4. About us
● Kees Hink
● Plone developer since
January 2008
● Kim Chee Leong
● Plone developer since
May 2007
4
5. Introduction
● This talk is about:
● Making the Plone stack even more secure
● Not much about Plone itself
● How to get others to acknowledge that it's secure
● For who?
● New to Plone
● Marketing
● Developers
5
6. Overview of sections
● Why security?
● Our use case
● Plone
● Infrastructure
● Audits (and feedback)
6
7. The internet is evil
● Have to protect against:
● Cross site scripting
● Unencrypted connections
● Spoofing
● Password cracking
● Mail interception
● Server hacking
● SQL injection
7
9. Our use case
● Two portals:
● Plone as a DMS for online collaboration
– Largely standard Plone
– Alternative to Sharepoint
– Sensitive data
● Plone as a user friendly file upload system
– Document upload by suppliers
– User friendly upload
9
10. Security of default Plone
● Plone (Zope) is pretty secure by default
● Quantitative comparison:
– Track number of hits on Google
– See nr. of vulnerabilities in the National Vulnerability
Database
● Qualititative comparison:
– See article “security overview of plone” on
plone.org
10
13. Infrastructure
● Secure hosting
● Trusted hosting partner
● Secure hosting
● Dedicated servers
● Operating system
● Security updates
● Company procedures
● Who has access?
13
14. ● Only HTTPS port is
opened to the internet
● VPN-only access for
all except HTTPS
14
15. Infrastructure: OS
● Modifications on
Debian Linux to
enhance security
– Different system user
for each Zope instance
– Regular security
update
– Tighten filesystem
permissions
15
16. Infrastructure: Web server
● Apache
– HTTPS
– Get an SSL certificate
(Thawte, VeriSign)
– No rewrite rule for
Zope root
– Keep log files
16
19. Audits
● Document your
procedures
● We are using parts of
ITIL
● Get audits
● Technical audit
● Process audit
19
20. Technical security audit
●
Done by 3rd party
● They have a checklist
● They report back in a structured way
● Black box audit
● From outside, on Plone portal
● Crystal box audit
● On server, with root access
● Check user permissions, etc.
20
21. Recommendations for Plone
● Plone itself is pretty secure
● Modifications:
● Quota (file upload limit)
● Cookie settings (HTTPOnly, Secure), fixed with
Apache
● And, of course:
● disable self-registration, check workflow,
permissions, use LoginLockout
21
22. Recommendations outside Plone
● Modifications:
● Use HTTPS only (no redirects from HTTP)
● Paranoid user permission restrictions
● Caching header control
● And, of course:
● secure hosting, VPN, security updates, etc.
22
23. Technical audit final result
● We implemented these recommendations for the
next audit, which was tested again and approved:
23
24. Process security audit
● Done by our client's accountants
● Check processes:
● Talk about our server management documents
(esp. security-related)
● Talk about certification of hosting partner
● Talk to technical auditing party
● Talk to us, again...
24
27. Wrapping up
● Done:
● Think about how to secure our existing setup even
more
● Have specialists check our setup + procedures
● Implement their recommendations
● Result: Plone is officially 100% secure.
27