Find us on
 |
 |
 |
Upcoming Events
 |
Mobile Measurement of Behavioral and Social Health at Population Scale |
Past Programs
 |
Cyber War, Cyber Peace, Stones, and Glass Houses |
 |
Real-Time Crowd Support for People with Disabilities |
 |
Cyber Operations and National Security |
 |
CISO vs. Adversary |
This project involves redesigning the network setup by putting the actual web server behind the firewall and mirroring this server using reverse proxy servers in front of the firewall. Due to the large number of different web servers available, all with a wide range of versions and security updates, it is very easy to become vulnerable to attacks. Also, due to increased complexity configuration of modern day web servers can be confusing, leading to vulnerabilities due to misconfiguration. By placing the web server behind the firewall and denying access to this server, these weaknesses are no longer vulnerable to attack. The actual web server is mirrored using reverse proxy servers that are modified to do a wide range of extra checks on the incoming HTTP requests. If one of those tests fails, the request is denied. The reverse proxy server(s) get the Web Pages through the firewall from the actual web server and cache them locally. This means that multiple servers can be used to mirror just one web server, which greatly improves the access time of the website. Subsequently, only one web server needs to be maintained while being safely behind the firewall.
It has been shown that an additional layer of input scrutiny placed before a web server can make marked improvements in security without prior knowledge of attacker intent or methods. By using an inventory of legitimate web resources as an access control list, the Jeanne Modified Reverse Proxy extensions to the Squid Proxy Server can, without requiring significant changes to the web servers themselves, defend against known and unknown Denial of Service, privilege escalation & information retrieval attacks while significantly reducing the workload of the web servers. As the software has been released under the terms of the GNU General Public License, it is available for use, distribution and further development by the general public without notice or consent.
Permission is hereby granted, free of charge, to everyone obtaining a copy of this software and associated documentation files (the "Software"), to use and modify. Redistribution under conditions specified by ISTS is permitted provided that this copyright and permission notice is maintained, intact, in all copies and supporting documentation.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICLUAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL DARTMOUTH COLLEGE OR ITS EMPLOYEES BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OF OR OTHER DEALINGS WITH THE SOFTWARE.
