Advance Apache Security – mod_proxy,mod_security and mod_evasive

Earlier to this post we have talked ’bout apache server installation for best performance and securing the server using tcp wrappers and iptables filrewall, let’s take the whole discussion one step further and talk ’bout application security hosted on your web server.

As more and more attacks are being carried out over the HTTP layer there is a growing need to push the envelope and bring Web security to new levels. Most existing tools work on the TCP/IP level, failing to use the specifics of the HTTP protocol in their operation. The need for increased security has lead to the creation of application gateways, tools that are essentially reverse proxies with the added capability of protocol analysis. Apache web server it self provides solution of the problem to a great extent, provided it’s loaded with some specific modules. (more…)

Configure Linux Box as Internet Gateway

My last few post were ’bout Linux firewall and Network address translation using iptables. For me iptables is a very dynamic tool to configure things with Linux box, like free Linux firewall, transparent proxy and Linux router to share internet connection. So this post is ’bout configuring Linux box as a secure and safe internet gateway using iptables and squid.

You don’t need a hi-fi machine for the task, any low end machine could do good enough with two Network Interface Card installed on it. I’m always comfortable with fedora core so i used it again however any destro could do but then the steps here might need same changes, anyways i’ve used fedora core 6 i.e. latest kernel with iptables support. Once installed you are ready to configure Linux router on the system. (more…)

Linux Firewall – iptables and NAT

Earlier to this we have talked ’bout iptables filtering, a simple firewall and filtering rules to secure your Linux box. To understand IPtables a little more then just blocking and filtering, we are going to talk ’bout Network Address Translation.

NAT, Network Address translation basically is of two types SNAT and DNAT.

SNAT, Source NAT is when you alter the source address of the first packet: i.e. you are changing where the connection is coming from. Source NAT is always done post-routing, just before the packet goes out onto the wire. Masquerading is a specialized form of SNAT.

DNAT, Destination NAT is when you alter the destination address of the first packet: i.e. you are changing where the connection is going to. Destination NAT is always done before routing, when the packet first comes off the wire. Port forwarding, load sharing, and transparent proxying are all forms of DNAT. (more…)

Linux firewall – iptables filtering

So after few basic steps about server security, let’s come to the real action part of the story, IPTABLES.

Iptables is a generic table structure that defines rules and commands as part of the netfilter framework that facilitates Network Address Translation (NAT), packet filtering, and packet mangling in the Linux 2.4 and later operating systems.

NAT is the process of converting an Internet Protocol address (IP address) into another IP address. Packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols. Packet mangling is the ability to alter or modify packets before and/or after routing. (more…)

Securing Your Linux Servers- TCP Wrappers.

Server security, when a system is used as a server on a public network, it becomes a target for attacks. For this reason, hardening the system and locking down services is of paramount importance for the system administrator. Although security is a vast issue to deal with, it’s a common saying that “nothing is 100% secure in this world” but i believe there is always a reason to take care of it. Here we are going to talk ’bout the step ensuring basic server security, however we would be exploring firewall through iptables, in little depth.

There are few common attacks, that could possibly by avoided taking care of few things. First of all i’m going to talk ’bout the ssh brute force attack. This event is generated when an attacker attempts to login to an SSH server by guessing usernames and passwords. By default, the ssh access to the server is blocked however if someone needs to open the ssh access, few things should be taken care of. (more…)