Challenges of Web Intrusion Detection

Challenges of Web Intrusion Detection.ppt

Ivan Ristic is a web security specialist and author of mod_security (http://www.modsecurity.org), the open source web intrusion detection engine for Apache. He is a member of the OASIS Web Application Security Technical Committee, where he works on the standard for web application protection. At the moment he is writing "Apache Security" for O'Reilly, which will be published in early 2005. ---

--- Challenges of Web Intrusion Detection Intrusion detection is a well-known network security technique--it introduces monitoring and correlation devices to the network, and enables administrators to monitor events and prevent attacks in real-time. However, systems which work on the network level often fail when it comes to web applications. A new approach must be adopted to give web applications the acceptable level of security. This session will start by discussing how network intrusion systems can be used to protect the HTTP layer, pointing out their strengths and weaknesses. It will then introduce the concept of web application firewall, and explain the differences between the two approaches. A significant amount of session time will be dedicated to practical issues of deploying an Apache-based web application firewall solution, designed around Apache 2 working as a reverse proxy, with the addition of mod_security, the intrusion detection module. Deployment options, adding a web application firewall into the network design or embedding it into each Apache instance, will be considered. Commercial web application firewalls cost a large amount of money, but anyone can deploy an effective system based on the open source tools.