Powerful, customizable protection for web applications and websites running ModSecurity on Apache/Linux based web-servers



Similar documents
Endpoint Security and the Case For Automated Sandboxing

Comodo One Software Version 1.8

Importing and Using your Personal Authentication Certificate with Mozilla SeaMonkey Client (PC)

Comodo Mobile Security for Android Software Version 3.0

Web Host Reseller Program

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

Importing and using your Personal Authentication Certificate with Djigzo for Android

Importing your Personal Authentication Certificate to Android Devices

Comodo Certificate Manager. Centrally Managing Enterprise Security, Trust & Compliance

Importing and Using your Personal Authentication Certificate with Mac OS X Mail / Apple Mail

Importing and Using your Personal Authentication Certificate with Outlook 2010 / 2013

rat Comodo One Software Version 1.0 Administrator Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

PCI Security Compliance

Comodo ONE Software Version 1.8

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats

Enterprise Public Key Infrastructure (EPKI) Manager. Version 3.5

Comodo Web Application Firewall Software Version 2.11

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Reporting and Incident Management for Firewalls

Swordfish

How To Protect From The Internet With Mailmarshal Smt And Mailmper For Exchange

Protecting the Infrastructure: Symantec Web Gateway

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Domain Control Validation in Comodo Certificate Manager

How To Protect A Web Application From Attack From A Trusted Environment

Intro to Firewalls. Summary

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

PCI Security Scan Procedures. Version 1.0 December 2004

Load Balancing Security Gateways WHITE PAPER

HomeConvenience.com. Creating Trust Online CASE STUDY. Comodo Identity and Trust Assurance Suite. Content Verification Certificate.

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

A Layperson s Guide To DoS Attacks

Analyzing HTTP/HTTPS Traffic Logs

NSFOCUS Web Application Firewall White Paper

Healthcare Security and HIPAA Compliance with A10

Lab Testing Summary Report

Comodo Web Application Firewall for Plesk Software Version 2.11

PART D NETWORK SERVICES

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Kona Site Defender. Product Description

The Business Case for Security Information Management

On-Premises DDoS Mitigation for the Enterprise

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

24/7 Visibility into Advanced Malware on Networks and Endpoints

Concierge SIEM Reporting Overview

Comodo Certificate Manager Version 5.4

SERENA SOFTWARE Serena Service Manager Security

What Do You Mean My Cloud Data Isn t Secure?

Integrating Web Application Security into the IT Curriculum

Realize That Big Security Data Is Not Big Security Nor Big Intelligence

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Secure Your Mobile Workplace

2013 MONITORAPP Co., Ltd.

Streamlining Web and Security

ICSA Labs Web Application Firewall Certification Testing Report Web Application Firewall - Version 2.1 (Corrected) Radware Inc. AppWall V5.6.4.

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Cyberoam Perspective BFSI Security Guidelines. Overview

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Cloud Security:Threats & Mitgations

Proven LANDesk Solutions

Beyond the Hype: Advanced Persistent Threats

F5 (Security) Web Fraud Detection. Keiron Shepherd Security Systems Engineer

Payment Card Industry (PCI) Data Security Standard

SANS Top 20 Critical Controls for Effective Cyber Defense

Importing and exporting your certificate using Internet Explorer

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

DANCERT RFC2350 Description Date: Dissemination Level:

VALIDATING DDoS THREAT PROTECTION

Effective Methods to Detect Current Security Threats

Tel: Tel: +44 (0) Comodo Group.

Zone Labs Integrity Smarter Enterprise Security

FortiWeb 5.0, Web Application Firewall Course #251

PCI Requirements Coverage Summary Table

Powerful Online Solutions HOSTING. Price List. Surge Media Pty Ltd MAINTENANCE & SUPPORT Price List 1

Imperva s Response to Information Supplement to PCI DSS Requirement Section 6.6

Introduction: 1. Daily 360 Website Scanning for Malware

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Overview. Comodo Certificate Manager

Global Partner Management Notice

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

Transcription:

Free ModSecurity Rules from Comodo Powerful, customizable protection for web applications and websites running ModSecurity on Apache/Linux based web-servers This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided as is, without express or implied warranties of any kind. 2014. Comodo Group Inc. All rights reserved. Comodo Group, Inc. ( Comodo ) and its affiliates cannot be responsible for errors or omissions in typography or photography. All other trademarks and trade names which may be used in this document are properties of their respective owners. Comodo disclaims proprietary interest in the marks and names of others.

Free ModSecurity Rules from Comodo What is ModSecurity? ModSecurity is a popular open source module for Apache web servers to provide a Web Application Firewall (WAF), a layer of security to shield the web server and the applications running on it from harm or compromise. ModSecurity can be implemented as a Firewall or as a proxy web server for a WAF you custom build. ModSecurity monitors and logs HTTP traffic and can potentially control inputs and outputs to and from the web server and applications based on a defined set of rules. What are ModSecurity Rules? While the logging and monitoring features have value, the key to ModSecurity s effectiveness is its rules engine that controls inputs and outputs based on a set of defined rules. It uses a special programming language that is designed to work with HTTP transaction data. The ModSecurity Rule Language makes it possible to create flexible and customizable rules that protect your servers and applications from harm while allowing uninhibited valid traffic. ModSecurity Rule Sets provide protection in the following categories: HTTP Protection: Detecting violations of the HTTP protocol and a locally defined usage policy. Real-time Blacklist Lookups: Utilizes 3rd Party IP Reputation HTTP Denial of Service Protections: Defense against HTTP Flooding and Slow HTTP DoS Attacks. Common Web Attacks Protection: Detecting common web application security attacks. Automation Detection: Detecting bots, crawlers, scanners and other surface malicious activity. Integration with AntiVirus Scanning for File Uploads: Detects malicious files uploaded through the web application. Tracking Sensitive Data: Tracks Credit Card usage and blocks leakages. Trojan Protection: Detecting access to Trojans horses. Identification of Application Defects: Alerts on application misconfigurations. Page 2

Error Detection and Hiding: Disguising error messages sent by the server. ModSecurity rules can be implemented based on various security models. It is up to the user to implement the appropriate rules for the desired model. The following are the most common models: Negative Security Model: Identifies known malicious and harmful requests. Positive Security Model: Only requests that are known to be valid are accepted. All other requests are rejected Extrusion Detection Model: Monitor outbound data to block information the disclosure of confidential data such as social security numbers and financial data. External Patching: ModSecurity rules can address issues with application vulnerabilities identified before a patch can be implemented. Why Comodo ModSecurity Rules? Comodo ModSecurity rules are based on the vast amount of real world experience we have accumulated while protecting our customers online, including securing over 200,000 web sites and 75 million computers worldwide. Our free rule set is updated regularly by our team of security professionals who are fighting a never ending battle to keep pace with a constantly changing threat environment. Comodo Antivirus Labs: The only free ModSecurity rules that come from a company with an internationally renowned antivirus lab. We see threats at every level worldwide and are dedicated to turning that knowledge into security solutions for you. Categorization of Rules: The only free ModSecurity rules that allows categorization of rules. You only run rules you need, rather than waste valuable CPU cycles looking through unnecessary rules. Free technical support. Comodo engineers and security experts are at your disposal 24/7 worldwide. Superior Performance: For the security provided you get the best system performance of any 3rd party rules supplier. Page 3

Performance? Minimal Impact Page 4

Getting Your Free ModSecurity Rules Signup today at: https://modsecurity.comodo.com/ If you have a business inquiry and would like to speak directly with a sales representative about Comodo products and services, please contact us at: Tel: US +U.S. +1-888-256-2608 UK & Europe +44(0)-161-874-7070 International +1-703-637-9361 Email: enterprisesolutions@comodo.com About Comodo Comodo is a leading provider of trust-based, Internet security products for organizations of every size. Comodo s offerings range from SSL certificates and antivirus software to endpoint security, mobile device management, and PCI compliance. Clients utilizing Comodo security products include Morgan Stanley, Comcast, Sears, Time Warner, and Merck among others. Comodo Group Inc. 1255 Broad Street Clifton, NJ 07013 United States +1 (888) 256 2608 Comodo CA Limited 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ, United Kingdom Tel: +44 (0) 161 874 7070 Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information