Skip to main content

Home

 

Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Talks

 Samantha Ravich

 

 

Samantha Ravich

Deputy Chair of the President's Intelligence Advisory Board

Thursday, September 27, 2018
4:30pm-6:00pm
Haldeman 41 (Kreindler Conference Hall)

Past Talks

William Regli, Ph.D

William Regli, Ph.D.
Director of the Institute for Systems Research at the Clark School of Engineering, 
Professor of Computer Science at the 
University of Maryland at College Park
A New Type of Thinking
Friday, June 22, 2018
Life Sciences Center 105
11:00 AM

Tata Consulting Logo

Dr. Gautam Shroff
Vice President, Chief Scientist, and Head of Research at Tata Consultancy Services 
Enterprise AI for Business 4.0: from Automation to Amplification
Thursday, June 07, 2018
Haldeman 041 Kreindler Conference Room
3:30 PM

John Dickerson UMD

John P Dickerson
Assistant Professor, Department of Computer Science, University of Maryland
Using Optimization to Balance Fairness and Efficiency in Kidney Exchange
Monday,  May 21st
Kemeny Hall 008
3:30 PM

Senator Jeanne Shaheen

Jeanne Shaheen
U.S. Senator from New Hampshire
Russian Interference in American Politics and Cyber Threats to Our Democracy
Tuesday, February 20, 2018
Alumni Hall (Hopkins Center)
11:00 AM

Lisa Monaco

Lisa Monaco
Former Homeland Security Advisor to President Obama
In Conversation: Lisa Monaco, Fmr Homeland Security Advisor to President Obama
Tuesday, February 13, 2018
Filene Auditorium (Moore Building)
5:00 PM
Sponsored by The Dickey Center for International Understanding

John Stewart EPRI

John Stewart
Sr. Technical Leader, Cyber Security, EPRI
Securing Grid Control Systems
Friday, January 12, 2018
Sudikoff L045 Trust Lab
12:00 Noon

M. Todd Henderson

M. Todd Henderson
Professor of Law, University of Chicago
Hacking Trust: How the Social Technology of Cooperation Will Revolutionize Government
Thursday, January 11, 2018
5:00pm-6:30pm 
Room 003, Rockefeller Center
Sponsored by: Rockefeller Center

Dr. Liz Bowman

Dr. Elizabeth Bowman
U.S. Army Research Laboratory
Artificial Intelligence, Machine Learning and Information: Army Social Computing Research
Tuesday, December 5th
Haldeman 041 Kreindler Conference Room
4:00 PM

Dr. Fabio Pierazzi

Dr. Fabio Pierazzi
Royal Holloway University of London
Network Security Analytics for Detection of Advanced Cyberattacks
Tuesday, November 28th
Sudikoff Trust Lab (L045)
12:30 PM

V.S. Subrahmanian

V.S. Subrahmanian
Dartmouth Distinguished Professor in Cybersecurity, Technology, and Society
Bots, Socks, and Vandals
Tuesday, November 14th
Carson L01
5:00 PM 

Rand Beers

Rand Beers ('64)
Big Data, the Internet, and Social Media:  The Road to the November 2016 Election
Wednesday, November 8th
Haldeman 41 (Kreindler Conference Hall)
4:30 PM 

Fright Night Imge

Wanna See Something REALLY Scary?
ISTS Looks at the Dark Web on Halloween Night
Tuesday, October 31st
S
udikoff  045 Trust Lab (dungeon)
7:30 PM - RSVP
Space is Limited 

Sal Stolfo

Salvatore J. Stolfo 
Columbia University
A Brief History of Symbiote Defense
Tuesday, October 31st
Rockefeller 003
5:00 PM

ISTS Information Pamphlet


2012BrochureCover

 

Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
info.ists@dartmouth.edu

Jeanne-MRP

Project Summary

Jeanne-MRPThis project involves redesigning the network setup by putting the actual web server behind the firewall and mirroring this server using reverse proxy servers in front of the firewall. Due to the large number of different web servers available, all with a wide range of versions and security updates, it is very easy to become vulnerable to attacks. Also, due to increased complexity configuration of modern day web servers can be confusing, leading to vulnerabilities due to misconfiguration. By placing the web server behind the firewall and denying access to this server, these weaknesses are no longer vulnerable to attack. The actual web server is mirrored using reverse proxy servers that are modified to do a wide range of extra checks on the incoming HTTP requests. If one of those tests fails, the request is denied. The reverse proxy server(s) get the Web Pages through the firewall from the actual web server and cache them locally. This means that multiple servers can be used to mirror just one web server, which greatly improves the access time of the website. Subsequently, only one web server needs to be maintained while being safely behind the firewall.

It has been shown that an additional layer of input scrutiny placed before a web server can make marked improvements in security without prior knowledge of attacker intent or methods. By using an inventory of legitimate web resources as an access control list, the Jeanne Modified Reverse Proxy extensions to the Squid Proxy Server can, without requiring significant changes to the web servers themselves, defend against known and unknown Denial of Service, privilege escalation & information retrieval attacks while significantly reducing the workload of the web servers. As the software has been released under the terms of the GNU General Public License, it is available for use, distribution and further development by the general public without notice or consent.

Installation
Copyright (c) 2001 ISTS Dartmouth College

Permission is hereby granted, free of charge, to everyone obtaining a copy of this software and associated documentation files (the "Software"), to use and modify. Redistribution under conditions specified by ISTS is permitted provided that this copyright and permission notice is maintained, intact, in all copies and supporting documentation.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICLUAR PURPOSE AND NONINFRINGEMENT.

IN NO EVENT SHALL DARTMOUTH COLLEGE OR ITS EMPLOYEES BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OF OR OTHER DEALINGS WITH THE SOFTWARE.

  • Installation script 1: makeconf -- shell script to create a squid.conf file for Jeanne
  • [PDF] [Text]
  • Installation script 2: m_makeurls -- script to generate a customized version of the makeurls script.
  • [PDF] [Text]
  • Installation script 3: makegetlist -- script to generate a customized version of the getlist script.
  • [PDF] [Text]
  • makeinits -- script to install SysV Unix init scripts for squid and jeanne.
  • [PDF] [Text]
  • squid_init -- SysV Unix init script for squid and jeanne.
  • [PDF] [Text]
  • Makefile -- for the redirectors for squid 2.4
  • [Text]