Table of contents

Web Server Security

Objective

Out-of-Scope Security Issues

Slide 4

On the Agenda

Disclaimer

Two Types of Access Control

Three Things to Consider

Secure in Combination

Mandatory vs Discretionary Access Control

Authentication –vs- Authorization

Apache Access Control

Authentication Modules for Apache

Time-Out

Granting Access to Web Site Resources (using mod_auth)

Blocking Access to Web Site Resources

Realms

Three Phases of Apache Security Processing

Two ways to transmit credentials.

Basic Authentication

Digest Authentication

/etc/passwd as the crendentials database

.htaccess files

Included files in the httpd.conf file

Included Directories

Included Directories (cont.)

/etc/rc.d/init.d/mypresendation stop

Author: Joe Terrell