October 24, 2007

Apache and SSL

Posted by Hendry under BSD, Hacking, Linux, Networking, Opensource, Security
Leave a Comment 

If you are using Apache from the 2.x branch, the support for SSL is included with the distribution. For Apache 1, it is a separate download of one of two implementations. You can use mod_ssl (http://www.modssl.org) or Apache-SSL (http://www.apache-ssl.org). Neither of these two web sites discusses why you would choose one instead of the other. Historically, mod_ssl was created out of Apache-SSL, but that was a long time ago and the two implementations have little in common (in terms of source code) now. The mod_ssl implementation made it into Apache 2 and is more widely used, so it makes sense to make it our choice here.

Neither of these implementations is a simple Apache module. The Apache 1 programming interface does not provide enough functionality to support SSL, so mod_ssl and Apache-SSL rely on modifying the Apache source code during installation.

(more…)

 

October 22, 2007

Network Attacks

Posted by Hendry under BSD, Hacking, Linux, Networking, Security
Leave a Comment 

Network attacks are the most popular type of attack because they are easy to execute (automated tools are available) and difficult to defend against. Since these attacks are not specific to Apache, they fall outside the scope of this book and thus they are not covered in detail in the following sections. As a rule of thumb, only your upstream provider can defend you from attacks performed on the network level. At the very least you will want your provider to cut off the attacks at their routers so you do not have to pay for the bandwidth incurred by the attacks.

1. Malformed Traffic

The simplest network attacks target weaknesses in implementations of the TCP/IP protocol. Some implementations are not good at handling error conditions and cause systems to crash or freeze. Some examples of this type of attack are:

 

  • Sending very large Internet Control Message Protocol (ICMP) packets. This type of attack, known as the Ping of death, caused crashes on some older Windows systems.

  • Setting invalid flags on TCP/IP packets.

  • Setting the destination and the source IP addresses of a TCP packet to the address of the attack target (Land attack).

(more…)

 

October 20, 2007

Test… Test… Test…

Posted by Hendry under Uncategorized
[3] Comments 

Test for my first post :)

 

« Previous Page