ApacheCon US 2008 Session

Hardening Enterprise Apache Installations Against Attacks

Enterprise installations of Apache are particularly attractive targets for malicious attacks including Denial of Service, defacement, theft of data or service and installation of zombies or viruses. Hardening your deployment against such attacks calls for some special techniques and tactics. Come to this session to learn about attack detection techniques, server protection, secure deployment of multiple servers, configuration of firewall “demilitarized zones” and judicious use of SSL encryption. How do you deploy an off-the-shelf application that insists on writing to the file system? And what steps do you take to securely deploy Apache on Windows or UNIX? This presentation will explore solutions to these very real situations.