All that You Need to Know about OWASP ModSecurity CRS

1
All that You Need to Know about OWASP ModSecurity
CRS
2
Table of Contents

• OWASP ModSecurity CRS
• Servers
• Web Servers
• Benefits of Using OWASP ModSecurity CRS
• Protection of Unsecure Web Application Design
• Protection against OS Level Attacks

• Protection against Malicious Web Traffic
• Downside of OWASP ModSecurity CRS
• How to Use the OWASP ModSecurity Rule Set
• Reporting Issues in an OWASP ModSecurity Rule
• Configuration Files

3
OWASP ModSecurity CRS

• The OWASP ModSecurity CRS (Core Rule Set) refers
  to a set of rules that can be used by the
  ModSecurity module of Apache in order to protect
  a server. OWASP is the abbreviation for Open Web
  Application Security Project. These rules might
  not render a server immune to attacks but these
  help in significantly increasing the level of
  protection with regard to web applications.

4
Servers

• Servers are software or hardware devices that
  serve the role of accepting and fulfilling the
  requests of their clients, which are made over a
  network. The devices that generate requests for
  the servers and subsequently receive their
  responses are known as the clients. Servers
  provide service (functionality) to their clients,
  which are programs or devices. The client-server
  model is used for this purpose.

5
Web Servers

• Servers are of various types, such as mail
  servers, database servers, print servers, file
  servers, game servers, application servers, proxy
  servers, web servers, etc. A web server is used
  to store and process the files of websites for
  making websites accessible online. Web servers
  are provided by web hosting companies through the
  service of web hosting. Web hosting can be of
  many types which include shared hosting,
  dedicated hosting, VPS, reseller hosting,
  WordPress hosting, cloud hosting, etc. The most
  efficient and popular web hosting companies are
  sometimes referred to as the Top Cloud Hosting
  Company or as the Best Windows Shared Hosting
  Company or as the Best Linux Dedicated Hosting
  Company, etc.

6
Benefits of Using OWASP
ModSecurity CRS

• There are many benefits of using the OWASP
  ModSecurity CRS. The main benefits include
  protection with regard to web application designs
  that are not secure, protection against OS
  (Operating System) level attacks, and protection
  against malicious web traffic.
• The next three slides will provide detailed
  information about each of these benefits.

7
Protection of Unsecure Web
Application Design

• OWASP ModSecurity rule sets deliver a layer of
  protection for various web applications, such as
  phpBB, WordPress, etc. It ensures protection
  against vulnerabilities in web applications that
  are out-of-date. If any mistake of the developer
  causes security issues, ModSecurity is capable of
  blocking an attack prior to it being able to
  access the vulnerable application.

8
Protection against OS Level
Attacks

• OWASP ModSecurity rule sets ensure protection
  against attacks that are meant for exploiting a
  servers OS (Operating System). Security experts
  can create ModSecurity rules to foil such
  attempts. Server administrators can use
  ModSecurity rules and additional security
  measures until a security patch is released.

9
Protection against Malicious Web
Traffic

• ModSecurity rules help to reduce the risks
  related to malicious web traffic. These rules
  ensure protection against malicious traffic that
  is harmful.

10
Downside of OWASP ModSecurity CRS

• The main downside of OWASP ModSecurity CRS is
  something that is common to any mechanism, which
  is used for blocking web traffic. These rules can
  block traffic that isnt malicious (false
  positives). Hence, one should regularly review
  the ModSecurity Tools interface in order to
  evaluate the traffic which is being blocked by
  the existing rule set, and ascertain if these
  blocks are affecting legitimate users.

11
1-800-123 -8156

• Whoa! Thats a big number, arent you
  proud?

12
How to Use the OWASP ModSecurity Rule Set

• In order to use the OWASP ModSecurity rule set
  one needs to follow sequentially the
  below-mentioned steps.
• Select the ModSecurity (mod security) Apache
  module, while using EasyApache 4 interface. WHM
  gtgt Home gtgt Software gtgt EasyApache 4.
• Use the ModSecurity Vendors interface to install
  the OWASP rule set, after installing the
  ModSecurity Apache module. WHM gtgt Home gtgt
  Security Center gtgt ModSecurity Vendors.
• Once the configuration files are enabled, the
  rules get activated.
• Use the ModSecurity Tools interface for reviewing
  the logged notifications and the blocked traffic.
  WHM gtgt Home gtgt Security Center gtgt ModSecurity
  Tools.

13
Reporting Issues in an OWASP ModSecurity Rule

• If there is any problem in an OWASP rule, it can
  be reported by carrying out the following steps.
• Navigate to ModSecurity Tools interface in WHM.
  WHM gtgt Home gtgt Security Center gtgt ModSecurity
  Tools.
• Locate the hit that was generated by the rule, in
  the Hits List.
• Click More.
• Click Report this hit.
• It needs to be mentioned here that this option
  will not appear when reports are not being
  accepted by the vendor.
• Enter the following details your email address,
  the reason for reporting, and any comment for the
  vendor, if there is any.
• Click Review Report.
• Verify the information in the report.
• Click Submit.

14
Configuration Files

• Configuration files are used by the OWASP
  ModSecurity CRS. These files have the rules that
  protect ones server. Similar rules are grouped
  together by these configuration files. This makes
  it possible to easily manage them.

15
Thanks!

• ANY QUESTIONS?

• www.htshosting.org
• www.htshosting.org/best-web-hosting-company-India
• www.htshosting.org/best-windows-hosting
• www.htshosting.org/best-cloud-hosting-company