Powerful, customizable protection for web applications and websites running ModSecurity on Apache/Linux based web-servers

Transcription

1 Free ModSecurity Rules from Comodo Powerful, customizable protection for web applications and websites running ModSecurity on Apache/Linux based web-servers This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided as is, without express or implied warranties of any kind Comodo Group Inc. All rights reserved. Comodo Group, Inc. ( Comodo ) and its affiliates cannot be responsible for errors or omissions in typography or photography. All other trademarks and trade names which may be used in this document are properties of their respective owners. Comodo disclaims proprietary interest in the marks and names of others.

2 Free ModSecurity Rules from Comodo What is ModSecurity? ModSecurity is a popular open source module for Apache web servers to provide a Web Application Firewall (WAF), a layer of security to shield the web server and the applications running on it from harm or compromise. ModSecurity can be implemented as a Firewall or as a proxy web server for a WAF you custom build. ModSecurity monitors and logs HTTP traffic and can potentially control inputs and outputs to and from the web server and applications based on a defined set of rules. What are ModSecurity Rules? While the logging and monitoring features have value, the key to ModSecurity s effectiveness is its rules engine that controls inputs and outputs based on a set of defined rules. It uses a special programming language that is designed to work with HTTP transaction data. The ModSecurity Rule Language makes it possible to create flexible and customizable rules that protect your servers and applications from harm while allowing uninhibited valid traffic. ModSecurity Rule Sets provide protection in the following categories: HTTP Protection: Detecting violations of the HTTP protocol and a locally defined usage policy. Real-time Blacklist Lookups: Utilizes 3rd Party IP Reputation HTTP Denial of Service Protections: Defense against HTTP Flooding and Slow HTTP DoS Attacks. Common Web Attacks Protection: Detecting common web application security attacks. Automation Detection: Detecting bots, crawlers, scanners and other surface malicious activity. Integration with AntiVirus Scanning for File Uploads: Detects malicious files uploaded through the web application. Tracking Sensitive Data: Tracks Credit Card usage and blocks leakages. Trojan Protection: Detecting access to Trojans horses. Identification of Application Defects: Alerts on application misconfigurations. Page 2

3 Error Detection and Hiding: Disguising error messages sent by the server. ModSecurity rules can be implemented based on various security models. It is up to the user to implement the appropriate rules for the desired model. The following are the most common models: Negative Security Model: Identifies known malicious and harmful requests. Positive Security Model: Only requests that are known to be valid are accepted. All other requests are rejected Extrusion Detection Model: Monitor outbound data to block information the disclosure of confidential data such as social security numbers and financial data. External Patching: ModSecurity rules can address issues with application vulnerabilities identified before a patch can be implemented. Why Comodo ModSecurity Rules? Comodo ModSecurity rules are based on the vast amount of real world experience we have accumulated while protecting our customers online, including securing over 200,000 web sites and 75 million computers worldwide. Our free rule set is updated regularly by our team of security professionals who are fighting a never ending battle to keep pace with a constantly changing threat environment. Comodo Antivirus Labs: The only free ModSecurity rules that come from a company with an internationally renowned antivirus lab. We see threats at every level worldwide and are dedicated to turning that knowledge into security solutions for you. Categorization of Rules: The only free ModSecurity rules that allows categorization of rules. You only run rules you need, rather than waste valuable CPU cycles looking through unnecessary rules. Free technical support. Comodo engineers and security experts are at your disposal 24/7 worldwide. Superior Performance: For the security provided you get the best system performance of any 3rd party rules supplier. Page 3

4 Performance? Minimal Impact Page 4

5 Getting Your Free ModSecurity Rules Signup today at: If you have a business inquiry and would like to speak directly with a sales representative about Comodo products and services, please contact us at: Tel: US +U.S UK & Europe +44(0) International [email protected] About Comodo Comodo is a leading provider of trust-based, Internet security products for organizations of every size. Comodo s offerings range from SSL certificates and antivirus software to endpoint security, mobile device management, and PCI compliance. Clients utilizing Comodo security products include Morgan Stanley, Comcast, Sears, Time Warner, and Merck among others. Comodo Group Inc Broad Street Clifton, NJ United States +1 (888) Comodo CA Limited 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ, United Kingdom Tel: +44 (0) Page 5