Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com> PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE: Data Protection and Disaster Recovery Tips http://list.windowsitpro.com/t?ctl=4A4D1:57B62BBB09A692794697634C744D5ADC Recent Lessons in Disaster Recovery http://list.windowsitpro.com/t?ctl=4A4CF:57B62BBB09A692794697634C744D5ADC Filtering the Spectrum of Internet Threats http://list.windowsitpro.com/t?ctl=4A4CB:57B62BBB09A692794697634C744D5ADC === CONTENTS =================================================== IN FOCUS: Evading DoS Attacks Against Apache NEWS AND FEATURES - DNS Root Servers Fell Under Brief Attack - Skype Teams with Symantec and FaceTime to Offer Security Tools - New Direction, Product for Check Point - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: Root Access Through a User-Installed MySQL Back Door - FAQ: Managing Group Policy for Vista - Share Your Security Tips PRODUCTS - Data Auditing Solution Adds Content Scanning - Wanted: Your Reviews of Products RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: CA ================================================ Data Protection and Disaster Recovery Tips Discover a wealth of information about how to protect and secure your data in the event of a disaster. You may not be able to predict the exact details of a disaster, but you can be prepared with a solid response for when one strikes. Disaster can strike anywhere--not just where severe weather can hit--so make sure you're ready when it does. Download your free copy of this eBook today! http://list.windowsitpro.com/t?ctl=4A4D1:57B62BBB09A692794697634C744D5ADC === IN FOCUS: Evading DoS Attacks Against Apache =============== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net Last week, I began working with mod_evasive, a Web-based security tool that helps defend Apache HTTP Server against Denial of Service (DoS) attacks. Mod_evasive is a typical loadable module that looks for particular behavior and then blocks it. Mod_evasive is similar to Suhosin, which I wrote about back in December (at the URL below). You might remember that Suhosin is a patch for the PHP scripting engine that makes it far more secure. It helps detect and prevent all sorts of potentially bad Web-based content from reaching your systems and network beyond the PHP engine. http://list.windowsitpro.com/t?ctl=4A4D7:57B62BBB09A692794697634C744D5ADC The way mod_evasive works is to keep track of IP addresses that send URL requests to your Apache server, where it then gauges whether the request rates from any given IP address exceed your acceptable predefined limits. If the limits are exceeded, then the IP address is temporarily blocked from making any more requests. Like many other Apache modules, mod_evasive allows the administrator to set various parameters that control module behavior. For example, you can set the maximum number of pages that one IP address can request from your entire site (DOSSiteCount) within a specified time period (DOSPageInterval), the maximum number of page reloads one IP address can request(DOSPageCount) within a specified time period (DOSPageInterval), and the period of time to block the requesting IP address if it exceeds the limits (DOSBlockingPeriod). To help clarify, here's an example. If you set DOSSiteCount to 100, DOSPageCount to 3, DOSPageInterval to 2, and DOSBlockingPeriod to 10, then mod_evasive will work like this: If an IP address requests more than 100 different pages or reloads the same page more than three times in two seconds, that IP address will be blocked for 10 seconds. There are a few other parameters you can configure too. You can set the size of the hash table mod_evasive uses to track IP addresses. The larger the hash table, the more IP addresses it can keep track of. You can also define an email address that will receive a short notice any time an IP address is blocked. And you can set a logging directory that records the IP addresses about which you've received email messages. Mod_evasive uses the log to keep from sending you numerous messages about the same IP address. Overall mod_evasive seems like a reasonable addition to Apache. It will in fact help fend off some intruders. However, if you aren't careful about the settings, it might block relatively innocent users whose browsers or proxy servers perform aggressive preloading of Web pages-- typically used to enhance the browsing experience and speed up overall browsing. So be careful configuring the settings and be sure to monitor the email mod_evasive sends (if you use that feature) to determine whether you've configured it to be too restrictive. Mod_evasive is available from the developer, Jonathan A. Zdziarski, in source code format (at the URL below), so you must compile it by using Apache's apxs tool (see the readme file for details). That typically isn't a problem for Linux administrators; however it might present a problem for Windows users, who might not have apxs or other required tools. http://list.windowsitpro.com/t?ctl=4A4DF:57B62BBB09A692794697634C744D5ADC You can get apxs for Windows at Apache Lounge, at the URL below, provided as a Perl script. Be aware that you'll need some Apache- related libraries to use it, so when you install Apache on Windows you need to choose the custom install and select "Build Headers and Libraries" as part of your installation. Make sure the libraries are located in the lib subdirectory of your Apache installation directory before using the apxs tool. http://list.windowsitpro.com/t?ctl=4A4E3:57B62BBB09A692794697634C744D5ADC Or, to simplify matters, you can get a precompiled copy of mod_evasive for Windows, including source code, at the URL below. http://list.windowsitpro.com/t?ctl=4A4D3:57B62BBB09A692794697634C744D5ADC Finally, keep in mind that while mod_evasive is effective at protecting Apache against DoS attacks, it's not a cure-all. Attackers could still saturate your bandwidth or overload your Web server's CPU. So keep that in mind and take other measures, if you can, to prevent those possibilities from becoming reality. === SPONSOR: Neverfail ========================================= Recent Lessons in Disaster Recovery In today's IT world disaster recovery is more important than ever. This white paper looks at disaster recovery and what it means for your organization as well as identifies some of the approaches that work the best. Download now! http://list.windowsitpro.com/t?ctl=4A4CF:57B62BBB09A692794697634C744D5ADC === SECURITY NEWS AND FEATURES ================================= DNS Root Servers Fell Under Brief Attack On February 6, some of the root DNS servers that provide the backbone for the Internet's global domain name system fell under attack. http://list.windowsitpro.com/t?ctl=4A4D9:57B62BBB09A692794697634C744D5ADC Skype Teams with Symantec and FaceTime to Offer Security Tools Skype will offer Symantec's Norton tools to its base of small business and home office users. FaceTime will work with Skype's business users to provide end-to-end security within the enterprise. http://list.windowsitpro.com/t?ctl=4A4DC:57B62BBB09A692794697634C744D5ADC New Direction, Product for Check Point Check Point Software Technologies is moving into the data security market and enhancing its core network security product line after its recent acquisitions of Protect Data (which owns Pointsec) and NFR Security. http://list.windowsitpro.com/t?ctl=4A4D8:57B62BBB09A692794697634C744D5ADC Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=4A4D2:57B62BBB09A692794697634C744D5ADC === SPONSOR: St. Bernard Software ============================== Filtering the Spectrum of Internet Threats Examine the threats of allowing unwanted or offensive content into your network and learn about the technologies and methodologies to defend against inappropriate content, spyware, IM, and P2P. Download this free white paper now! http://list.windowsitpro.com/t?ctl=4A4CB:57B62BBB09A692794697634C744D5ADC === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: Root Access Through a User-Installed MySQL Back Door by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=4A4E1:57B62BBB09A692794697634C744D5ADC Did you know that someone can gain root shell access (or system-level access in Windows) through quirks in the load_file feature of MySQL? Hopefully you've locked down your system to prevent that. http://list.windowsitpro.com/t?ctl=4A4DA:57B62BBB09A692794697634C744D5ADC FAQ: Group Policy for Windows Vista by John Savill, http://list.windowsitpro.com/t?ctl=4A4DE:57B62BBB09A692794697634C744D5ADC Q: How can I manage Group Policy for Windows Vista machines? Find the answer at http://list.windowsitpro.com/t?ctl=4A4DB:57B62BBB09A692794697634C744D5ADC SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS =================================================== by Renee Munshi, products@private Data Auditing Solution Adds Content Scanning Tizor Systems claims that its new 5.0 release of Mantra is the first data auditing and protection solution to feature content scanning capabilities, which let enterprises discover, monitor, and report on the activity of specific types of data (such as credit card and Social Security numbers) in databases and file systems and on mainframes. Other new functionality in Mantra 5.0 lets enterprises track all database changes and reconcile them with authorized change control tickets and better enforce segregation of duties through roles. Mantra 5.0 also offers enhanced support for Microsoft SQL Server, including NT LAN Manager (NTLM) authentication and named pipes support, and better network monitoring of Distributed Relational Database Architecture (DRDA) mainframes. Mantra 5.0 will be available first quarter 2007. For more information, go to http://list.windowsitpro.com/t?ctl=4A4E6:57B62BBB09A692794697634C744D5ADC WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to whatshot@private and get a Best Buy gift certificate. === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=4A4DD:57B62BBB09A692794697634C744D5ADC Learn how to use consolidation and selected technology updates to build an infrastructure that handles change effectively. http://list.windowsitpro.com/t?ctl=4A4D0:57B62BBB09A692794697634C744D5ADC A secure mail and messaging infrastructure is fundamental to your business, and every organization should plan for the appropriate message hygiene, availability, and control services from the start. This eBook introduces three fundamental mail and messaging management services--security, availability, and control services--and explains how you can implement them in a Microsoft-centric email and messaging environment. Download now! http://list.windowsitpro.com/t?ctl=4A4CC:57B62BBB09A692794697634C744D5ADC Are you planning to deploy or increase your use of Group Policy? Attend this free Web seminar and learn how to design a solid deployment plan, get tips on the best ways to set up delegation, discover the importance of good Group Policy change control, and learn how to optimize processing performance. Live event: February 28, 2007 at 12:00 PM EST. http://list.windowsitpro.com/t?ctl=4A4CD:57B62BBB09A692794697634C744D5ADC === FEATURED WHITE PAPER ======================================= Devote your time, energy, and resources to serving your customers, not your servers. Want to focus on high-value activities instead of applying OS patches and updates, dealing with security vulnerabilities, and managing disk drives? Download this free white paper now and find out how you can have a business-class Web hosting solution with secure application pooling to protect your data. http://list.windowsitpro.com/t?ctl=4A4CE:57B62BBB09A692794697634C744D5ADC === ANNOUNCEMENTS ============================================== Introducing a Unique Exchange and Outlook Resource Exchange & Outlook Pro VIP is an online information center that delivers new articles every week on topics such as administration, migration, security, and performance. Subscribers also receive tips, cautionary advice, direct access to our editors, and a host of other benefits! Order now at an exclusive charter rate and save up to $50! http://list.windowsitpro.com/t?ctl=4A4D4:57B62BBB09A692794697634C744D5ADC Grab Your Share of the Spotlight! Nominate yourself or a peer to become IT Pro of the Month. This is your chance to get the recognition you deserve! Winners will receive over $600 in IT resources and be featured in Windows IT Pro. It's easy to enter--we're accepting March nominations now, but only for a limited time! Submit your nomination today: http://list.windowsitpro.com/t?ctl=4A4E2:57B62BBB09A692794697634C744D5ADC ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below). http://list.windowsitpro.com/t?ctl=4A4E0:57B62BBB09A692794697634C744D5ADC http://list.windowsitpro.com/t?ctl=4A4E5:57B62BBB09A692794697634C744D5ADC Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=4A4D6:57B62BBB09A692794697634C744D5ADC Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=4A4E4:57B62BBB09A692794697634C744D5ADC About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://list.windowsitpro.com/t?ctl=4A4D5:57B62BBB09A692794697634C744D5ADC Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2007, Penton Media, Inc. All rights reserved. ______________________________________ Subscribe to the InfoSec News RSS Feed http://www.infosecnews.org/isn.rss
This archive was generated by hypermail 2.1.3 : Thu Feb 15 2007 - 00:20:33 PST