Jaime Frutos Morales's blog

16/01/2010

Book review: ModSecurity 2.5 by Magnus Mischel

Filed under: Books, Security, SysAdmin — acidborg @ 14:41

ModSecurity 2.5 by Magnus Mischel

As a GNU/Linux systems administrator, I manage Apache servers and their configurations on a daily basis, so being capable of getting the best from them is essential on my daily work. That’s why any additional knowledge on the subject helps to make my work easier and more efficient. That is where ModSecurity 2.5 by Magnus Mischel comes to scene. Although I have already installed and configured mod_security on several Apache servers, I have learned a lot from this book and I strongly recommend to read it if you are a web server admin or you are interested in web-based attacks and how to protect your servers from them.

ModSecurity 2.5 by Magnus Mischel introduces one of the most powerful Apache’s modules: mod_security. It is a web application firewall designed as an Apache module. It provides protection from a lot of web-based attacks and it monitors and logs your HTTP traffic. This book explains how to secure your Apache installation and web applications using mod_security. It is targeted to web servers admins, mainly in GNU/Linux environments, with some experience with SQL. Although programming knowledge is not required, knowing shell scripting, Perl and/or PHP will make following the book easier. Web security knowledge is not required as all security concepts and attacks are in-depth explained through the book. No prior regular expressions knowledge is required as they are widely explained on many chapters and there is an appendix dedicated to them.

Before reading this book, I was thinking “A book on such a specialized topic must be hard to follow and understand”. How wrong I was. In fact, it is one of the best written technical books I have ever read. The author explains each topic step-by-step but in-depth, so you can learn new things easily through all the book both by the explanations and the real-life examples it shows. After reading it, you will be able to create your own customized mod_security rules, understand a lot of web-based attacks, know how to protect from them using mod_security and, last but not least, improve your regular expressions skills.

My favourite part of the book is Chapter 6 (“Blocking common attacks”) because it introduces many web-based attacks, how to prevent them and how to protect your servers from them in just a few minutes with real-life examples and screenshots. Chapter 2 (“Writing rules”) is very nice and well explained too, but I prefer real examples over theory (you can’t blame me, I’m a Sysadmin). On the other hand, The only chapter I don’t like as much as the others is the last one (“Protecting a web application”) because it picks up a web application (YaBB) and explains in-depth how to generate the proper rules to protect it. I understand that this has to be read as a real world example, but I think it’s very focused on the application and it’s hard to follow this example if you have never used YaBB before.

In conclusion, I think this is a “must-have” book if you usually deal with web servers. I enjoyed reading it a lot and I have learned many things that mod_security can do that I wasn’t aware of. I strongly recommend it to all web servers admins out there. You can download a sample chapter (Chapter 3 – Performance) here. Check the book’s table of contents to find out what the rest of the chapters are about.

You can also buy the book from Packt Publishing if you want.

NOTE: I was contacted by Packt Publishing to review this book and they send me a free copy to do it. I would like to thank them for giving me this opportunity.

Advertisements

Blog at WordPress.com.

%d bloggers like this: