Secure Network Design With ModSecurity Rules And Threat Mitigation

Network Design

In the modern internet, all the business is going toward the smart business. For achieving that company uses the internet services. In this assignment a company they are market leaders in textile business. They have very famous brand name “WEAR IT ON”. They also are plans to implement the web server on the company for improving their business. They already have the Apache-2.0 with Linux based server operating system. They appoint the trainee for manage the network administration purpose. But the trainee doesn’t have the great understanding of the project. During the general inspection they found that there was a flaw in the network systems. Someone tried to perform the TCP scan on the server for attack the network system. This problem was occurred when the server was connected with internet. The report contains the details about the process involved in the network system implementation in this company. Here the main objective was to find out the different kind of flaws in the network systems .The required anti attack actions are also discussed in the report. 

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

During the development of the web based servers by the company the main problem was it can be accessed by the attacker. So it may be misused by the attackers. So the network design that must provide the security for the server that acts as the companies’ web server. On the network there are many antivirus servers are available. They are used to provide the security for the servers. The routers installed in the company were acts as the default gate way for the internet. Here the entry as well as exit point was called as the gate way. So all the data come into server and also send to other devices by the server uses the gateway. 

So we need to improve the security by providing the firewalls to servers. Here the server was placed between the two firewalls. They are known as internal firewall as well as external firewall. They give protection against internal attacks as well as external attacks. This process was known as the Demilitarized zone. Also the proxy servers are implemented to control the public access. These are the security measures they are planned for implement in the company network system. 

  1. Modsecurity
    Its name describes about the function of this firewall. This is the commonly used web based firewall application by the development of the security in the servers. It has the open source access which means any one can make the changes in the software based on their purpose of use. When it’s starting period they are mostly used to with HTTP service for providing the security to the data. But it was implemented as the full security purpose. There are some other tools are also used for the same purpose. And they are NGINX & IIS. But this software has the capability to handle the large no of groups because it was open source access. For that tool there are huge no of rules as well as policies are made. And also they are verified. They are known as “Sec Rules”. This software used in the web server as the additional application. For some requirements they act similar to the proxy servers. Here we would see about the various actions which are performed by this application was listed below. And they are,
  • Monitor the security of the server
    • Provides access control to the users
    • to log into the HTTP services
    • Perform the security checking periodically
    • Acts as the both Active security assessment as well as passive security assessment
    • to do security auditing works
    • Limit the memory consumed during the data downloading as well as uploading
    • Create the server identification mask

It is easy to prevent the code. Mod security of the response in the access of the body it is simply adding the rules for opening the tag of PHP. 

The Perl and JSP code has prevent the work in a common manner.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Directory traversal attacks are normal web servers that are access any data but in root directory of the web server and configured to avoiding the attempts of web server. The many web servers are difficult to attack, the user are accept the web application but they are not properly checked, but partially user can use the file and cannot view the file in the directory traversal attacks. Modsecurity against the sort of attacks Vulnerability are against of the protections by a defense in depth principle.

Cross site scripting is the major part to prevent attack of the XSS that data are given to all and web page has the complete output. That is changing the unprotected character like brackets related with HTML entity versions. Mod security has directive Sec Pdf Protect to describe. These directives has configure with by mod security of XSS. 

Mod Security against SQL injection

The XSS protection has configured and uses the Secret String to produce the tokens for one time. The secpdfprotectTokenName are used in the token arguments to change.

6.1 Fire starter utilization

An nmap scan tool is used to scan the networks and also some actions are performed. Using nmap tools the open ports and services in the devices are scanned. The tool attackers get the permission from nmap, to access the ports

Fire starter is known as one of the firewall in the system and it is used to obtain the nmap scan tool and reports. All the traffics in the network are blacklisted by this firewall. The traffics are in two types one is incoming traffic and another one is outing traffic. 

Firewall events after nmap scan from the attacker 

Inside attacker

GUI attack

In Cent operating system using the graphical user interface attacker can get the permission to access data stored in the server

Mitigation

This problem was resolved by editing the inittab files and then changes the parameter to the

id 3: initdefault 

Two various branches are used in same industry. Inside the industry no of users are available. These users are located in between two various branches. The other branches are also affected by the attackers. The attackers have an ability to attack other branches also. Different types of protocols are used. Secure shell protocol, and file transfer protocol is the type of protocol.   

Mitigation

        In mitigation the following commands are used to edit the performance of the system.

  • allow
  • deny 

Nessus report is used to contain the details about the protocols. We are using different types of TCP and UDP ports in this report. In web server, the servers are scanned by nmap tools.  Nessus are used in web server. Using nmap tools the details are identified. So the user can able to get the information easily: (Prayogo, Kushartantya and Wibawa, 2012). 

Mitigation- IP tables

The IP table administrator is used to control the data received from unknown parts. In IP table provide some rules and regulations.  Suppose we want to accept or reject the data packets follow the rules. 

SSH stands for secure shell systems. In this system the attackers are freely access the system using root credentials from externally. 

Sometimes the root permissions are disable, then the SSH services are not perform well. And also the creation of secondary user faces some problems. The only way to avoid the problems access the SSH services. The sshd_config files are modified by using the commands. We need to restart the system before the modified parameters are used   

The additional users are needed, ‘permitrootlogin no’ command is used. 

These kinds of problems are generated by using Linux based server. So for that we have to upgrade the latest version. 

Mitigation

This is the process of changing the total sshd_config and protocols and then the system need to be restart for activate the new versions.  

TCP SYN FLOODS

The TCP connection is accepted or rejected the only responsible is TCP hand shake. So using TCP hand shake the TCP connection will be accepted or rejected. The attackers use the SYN floods for spoof the IP address. In the SYN packet header, the IP address is spoofed by SYN floods. SYN/ACK packets are sending by the server. The process was continuing until all the files are executed successfully. Finally the files are completely executed then send the backlog line.

Mod Security against Cross Site Scripting

If the connections are established, it means the actions are performed correctly. Next we can consider the mitigation process. The process of mitigation done by TCP SYN FLOOD PROTECTION. 

The TCP scanning operations are done by NMAP tools. Attacker use the NMAP tool for performs the identification of TCP scanning. The NMAP tools have ability to check the server is portable or not. Using this tool we can easily identify the vulnerability for the attack.

Mitigation is a tool to perform the identification operation of TCP sacking. The TCP scanning is attempted by the attackers. Using mitigation we can easily find out all the exposed part of the server.

The above fig shows the message can be found in/var/log/message file.

Honeyd is a tool. Its acts like a limitation of the Linux server. These tools are used to create the snare. So in the system the unexpected actions are performed. And also identify the actions in the system. Virtualization tool must use this kind of tools, honeyd tool support the virtualization technique. So the real serves are implemented it need some more additional security.

The attackers are affecting the centos server. So we need to protect the centos from the attackers. The attackers create the duplicate IP address. Duplicate IP address is created by IP spoofing method. Following section contain the protection of mitigation – IP spoofing. 

Mitigation – IP spoofing protection 

The following table explains the security devices

Firewall Policies

IDS Policies

Apache Web Server Summary

Conclusion

The security threats of the Cent operating systems were identified at the end of this study. And also it is used to secure the network from the attackers. All the information’s are included in the report clearly.

References

Agrawal, A. and Khan, R. (2009). Measuring the vulnerability of an object-oriented design. Network Security, 2009(10), pp.13-17.

Agrawal, S. and Gupta, R. (2014). Development and Comparison of Open Source based Web GIS Frameworks on WAMP and Apache Tomcat Web Servers. ISPRS – International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences, XL-4, pp.1-5.

Byrne, P. (2006). Application firewalls in a defence-in-depth design. Network Security, 2006(9), pp.9-11.

Dalai, A. and Jena, S. (2017). Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications. Security and Communication Networks, 2017, pp.1-12.

Guidelines for Securing Apache Web Servers. (2002). Network Security, 2002(12), pp.8-14.

Iyer, R. (2004). Characterization and Evaluation of Cache Hierarchies for Web Servers. World Wide Web, 7(3), pp.259-280.

Jang, Y. and Choi, J. (2014). Detecting SQL injection attacks using query result size. Computers & Security, 44, pp.104-118.

Kar, D., Panigrahi, S. and Sundararajan, S. (2016). SQLiDDS: SQL injection detection using document similarity measure. Journal of Computer Security, 24(4), pp.507-539.

LIANG, S. and KAN, H. (2013). Practically Feasible Design for Convolutional Network Code. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E96.A(9), pp.1895-1900.

Mahrouqi, A., Tobin, P., Abdalla, S. and Kechadi, T. (2016). Simulating SQL-Injection Cyber-Attacks Using GNS3. International Journal of Computer Theory and Engineering, 8(3), pp.213-217.

Masri, W. and Sleiman, S. (2015). SQLPIL: SQL injection prevention by input labeling. Security and Communication Networks, 8(15), pp.2545-2560.

Morgan, D. (2006). Web application security – SQL injection attacks. Network Security, 2006(4), pp.4-5.

Nikolaidis, I. (2004). Network Systems Design Using Network Processors [Book Review]. IEEE Network, 18(3), pp.5-5.

Secure VPN Design Considerations. (2003). Network Security, 2003(5), pp.5-10.

Ullrich, J. and Lam, J. (2008). Defacing websites via SQL injection. Network Security, 2008(1), pp.9-10.

Hein, D., Morozov, S. and Saiedian, H. (2011). A survey of client-side Web threats and counter-threat measures. Security and Communication Networks, 5(5), pp.535-544.

Kothari, B. and Claypool, M. (2001). Dynamic Web pages: performance impact on Web servers. Internet Research, 11(1), pp.18-25.

Schultz, E. (2003). Attackers hit Web hosting servers. Computers & Security, 22(4), pp.273-283.