Re: Looking for help against Chinese Hacking Team

["Adriel T. Desautels" <ad_lists () netragard com>]

Actually, I'm a huge fan of mod_security + reverse apache proxy. I've  
used it in many cases and when configured right its awesome!

On Dec 13, 2008, at 11:35 AM, Jamie Riden wrote:

> 2008/12/13 harveyfrank <joet () ticadvisors com>:
> > We've been battling the Chinese for several months now and have  
> > gone through
> > several waves of US  security experts who have failed to stop them.  
> > In their
> > defense, we are not on an unlimited budget and they've gotten us to  
> > a point
> > where it looks as though somewhere among the site's 400 scripts is  
> > a SQL
> > injection vulnerability.
> >
> > Automated testing by a few pen test products seems to think we're  
> > fine. We
> > definitely are not.
> >
> > Is it possible to hire a CEH to find the Chinese-discovered  
> > vulnerability
> > for a few hundred dollars? (We aren't just being cheap, we've blown  
> > our wad
> > on security that hasn't worked.) Would someone with intimate  
> > knowledge of
> > the latest wave of Chinese attacks be required for this job?  
> > Besides our
> > first rate security team that's just been beat, I've tried the $200  
> > pen test
> > folks and they have all failed. Microsoft security help has also  
> > failed.
> >
> > Advice (Besides porting to Linux)? Help?
>
> Quickest way I know would be to set up an apache reverse proxy using
> mod_security - that would have blocked all of the SQL injection
> attacks I've seen, and the ones I've seen described. I'm sure there is
> a Microsoft way to do the same thing, but I'm more of a Linux guy. The
> HTTP requests would all come to the Linux box, which would sanitise
> them and pass the safe ones on to IIS.
>
> If you've got the hardware lying around, this should only take about a
> day or so setup, depending on how much experience you have with Linux.
>
> Someone's suggesting doing it all on your IIS server by changing the
> IIS port and running apache/mod_security on that, if you prefer:
> https://www.gotroot.com/tiki-view_forum_thread.php?comments_parentId=259&topics_offset=6&topics_sort_mode=lastPost_asc&forumId=35
>
> cheers,
> Jamie
> --
> Jamie Riden / jamesr () europe com / jamie () honeynet org uk
> UK Honeynet Project: http://www.ukhoneynet.org/
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Security Trends Report from Cenzic
> Stay Ahead of the Hacker Curve!
> Get the latest Q2 2008 Trends Report now
>
> www.cenzic.com/landing/trends-report
> ------------------------------------------------------------------------

Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------