Description: Running ModSecurity with the OWASP ModSecurity Core Rules is hard. A huge wave of false positives drowns sysadmins and logfile servers alike. The upcoming 3.0.0 release of the Core Rules comes with a new paranoia mode. This feature organises the various rules in different paranoia levels. The higher the paranoia level, the more paranoid the rules and the more false positives you will get. However, the default installation gives you a decent security level without too many false positives. This allows for a straight forward ModSecurity setup which is not threatening an existing productive service. Instead you start with a limited set of rules and then you raise the paranoia level step by step to the number that suits the desired security level of your site. In this talk, we will look at the configuration of the paranoia mode. We will look at rules and we will look at ModSecurity defending against popular attack kits at various paranoia levels.
Christian Folini(@ChrFolini)
Dr. Christian Folini is a partner at netnea AG in Berne. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian found that defending webservers is equally interesting.
With his background in humanities, Christian is able to bridge the gap between techies and non-techies. He brings more than ten years experience in this role, specialising in Apache / ModSecurity configuration, DDoS defense and threat modeling.
Christian is a frequent committer to the OWASP ModSecurity Core Rules project, vice president of Swiss Cyber Experts, a public private partnership, member of the committee of the Swiss Cyberstorm conference and many other things.
Contact by owners of medieval castles welcome.
For More Information Please Visit:- http://area41.io/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.