Apache Security

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X]

safe mode, PHP

Sam Spade information-gathering tool SAPI input hooks

Satisfy ScriptAlias directive

     enabling script execution scripting, XSS security flaw

     attack warning patterns

     consequences     detecting attacks

     resources for search engines SEC (Simple Event Correlator)

SecFilterForceByteRange directive

SecFilterInheritance directive

SecFilterScanPOST directive

SecFilterSelective directive secret-key encryption

SecUploadInMemoryLimit directive

Secure FTP (SFTP) Secure Hash Algorithm 1 (SHA-1)

Secure Sockets Layer [See SSL]security

     Apache backdoors

     authentication, flawed, real-life example of     CIA triad

     common phases example

    cryptography [See cryptography]

     defensible networks (Bejtlich)

     file descriptor leakage vulnerability 2nd

     hardening, system-hardening matrix

     HTTP communication security

     hybrid model

     models, negative versus positive

    PHP

         interpreter issues

         module, making secure

         resources

         safe mode 2nd         sessions    principles

         essential

         goals for     process steps

     protection reverse proxies

    risk

         calculating

         factors

         isolating in a network

         multiple levels of         public service as root

     scanners         Nessus

         Nikto     shared server resources

     symbolic links

     term definitions     threat modeling

         methodology         mitigation practices         resources

         typical attacks

     vocabulary, common

segmentation fault

server header field, changing server-side includes (SSIs)

ServerLimit directive

servers     changing identity

         default content, removing         server header field

     clusters

         fault-tolerant with Wackamole         management node

         node failure

         reverse proxy

     crashing, log request causing

     Digest authentication of

    firewalls [See firewalls]

     high availability

     host security

         advanced hardening

         information and event monitoring

         minimal services

         network access

         SFTP

         updating software         user access     HTTP Keep-Alive

    load balancing

         DNSRR         manual

     netstat port-listing tool

     performance reverse proxy

     proxy, access control

     software updating

     symbolic links

     synchronizing clocks on (ntpdate utility)     tuning steps (Lim)

     user accounts, setting up ServerSignature directive

ServerTokens directive SetEnvIf directive

SetHandler directive

SFTP (Secure FTP) SHA-1 secure hash algorithm

SHA-256 secure hash algorithm SHA-384 secure hash algorithm SHA-512 secure hash algorithm

sharing servers

     configuration data, distributing

         .htaccess

         configuration errors     dynamic requests, securing

         CGI limits, setting

         FastCGI         handlers, types, and filters, assigning

         PHP as module         script execution

         ScriptAlias directive

         SSIs        suEXEC [See suEXEC execution wrapper]

     problems

         domain names, sharing

         dynamic-content

         file permissions

         information leaks

         resources, sharing

         untrusted parties

     users, large number of

         dangerous binaries

         web shells

Simple Event Correlator (SEC)

Simple Network Management Protocol (SNMP)

simplicity security principlesingle sign-on [See SSO] SiteDigger information-gathering tool

Slapper Worm

Slashdot effect SNMP (Simple Network Management Protocol)

Spread Toolkit (distributed logging)

SQL injection attacks

     database feature problems

     detecting attacks

     example

     query statements     resources for

     UNION construct SSIs (server-side includes)

SSL (Secure Sockets Layer) 2nd     Apache, and

         broken SSL clients

         certificates, signing         configuring

         directives         keys, generating         mod_ssl, installing

         non-SSL content

         reliable startup

         server private key

         session issues     CA, setting up

         distribution, preparing for

         issuing client certificates         issuing server certificates

         keys, generating         process

         revoking certificates

         using client certificates     certificate chain

     communication summary

    OpenSSL [See OpenSSL]

     performance

         HTTP Keep-Alive

         OpenSSL benchmark script

     port, connection

     security of

         MITM attacks

         nontechnical issues

     testing

SSLDigger information-gathering tool

SSLDump protocol analyzer

SSLRequireSSL directive SSLVerifyClient require directive SSLVerifyDepth 1 directive

SSO (single sign-on)

     Apache     web-only

StartServers directive

strace system call tracer

Stunnel network-level tool

suEXEC execution wrapper

     CGI script limits, setting

     error messages     hybrid security model

     mass virtual hosting     outside virtual hosts

suid modules, third-party Swatch monitoring program

symbolic links

symmetric (private-key) encryption 2nd synchronizing clocks on servers (ntpdate utility)

system-hardening matrix