4

I am new to Security field and still learning how all the attacks works.

for my testing, I have implemented Apache 2.0 on a Cent OS virtual machine. I have created another machine using FreeBSD, where I have installed honeyd to create honeypots.

I have created another machine which supposedly is an attacker, where I have installed nmap to perform network scan, nessus and hping, while my apache webserver has nothing installed except Apache itself.

I am performing network scans in my network using nmap, and also performing tcp scans using hping , and DoS using hping. But without using any security on my Apache webserver machine, how would I know if my machine is vulnerable to any attack so i can install appropriate software ?

I searched on the internet and one website says to install mod_security, but I don't know why I should install it since I don't understand what attacks raw Apache server is vulnerable to.

Riley Willow
  • 1,139
  • 9
  • 11

1 Answers1

3

The goal of a web server is to provide a platform for applications to be made available. The attacks are usually directed towards applications and not the web server itself.

There have been numerous cases where the server was vulnerable and the fix to that it to apply patches to keep it up-to-date.

The really interesting part is to understand how applications hosted by said sever are attacked. One of the best ways is to install (in an otherwise secure environment) vulnerable applications and try to break them. You can find a good implementation for several vulnerabilities in WebGoat, part of OWASP. OWASP itself is very much worth going through.

You can then look further on how to protect these applications with mod_security, a system which sits in front of your application and hopefully stops known attacks. This is called a WAF (Web Application Firewall).

The next step are honeypots, these are systems which are designed to respond to attacks (not block them) so that you can alanyze what activities have been done on a given service. You have honeypots for various services, not only HTTP(S) based ones.

So in your case just having a generic Apache server will not help you much in understanding security.

  • First install WebGoat to understand how to attack applications (and protect from them),
  • then mod_security to see how a WAF can (or cannot) protect you
  • and finally a honeypot on selected services to check how you could study a live attack (this is not an easy task without a comprehensive knowledge of the service).
WoJ
  • 9,038
  • 3
  • 34
  • 55