10.5. Layers of DefenseTest your setup with a vulnerability scanner. The best open source tool is nessus (http://www.nessus.org), which includes tests for buffer overflows, bad Apache configurations, buggy CGI scripts, and many other problems. It includes tests from nikto (http://www.cirt.net/code/nikto.l) and libwhisker (http://www.wiretrip.net/rfp/p/doc.asp/i2/d21), which can also be run on their own. When you're ready for production, use multiple levels of protection: Firewall (Chapter 2) Intrusion detection and logging, such as Snort/ACID (Chapter 13) Log monitoring (Chapter 12) |