OGH DBA Dag 14 september 2010 Frits Hoogland

More documents

Recommendations

Info

mod_security Example:– “CONNECT localhost:25 HTTP/1.0” with telnet– Now results in “403 Forbidden”– Registration in modsecurity audit file:--7d565676-A--[20/May/2010:09:27:40 +0200] S-TkbH8AAAEAABQLqt4AAABF 10.0.1.2 55491 10.0.1.12 7777--7d565676-B--CONNECT localhost:25 HTTP/1.0--7d565676-F--HTTP/1.1 403 ForbiddenContent-Length: 210Connection: closeContent-Type: text/html; charset=iso-8859-152Tuesday, September 14, 2010
mod_security Some of the rules it triggered:Message: Operator EQ matched 0 at REQUEST_HEADERS. [file "/oracle/Oracle_WT1/instances/instance1/config/OHS/ohs1/modsecurity.d/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "28"] [id "960008"] [rev "2.0.5"] [msg"Request Missing a Host Header"] [severity "NOTICE"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]– Request missing a Host headerMessage: Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/oracle/Oracle_WT1/instances/instance1/config/OHS/ohs1/modsecurity.d/base_rules/modsecurity_crs_30_http_policy.conf"] [line "30"] [id "960032"] [msg "Method is not allowedby policy"] [data "CONNECT"] [severity "CRITICAL"] [tag "POLICY/METHOD_NOT_ALLOWED"] [tag"WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"]53– CONNECT is not an accepted methodMessage: Access denied with code 403 (phase 2). [file "/oracle/Oracle_WT1/instances/instance1/config/OHS/ohs1/modsecurity.d/base_rules/modsecurity_crs_49_enforcement.conf"][line "25"] [msg "Anomaly Score Exceeded (score 30): Method is not allowed by policy"]Action: Intercepted (phase 2)– And intercepted based on score!Tuesday, September 14, 2010
Page 1: Oracle HTTP serversecurityOGH DBA D
Page 7 and 8: Firewall!7Tuesday, September 14, 20
Page 9 and 10: Firewallhost.example.comFirewallhos
Page 11 and 12: Firewall Examples of firewalls:- PI
Page 13 and 14: Architecturehost.example.comhost.dm
Page 15 and 16: Webserver Clients communicate with
Page 17 and 18: Tuesday, September 14, 201017
Page 19 and 20: Figure 6 shows the change over time
Page 26 and 27: How to harden? Webserver scanner: N
Page 28 and 29: Example: incorrect config We got a
Page 33 and 34: HTTPSQ: Does HTTPS make your site m
Page 37 and 38: HTTPS HTTPS encrypts communication-
Page 39 and 40: Scanning yourself To harden for the
Page 41 and 42: Information spilling- To ‘Prod’
Page 43 and 44: Information spilling No guarantee,
Page 45 and 46: Information spilling Web cache mana
Page 47 and 48: Ports < 1024 On Linux/Unix requires
Page 49 and 50: mod_security Apache module- Functio
Page 51: mod_security It’s easy to add mod
Page 55 and 56: Q & AThank you for attending!55Tues
Page 57 and 58: Bibliography & Links hping (packet

OGH DBA Dag 14 september 2010 Frits Hoogland

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?