Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Wordpress security webinar by Incapsula

Wordpress security webinar by Incapsula

  • Inicia sesión para ver los comentarios

  • Sé el primero en recomendar esto

Wordpress security webinar by Incapsula

  1. 1. Security Step #1 - Regularly Update EVERYTHING All Software should be updated Regularly including. Create a regular schedule to update patches for: ° WordPress ' Plugins 0 Web servers ) lncapsula
  2. 2. Security Step #2 - Implement Password Security ° Avoid Default UN/ Passwords ° Implement Strong Passwords > Goal: Hard to Guess / Hard to brute Force attack > Include — Mixed CASe > Include - NuMB3rS : - Include — SP3C!4LCh@RS > Use a password phrase - BowTies 4r3 Cool! ° Use different passwords for different sites ° Change your password periodically > '”Ca. D_8.U, '.e
  3. 3. Security Step #3 - Implement Multi-factor Authentication Problem - Lost or stolen passwords allow hackers to bypass your security measure um I w you “cow” 0 USIIIJAHI l°'| 'IO'I-UVUD (cm 5°'“"°" . .,, ..°. ,, ‘assess - Secure Admin areas with D , .,, ,,, .,, .. — “W ‘ A’ multi-factor authentication Email ENTER VERIFICATION coo: V bufinuvoau-unnI%. euuv I SMS noun-venue-you-tuna: -at-ta » Google Authenticator "“"‘°°' ““" — - Other ? Cl fig > '“Ce. e:3vJe
  4. 4. Security Step #4 — Use a Web Application Firewall (WAF) 80“'96% of all websites have high risk vulnerabilities 13% of websites can be compromised automatically Most wide spread vulnerabilities are 0 Cross-site Scripting - SQL Injection - Information Leakage - HTTP Response Splitting in . no ova -cup-x -pu~. uu. ‘4uIsvan. Auua—i. vs~uQ. v$sn—n , lncapsula
  5. 5. Security Step #4 - Use a Web Application Firewall (WAF) 0 WAFs provide similar protection as traditional network layer firewall but for a web application - Using a WAF can protect website from application layer hacking attempts - WAFs should be used in conjunction with traditional firewalls Non HTl‘P"HH'f'SAt1xt Ijtun HTTPJMTYPS Mud Standard Firewall > lncapsule
  6. 6. Security Step #5 Implement a DDoS mitigation Strategy ° DDoS attacks make your website completely inaccessible C i 2 Your Intemet 1.7% I m C: — = . _: ) Connection I = —. - - VourI$P YourSlte DDoS Traffic Legitimate Traffic - lll ll 0 If website availability is important to you, then DDoS protection should be too 0 Any application without a DDoS mitigation strategy is at risk > '“Ce.0&w'e
  7. 7. Security Step #6 - Use a Secure Hosting Environment Hacked Website Your Website Problem - If any site on a server is hacked, there's a chance that any other site on that same server could be vulnerable. > '“Ce.0e we
  8. 8. Security Step #6 - Use a Secure Hosting Environment Pick a Secure Hosting Provider that offers - Segregated environment (physically or logically) ° Network layer firewalls ' Vulnerability scanning > Infrastructure : - Servers : - Databases 2 Applications ° Backup Services ° Security Certification 7' SAS 70 Type II r- SSAE 16 Type II > Incapsula

×