Please excuse the ignorant ramblings of a complete security noob but can someone please advise the difference between Gotroot ModSecurity Rules and ASL?
I have a vps that has ModSecurity installed but apparently "While Mod_Security is installed it currently does not have any active rules."
If I subscribe to Gotroot ModSecurity Rules and add these rules to my ModSecurity does this provide complete security at the server level? Where does ASL fit in, is this an alternative to ModSecurty? Does it offer better protection?
Thanks in anticipation,
benz1
Gotroot ModSecurity Rules vs ASL
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Gotroot ModSecurity Rules vs ASL
Thanks for the question, a product comparison chart is available at the URL below:
https://www.atomicorp.com/products/prod ... rison.html
As you'll see from that chart, the short answer is that our modsecurity rules are a subset of ASL. Modsecurity, and rules for modsecurity are just a small subset of the things you need to do to secure your system. And modsecurity rules are just one of the many security features in ASL. ASL is a complete server security solution, and can protect from lots of different kinds of attacks. immunize the system from classes of attack, find and fix vulnerabilities in your system, aggregate and analyze your logs for malicious and suspicious activity, correlate events, stop brute force and DOS attacks and so much more.
ASL is a complete server security solution, of which our modsecurity rules are just one small part. So if you want to secure your server, you'll want to use ASL. But dont take my word for it, you can also try ASL for free to see if it meets your security needs:
https://www.atomicorp.com/amember/signu ... aysys=free
https://www.atomicorp.com/products/prod ... rison.html
As you'll see from that chart, the short answer is that our modsecurity rules are a subset of ASL. Modsecurity, and rules for modsecurity are just a small subset of the things you need to do to secure your system. And modsecurity rules are just one of the many security features in ASL. ASL is a complete server security solution, and can protect from lots of different kinds of attacks. immunize the system from classes of attack, find and fix vulnerabilities in your system, aggregate and analyze your logs for malicious and suspicious activity, correlate events, stop brute force and DOS attacks and so much more.
ASL is a complete server security solution, of which our modsecurity rules are just one small part. So if you want to secure your server, you'll want to use ASL. But dont take my word for it, you can also try ASL for free to see if it meets your security needs:
https://www.atomicorp.com/amember/signu ... aysys=free
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Gotroot ModSecurity Rules vs ASL
Thanks Mike, sounds like ASL is the way to go. Will try the trial and se how it goes.
Benz1
Benz1
Re: Gotroot ModSecurity Rules vs ASL
Some more questions if you don't mind:
1. When you say that ASL protects at the application layer does it require anything to be added to the application or is it simply done via WAF rules?
2. Will it protect against vulnerabilities in, for example, old versions of WordPress or insecure plugins?
3. Would it have blocked multiple login attempts in the recent WordPress brute force attack?
4. Will it protect a server if some files are already infected after a previous injection, i.e., missed during a previous cleanup?
5. Does installation/configuration require any downtime? Are the default settings likely to cause some sites to 'break' while settings are tweaked?
6. How does ASL impact performance? I've read elsewhere that it uses a lot of memory and slows php execution. Can you please comment?
Many thanks,
benz1
1. When you say that ASL protects at the application layer does it require anything to be added to the application or is it simply done via WAF rules?
2. Will it protect against vulnerabilities in, for example, old versions of WordPress or insecure plugins?
3. Would it have blocked multiple login attempts in the recent WordPress brute force attack?
4. Will it protect a server if some files are already infected after a previous injection, i.e., missed during a previous cleanup?
5. Does installation/configuration require any downtime? Are the default settings likely to cause some sites to 'break' while settings are tweaked?
6. How does ASL impact performance? I've read elsewhere that it uses a lot of memory and slows php execution. Can you please comment?
Many thanks,
benz1
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Gotroot ModSecurity Rules vs ASL
Thanks for the questions.
Its done at multiple layers, from the kernel, all the way up the presentation layer. ASL immunizes the system against whole classes of attacks, but making it not feasible for them to work, or by literally making them impossible to occur.1. When you say that ASL protects at the application layer does it require anything to be added to the application or is it simply done via WAF rules?
Yes. This is actually why we created ASL many years ago.2. Will it protect against vulnerabilities in, for example, old versions of WordPress or insecure plugins?
Yes. ASL blocks brute force attacks against lots of applications, and not just web applications. But yes, the wordpress brute force attacks are stopped by ASL. And unlike everyone else that started putting out rules after this started to happen a few months ago, we've been protecting against these kinds of attacks for years.3. Would it have blocked multiple login attempts in the recent WordPress brute force attack?
That depends. Like any security product, if the server has been compromised by a rootkit then all bets are off. ASL may be able to protect the system in that case, but theres no way to know for sure. With a root level compromise, your best bet, no matter what products you use, is to reinstall from trusted media.4. Will it protect a server if some files are already infected after a previous injection, i.e., missed during a previous cleanup?
Other than the time to reboot the system into the optional secure kernel, no.5. Does installation/configuration require any downtime?
Default settings, no.Are the default settings likely to cause some sites to 'break' while settings are tweaked?
For most users, they wont see any impact. If your system is slow, then you may.6. How does ASL impact performance?
Neither is true. And it would be impossible for ASL to slow PHP execution, so whomever may have said that has no idea what they are talking about (so I wouldnt listen to anything else they have to say either). As for memory usage, if you enable the malware protection rules in the WAF those can increase the amount of memory apache uses, but they do this to increase performance. (RAM is cheap, time is not)I've read elsewhere that it uses a lot of memory and slows php execution. Can you please comment?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Gotroot ModSecurity Rules vs ASL
Thanks Michael, I'm convinced. Installing and setting up ASL will be my project for next week
benz1
benz1