ModSecurity is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and has been referred to as the “Swiss Army Knife of web application firewalls.” While this is certainly true, it doesn’t do much implicitly on its own and requires rules to tell it what to do. In order to enable users to take full advantage of ModSecurity out of the box, we have developed the Core Rule Set (CRS) which provides critical protections against attacks across most every web architecture.
Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, which are in most cases custom coded.
Improvements made in v2.0.8:
- Updated the PHPIDS filters
- Updated the SQL Injection filters to detect boolean attacks (1<2, foo == bar, etc..)
- Updated the SQL Injection filters to account for different quotes
- Added UTF-8 encoding validation support to the modsecurity_crs_10_config.conf file
- Added Rule ID 950109 to detect multiple URL encodings
- Added two experimental rules to detect anomalous use of special characters
Download OWASP ModSecurity Core Rule Set (CRS) v2.0.8 Here
Tagged as: intrusion prevention system, OWASP ModSecurity Core Rule Set, PHPIDS, web application security
New improved latest version of Suricata 1.0.1 is out for action.
Changes and improvements in Suricata
- Major detection accuracy improvements.
- ip_proto keyword was fixed for malformed packets.
- Fix a TCP RST packet evasion issue
- Stream reassembly improvements.
Some breif about Suricata
Suricata is a multi-threaded intrusion detection/prevention engine. To describe Suricata as multi-threaded means that it can run on a machine with multiple CPUs, using threads to spread the workload between the CPUs and process many packets and streams at one time.
We have tested it on centos 5 and also recommmend for small organisations for their IDS & IPS setup.
Download Suricata 1.0.1 Here
Searches leading to this post:
Fierce Domain Scan on centos,
how to install suricata in windows,
suricata centos,
suricata tutorial
Tagged as: intrusion dectection, intrusion prevention system, Open Source, Suricata
Astaro Security Linux is an award-winning, unique network security solution in an integrated and easy-to-use and manage package that includes a combination of the following security applications:
- A Firewall with stateful packet inspection and application proxies guards Internet communications traffic in and out of the organization.
- A Virtual Private Network (VPN) gateway assures secure communications with remote offices, road warriors and telecommuters.
- Anti-Virus defends computers from both email and web-bourne viruses.
- Intrusion Protection detects and stops hostile probes and application-based attacks.
- Spam Filtering eliminates the productivity drain of opening and deleting unsolicited emails.
- Surf Protection (Content Filtering) and Spyware Protection improve productivity by blocking inappropriate web activities, provide full protection from user tracking threats and violation of privacy.
For a small and growing organization this is a good tool, can act as a all in one appliance. Or probably, we could use it to understand the working of various network security tools.
Features of Astaro Security Linux:
- Protects all types of networks Windows, Linux, Unix and others.
- Delivers comprehensive features at low cost maximizing your ROI (return on investment).
- Highly effective. Has won numerous industry awards. Beat Cisco and Checkpoint in InfoWorld magazine product review, Beat IBM and Computer Associates in Linux World for Best Security Application.
- Integrated management platform features an intuitive browser-based interface and one-step updates for rapid deployment and easy management.
- Can be installed in under 15 minutes or purchased pre-installed on security appliances.
- Can start with firewall, VPN and spam protection and add other security applications as needed, seamlessly.
- Runs as a dedicated application server on top of a hardened operating system, which relieves operating system management headaches.
- Runs on systems ranging from small devices up to large multi-processor systems utilizing gigabytes of memory.
- Redundant systems can be configured to provide high availability and automatic fail-over in case of hardware or network failures.
- Load balancing improves performance traffic shaping can set priorities by network, service and protocol.
- Logging, automatic backup, and diagnostic tools support high reliability.
Our verdict, if you are looking for a free, one stop shop to manage security, you could give Astaro Security Linux a run in your network.
Download Astaro Security version 7.502 here
Searches leading to this post:
astaro live log packet 41,
astaro run on linux,
dns rebinding astaro,
free linux Security Gateway,
step by step astaro security gateway,
virtual security gateway
Tagged as: Astaro Security Linux, firewall tool, intrusion prevention system, live linux cd, VPN
