A network is simply a way for machines/computers to communicate. At the physical level, it consists of all the machines you want to connect and the devices you use to connect them. Individual machines are connected either with a physical connection (a category 5 cable going into a network interface card, or NIC) or wirelessly. To connect multiple machines, each machine must connect to a hub or switch, and then those hubs/switches must connect. In larger networks, each subnetwork is connected to the others by a router. 1.1.1 Basic Network Structure Some connection point(s) must exist between your network and the outside world. A barrier is set up between that network and the Internet, usually in the form of a firewall. The real essence of networks is communication allowing one machine to communicate with another. However, every path of communication is also a possibility of an attack. The first step in understanding how to defend a network is having a detailed understanding of how comp
ModSec is an open-source web application firewall which was designed for the apache server initially but now can be used for other different servers as well.ModSecurity is also known as ModSec and can filter HTTP requests and responses based on defined filtering rules. We will use the OWASP ModSecurity CORE RULE SET (CRS) here. We can also define our custom rules but that is a different topic. Here is an illustration of how to configure a ModSec firewall using apache2. I have just created a simple PHP page that will be used to verify credentials. Put this page in /var/www/html/login.php Here is the page login.php: <html> <body> <?php if(isset($_POST[‘login’])) { $username = $_POST[‘username’]; $password = $_POST[‘password’]; $connection = mysqli_connect(‘localhost’,’root’,’test’,’testdb’); $result = mysqli_query($connection, “SELECT * FROM `users` WHERE username=’$username’ AND password=’$password’”); if(mysqli_num_rows($result) == 0) echo ‘Wrong Credentia