On March 4, 2012 22:11 , Rajeev Prasad <rp.neuli@xxxxxxxxx> wrote:
want to make sure my web server is highly secure.I am not sure between modsecurity and AppArmor. can someone help with their experience?
mod_security is a web application firewall that works at the HTTP level to protect the web server and web application from attacks. You can add rules to prevent specific exploits, or to implement policies (e.g., block requests that appear to contain credit card numbers or other sensitive data). See https://modsecurity.org/projects/modsecurity/apache/
AppArmor is a Mandatory Access Control system that works at the operating system level. It restricts what programs running on the system, such as Apache HTTP Server, are allowed to do. For example, if someone exploits a security vulnerability in a web application you are running to gain control of Apache, AppArmor can prevent the attacker from opening an outgoing IRC connection. More importantly, AppArmor can detect that Apache has TRIED to do something that it shouldn't be doing, thus alerting you to the attacker's presence. See https://en.wikipedia.org/wiki/Apparmor
Normally, you would not choose "between" mod_security and AppArmor: both can be used together, and they complement each other to provide defense in depth.
I hope this helps. -- Mark Montague mark@xxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|