SRA840 Lab9

From CDOT Wiki
Revision as of 15:02, 12 April 2009 by Vyas (talk | contribs)
Jump to: navigation, search

Mohak

* Did you have any problems with configuring 
Apache to be more secure. If you did then how did 
you resolve them.

I used Apache2.0. This link discusses security 
tips for Apache version 2.0. There are 
step-by-step instructions and easy to understand. 
I followed the link and security tips discussed 
on the page and did not had any problems 
installing them.


Nestor the Securitor

Did you have any problems with configuring Apache to be more secure. If you did then how did you resolve them.

I installed Apache with SSL. All I need is make sure 443 port is opened and generate a key. That's it

Did you have any problems with configuring PHP+Apache to be more secure. If you did then how did you resolve them.

I use 'mod_security'

Describe

Why you chose those security tips?

SSL is the most commonly used to protect web service. And it will also protect the clients too..
I use 'mod_security', it's interesting to have firewall module on top of Apache. It's quite useful when you are a webmast and dose not have any previlige to firewall and system. Then, 'mod_security' would be useful in this case.

What additional security tips exist on the Internet for the tips you used above. Point links to those websites in your answer.

Apache

http://www.securityfocus.com/infocus/1694

http://www.apache-ssl.org/

mod_php

http://proquest.safaribooksonline.com/0596007248/apachesc-CHP-3#X2ludGVybmFsX1NlY3Rpb25Db250ZW50P3htbGlkPTA1OTYwMDcyNDgvYXBhY2hlc2MtQ0hQLTEyLVNFQ1QtMg==

http://www.webmasterworld.com/forum92/5592.htm

Milton Paiva Neto

1. Did you have any problems with configuring PHP+Apache to be more secure. If you did then how did you resolve them. Describe :

Actually after setting up all the apache modules I didn't have any problem, but there are some steps that are tricky like run apache in a chroot environment, check the checksum of the downloaded files, use the least privilege policy, run apache as a user without access to a shell or terminal.

  • Why you chose those security tips?

To avoid intruders in my system and even if someone break in to my system, it will login as an user with low privileges and this person will not be allowed to run rootkits to because root(scalable privileges).

  • What additional security tips exist on the Internet for the tips you used above. Point links to those websites in your answer.

[1]http://www.petefreitag.com/item/505.cfm

[2]http://www.securityfocus.com/infocus/1706

[3]http://www.securityfocus.com/infocus/1694