Atomicorp

Please excuse the ignorant ramblings of a complete security noob but can someone please advise the difference between Gotroot ModSecurity Rules and ASL?

I have a vps that has ModSecurity installed but apparently "While Mod_Security is installed it currently does not have any active rules."

If I subscribe to Gotroot ModSecurity Rules and add these rules to my ModSecurity does this provide complete security at the server level? Where does ASL fit in, is this an alternative to ModSecurty? Does it offer better protection?

Thanks in anticipation,
benz1

Thanks for the question, a product comparison chart is available at the URL below:

https://www.atomicorp.com/products/prod ... rison.html

As you'll see from that chart, the short answer is that our modsecurity rules are a subset of ASL. Modsecurity, and rules for modsecurity are just a small subset of the things you need to do to secure your system. And modsecurity rules are just one of the many security features in ASL. ASL is a complete server security solution, and can protect from lots of different kinds of attacks. immunize the system from classes of attack, find and fix vulnerabilities in your system, aggregate and analyze your logs for malicious and suspicious activity, correlate events, stop brute force and DOS attacks and so much more.

ASL is a complete server security solution, of which our modsecurity rules are just one small part. So if you want to secure your server, you'll want to use ASL. But dont take my word for it, you can also try ASL for free to see if it meets your security needs:

https://www.atomicorp.com/amember/signu ... aysys=free

Thanks Mike, sounds like ASL is the way to go. Will try the trial and se how it goes.

Benz1

Some more questions if you don't mind:

1. When you say that ASL protects at the application layer does it require anything to be added to the application or is it simply done via WAF rules?

2. Will it protect against vulnerabilities in, for example, old versions of WordPress or insecure plugins?

3. Would it have blocked multiple login attempts in the recent WordPress brute force attack?

4. Will it protect a server if some files are already infected after a previous injection, i.e., missed during a previous cleanup?

5. Does installation/configuration require any downtime? Are the default settings likely to cause some sites to 'break' while settings are tweaked?

6. How does ASL impact performance? I've read elsewhere that it uses a lot of memory and slows php execution. Can you please comment?

Many thanks,
benz1

Thanks for the questions.

1. When you say that ASL protects at the application layer does it require anything to be added to the application or is it simply done via WAF rules?

Its done at multiple layers, from the kernel, all the way up the presentation layer. ASL immunizes the system against whole classes of attacks, but making it not feasible for them to work, or by literally making them impossible to occur.

2. Will it protect against vulnerabilities in, for example, old versions of WordPress or insecure plugins?

Yes. This is actually why we created ASL many years ago.

3. Would it have blocked multiple login attempts in the recent WordPress brute force attack?

Yes. ASL blocks brute force attacks against lots of applications, and not just web applications. But yes, the wordpress brute force attacks are stopped by ASL. And unlike everyone else that started putting out rules after this started to happen a few months ago, we've been protecting against these kinds of attacks for years.

4. Will it protect a server if some files are already infected after a previous injection, i.e., missed during a previous cleanup?

That depends. Like any security product, if the server has been compromised by a rootkit then all bets are off. ASL may be able to protect the system in that case, but theres no way to know for sure. With a root level compromise, your best bet, no matter what products you use, is to reinstall from trusted media.

5. Does installation/configuration require any downtime?

Other than the time to reboot the system into the optional secure kernel, no.

Are the default settings likely to cause some sites to 'break' while settings are tweaked?

Default settings, no.

6. How does ASL impact performance?

For most users, they wont see any impact. If your system is slow, then you may.

I've read elsewhere that it uses a lot of memory and slows php execution. Can you please comment?

Neither is true. And it would be impossible for ASL to slow PHP execution, so whomever may have said that has no idea what they are talking about (so I wouldnt listen to anything else they have to say either). As for memory usage, if you enable the malware protection rules in the WAF those can increase the amount of memory apache uses, but they do this to increase performance. (RAM is cheap, time is not)

Thanks Michael, I'm convinced. Installing and setting up ASL will be my project for next week

benz1