On March 4, 2012 22:11 , Rajeev Prasad <[email protected]> wrote:
want to make sure my web server is highly secure.
I am not sure between modsecurity and AppArmor. can someone help with
their experience?
mod_security is a web application firewall that works at the HTTP level
to protect the web server and web application from attacks. You can add
rules to prevent specific exploits, or to implement policies (e.g.,
block requests that appear to contain credit card numbers or other
sensitive data). See https://modsecurity.org/projects/modsecurity/apache/
AppArmor is a Mandatory Access Control system that works at the
operating system level. It restricts what programs running on the
system, such as Apache HTTP Server, are allowed to do. For example, if
someone exploits a security vulnerability in a web application you are
running to gain control of Apache, AppArmor can prevent the attacker
from opening an outgoing IRC connection. More importantly, AppArmor can
detect that Apache has TRIED to do something that it shouldn't be doing,
thus alerting you to the attacker's presence. See
https://en.wikipedia.org/wiki/Apparmor
Normally, you would not choose "between" mod_security and AppArmor:
both can be used together, and they complement each other to provide
defense in depth.
I hope this helps.
--
Mark Montague
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
