Hi, Anyone running mod_security module from www.modsecurity.org with apache 1.3.28 under SuSE 8.2 ? If so, what are the thoughts about it ? Thanks -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer Please reply to the list; http://susefaq.sf.net Please don't CC me.
On Fri, 2003-12-19 at 14:01, Togan Muftuoglu wrote:
Hi,
Anyone running mod_security module from www.modsecurity.org with apache 1.3.28 under SuSE 8.2 ? If so, what are the thoughts about it ?
If you use a linux firewall (or even not), why don't you use a honeypot or something similar? Isn't it better to stop the intrusion before it gets to your web server?
Thanks --
Togan Muftuoglu Unofficial SuSE FAQ Maintainer Please reply to the list; http://susefaq.sf.net Please don't CC me.
* Ray Leach; <raymondl@knowledgefactory.co.za> on 19 Dec, 2003 wrote:
On Fri, 2003-12-19 at 14:01, Togan Muftuoglu wrote: If you use a linux firewall (or even not), why don't you use a honeypot or something similar?
I do not want to spend time with setting a honeypot, I'd rather use it to to protect what I have. What do you mean by linux firewall ? As I understand firewalls you can have Network Access layer, IP layer, Transport Layer and Application layer firewalls. SuSefirewall is just one part of a firewall system not the whole as I see it.
Isn't it better to stop the intrusion before it gets to your web server?
We do not know where my server is yet I can have reverse proxies so I am possibly stopping intrusion before it gets to the actual webserver That is why I am asking, I wnat to have opionions if people are using it how does it perform any benefits for security ( http://www.modsecurity.org/features/index.html has the features yet how are these performing in real life) Thanks -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer Please reply to the list; http://susefaq.sf.net Please don't CC me.
On Fri, 2003-12-19 at 14:56, Togan Muftuoglu wrote:
* Ray Leach; <raymondl@knowledgefactory.co.za> on 19 Dec, 2003 wrote:
On Fri, 2003-12-19 at 14:01, Togan Muftuoglu wrote: If you use a linux firewall (or even not), why don't you use a honeypot or something similar?
I do not want to spend time with setting a honeypot, I'd rather use it to to protect what I have. What do you mean by linux firewall ? As I understand firewalls you can have Network Access layer, IP layer, Transport Layer and Application layer firewalls.
SuSefirewall is just one part of a firewall system not the whole as I see it.
That's right, so a linux firewall might consist of iptables packet filtering rules, tripwire (or something similar), squid (acting as both inbound - reverse - and outbound proxy) probably using something like squidGuard to restrint users, ftp-proxy, honeypot (maybe even a different system), and maybe many more apps.
Isn't it better to stop the intrusion before it gets to your web server?
We do not know where my server is yet I can have reverse proxies so I am possibly stopping intrusion before it gets to the actual webserver
Good.
That is why I am asking, I wnat to have opionions if people are using it how does it perform any benefits for security ( http://www.modsecurity.org/features/index.html has the features yet how are these performing in real life)
Thanks
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer Please reply to the list; http://susefaq.sf.net Please don't CC me.
participants (2)
-
Ray Leach -
Togan Muftuoglu