Locking Down Apache

Presented at DEF CON 12 (2004), July 31, 2004, 8 p.m. (50 minutes).

Apache is the most popular webserver in use by most counts. While it doesn't have IIS's reputation as a worm target, it has still shown itself to be nowhere near invulnerable. Many Apache vulnerabilities can be countered proactively with hardening techniques—this talk will show you how to harden Apache to defeat exploits and worms that haven't yet been developed, or at least released.


Presenters:

  • Jay Beale
    Jay Beale is a security specialist focused on host lockdown and security audits. He is the Lead Developer of the Bastille project, which creates a hardening script for Linux, HP-UX, FreeBSD and Mac OS X, a member of the Honeynet Project, and the Linux technical lead in the Center for Internet Security, where he wrote the Unix host auditing tool in wide use today. Jay is a columnist with Information Security Magazine and has written for SecurityFocus, SecurityPortal and Incidents.org. Jay co-authored the Syngress international best-selling book on Snort, the new Stealing the Network: How to Own a Continent fictional book and serves as the series editor of the Syngress Open Source Security series, where he, HD Moore and Renaud Deraison have just finished edits on a new book on Nessus. Jay makes his living as a security consultant through the MD-based firm Intelguardians, LLC.

Similar Presentations: