Skip to main content

Home

 

Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Events

Sal Stolfo

Salvatore J. Stolfo Columbia University
A Brief History of Symbiote DefenseTuesday, October 31st
Rockefeller 003
5:00 PM

 Fright Night Imge

Wanna See Something REALLY Scary?
ISTS Looks at the Dark Web on Halloween Night
Tuesday, October 31st
Sudikoff  045 Trust Lab (dungeon)
7:30 PM - RSVP
Space is Limited 

   

Recent Talks

Dan Wallach

STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System

Professor Dan Wallach
Rice University
Thursday April 27, 2017
Carson L01, 5:00 PM

Ben Miller Dragos

Pandora's Power Grid - What Can State Attacks Do and What Would be the Impact?

Ben Miller
Chief Threat Officer, Dragos, Inc.
Tuesday May 2, 2017
Kemeny 007, 4:30 PM
Brendan Nyhan

 

 

 

Factual Echo Chambers? Fact-checking and Fake News in Election 2016.

Professor Brendan Nyhan
Dartmouth College
Thursday May 4, 2017
Rocky 001, 5:00 PM

Dickie George

 

Espionage and Intelligence

Professor Dickie George
Johns Hopkins University
Thursday May 11, 2017
Rocky 001, 5:00 PM

Dan Wallach

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine

Ukrainian Cybersecurity Researchers
Thursday April 6, 2017
Oopik Auditorium 5:30 PM

ISTS Information Pamphlet


2012BrochureCover

 

Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
info.ists@dartmouth.edu

Jeanne-MRP

Project Summary

Jeanne-MRPThis project involves redesigning the network setup by putting the actual web server behind the firewall and mirroring this server using reverse proxy servers in front of the firewall. Due to the large number of different web servers available, all with a wide range of versions and security updates, it is very easy to become vulnerable to attacks. Also, due to increased complexity configuration of modern day web servers can be confusing, leading to vulnerabilities due to misconfiguration. By placing the web server behind the firewall and denying access to this server, these weaknesses are no longer vulnerable to attack. The actual web server is mirrored using reverse proxy servers that are modified to do a wide range of extra checks on the incoming HTTP requests. If one of those tests fails, the request is denied. The reverse proxy server(s) get the Web Pages through the firewall from the actual web server and cache them locally. This means that multiple servers can be used to mirror just one web server, which greatly improves the access time of the website. Subsequently, only one web server needs to be maintained while being safely behind the firewall.

It has been shown that an additional layer of input scrutiny placed before a web server can make marked improvements in security without prior knowledge of attacker intent or methods. By using an inventory of legitimate web resources as an access control list, the Jeanne Modified Reverse Proxy extensions to the Squid Proxy Server can, without requiring significant changes to the web servers themselves, defend against known and unknown Denial of Service, privilege escalation & information retrieval attacks while significantly reducing the workload of the web servers. As the software has been released under the terms of the GNU General Public License, it is available for use, distribution and further development by the general public without notice or consent.

Installation
Copyright (c) 2001 ISTS Dartmouth College

Permission is hereby granted, free of charge, to everyone obtaining a copy of this software and associated documentation files (the "Software"), to use and modify. Redistribution under conditions specified by ISTS is permitted provided that this copyright and permission notice is maintained, intact, in all copies and supporting documentation.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICLUAR PURPOSE AND NONINFRINGEMENT.

IN NO EVENT SHALL DARTMOUTH COLLEGE OR ITS EMPLOYEES BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OF OR OTHER DEALINGS WITH THE SOFTWARE.

  • Installation script 1: makeconf -- shell script to create a squid.conf file for Jeanne
  • [PDF] [Text]
  • Installation script 2: m_makeurls -- script to generate a customized version of the makeurls script.
  • [PDF] [Text]
  • Installation script 3: makegetlist -- script to generate a customized version of the getlist script.
  • [PDF] [Text]
  • makeinits -- script to install SysV Unix init scripts for squid and jeanne.
  • [PDF] [Text]
  • squid_init -- SysV Unix init script for squid and jeanne.
  • [PDF] [Text]
  • Makefile -- for the redirectors for squid 2.4
  • [Text]