTTP Request Methods      454
Non-HTTP Compliant Requests     455
Attack Category–SPAMMERS     457
Attack Category–Brute Force Authentication     459
Attack Category–Vulnerability Scans     459
Attack Category–Web-Based Worms     465
Attack Category–Banner/Click-Thru Fraud      468
Attack Category–IRC Connections     469
Question: Do Attackers Target Secure Socket Layer (SSL)-Enabled Web Servers?      470
Did They Target SSL on Our Honeyproxy?      471
Why Would They Want to Use SSL?      472
Why Didn’t They Use SSL Exclusively?     472
Question: Are There Any Indications of Attackers Chaining Through Other Proxy Servers? Describe How You Identified This Activity. List Other Proxy Servers Identified. Can You Confirm That These Are Indeed Proxy Servers?      473
Identifying the Activity     473
Confirming the Proxy Servers     475
Targeting Specific Open Proxies     479
Targeting Specific Destination Servers     480
Question: Identify the Different Brute Force Authentication Attack Methods. Can You Obtain the Clear-Text Username/Password Credentials? Describe Your Methods.     481
HTTP GET Requests     481
HTTP POST Requests     482
HTTP Basic Authentication     483
Obtaining the Cleartext Authorization Credentials     485
Distributed Brute Force Scan Against Yahoo Accounts     486
Forward and Reverse Scanning     487
Question: What Does the Mod_Security Error Message “Invalid Character Detected” Mean? What Were the Attackers Trying to Accomplish?     493
SecFilterCheckURLEncoding–URL-Encoding Validation     493
SecFilterCheckUnicodeEncoding–Unicode-Encoding Validation     494
SecFilterForceByteRange–Byte Range Check     494
SOCKS Proxy Scan     494
Code Red/NIMDA Worm Attacks     495
Question: Several Attackers Tried to Send SPAM by Accessing the Following URL: http://mail.sina.com.cn/cgi-bin/sendmsg.cgi. They Tried to Send Email with an HTML Attachment (Files Listed in the /upload Directory). What Does the SPAM Web Page Say? Who Are the SPAM Recipients?      496
SPAM Recipients     497
Question: Provide Some High-Level Statistics.      498
Top Ten Attacker IP Addresses     498
Top Ten Targets     500
Top User-Agents (Any Weird/Fake Agent Strings?)     500
Attacker Correlation from DShield and Other Sources?     501
Bonus Question: Why Do You Think the Attackers Were Targeting Pornography Web sites for      Brute Force Attacks? (Besides the Obvious Physical Gratification Scenarios.)      502
Even Though the Proxypot’s IP/Hostname Was Obfuscated from the Logs, Can You Still Determine the Probable Network Block Owner?      504
Summary     506
Chapter 11     Putting It All Together     509
Example Vulnerability Alert     509
Verify the Software Version     510
Patch Availability     510
Vulnerability Details     511
Creating a Mod_Security Vulnerability Filter     514
Testing the Vulnerability Filter     515
First Aid Versus a Hospital     516
Web Security: Beyond the Web Server     517
Domain Hijacking     517
DNS Cache Poisoning     517
Caching Proxy Defacement     519
Banner Ad Defacement     520
News Ticker Manipulations     521
Defacement or No Defacement?     521
Summary     522
Appendix A     Web Application Security Consortium Glossary     523
Appendix B     Apache Module Listing     533
Appendix C      Example httpd.conf File     549
Index     561
 

Notă biografică

Ryan C. Barnett is a chief security officer for EDS. He currently leads both Operations Security and Incident Response Teams for a government bureau in Washington, DC. In addition to his nine-to-five job, Ryan is also a faculty member for the SANS Institute, where his duties include instructor/courseware developer for Apache Security, Top 20 Vulnerabilities team member, and local mentor for the SANS Track 4, “Hacker Techniques, Exploits, and Incident Handling,” course. He holds six SANS Global Information Assurance Certifications (GIAC): Intrusion Analyst (GCIA), Systems and Network Auditor (GSNA), Forensic Analyst (GCFA), Incident Handler (GCIH), Unix Security Administrator (GCUX), and Security Essentials (GSEC). In addition to the SANS Institute, he is also the team lead for the Center for Internet Security Apache Benchmark Project and a member of the Web Application Security Consortium.

Textul de pe ultima copertă

“Ryan Barnett has raised the bar in terms of running Apache securely. If you run Apache, stop right now and leaf through this book; you need this information.”
–Stephen Northcutt, The SANS Institute
 
The only end-to-end guide to securing Apache Web servers and Web applications
 
Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won’t protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you’ll need to do that: step-by-step guidance, hands-on examples, and tested configuration files.
 
Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.
 
Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and your underlying OS; Apache downloading, installation, and configuration; application hardening; monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured “in the wild.”
 
For every sysadmin, Web professional, and security specialist responsible for Apache or Web application security.
 
With this book, you will learn to
  • Address the OS-related flaws most likely to compromise Web server security
  • Perform security-related tasks needed to safely download, configure, and install Apache
  • Lock down your Apache httpd.conf file and install essential Apache security modules
  • Test security with the CIS Apache Benchmark Scoring Tool
  • Use the WASC Web Security Threat Classification to identify and mitigate application threats
  • Test Apache mitigation settings against the Buggy Bank Web application
  • Analyze an Open Web Proxy Honeypot to gather crucial intelligence about attackers
  • Master advanced techniques for detecting and preventing intrusions