SlideShare una empresa de Scribd logo

Seven steps to better security

Michael Pignataro
Michael Pignataro

Tom Canavan presents seven steps to improve CMS website security: 1) strengthen passwords, 2) remove unused extensions/users/permissions, 3) keep software patched, 4) review logs for attacks, 5) ensure proper file permissions, 6) backup and restore regularly, 7) monitor logs to detect issues. The document provides guidance on implementing each step, such as encouraging complex passwords, removing unneeded accounts, and checking for signs of intrusion in logs.

EducaciónTecnología
1 de 57
Descargar para leer sin conexión
Seven  steps  to  a  more  secure  CMS  Website  
  About    ‘corePHP’       Today’s  Topic,  Seven  steps  to  better  security     Three  Special  offers  at  end  of  presentation  
Tom  Canavan     •  Author  of  CMS  Security  Handbook   •  CMS  Security  Professional   •  Heavy  background  -­‐  Fortune  500  IT   •  Presenter  at  CMS  Expo     •  Former  CIO  
Number  of  sites  hacked  daily?   A)     5,000   B)     18,203   C)     910   D)     30,000   E)   3.14159265359   F)     None  of  the  above    
Source:  Sophos  Labs    
Admins  and  business  owners  state  they  care  but   They  fail  to:   ~   Do  it  at  all   Allocate  the  budget  to  do  it  right   Have  a  plan  if  something  happens  such  as  a  hack.  
Confidentiality   Integrity   Availability  
• Ensures  those  should  have   access  do.  Confidentiality   • We  know  if  information  is   modified  –  it  will  be  detected   Integrity   • Ensures  information  can  be   accessed  when  needed.   Availability  
• Ensures  those  should  have   access  do.  Confidentiality   • We  know  if  information  is   modified  –  it  will  be  detected   Integrity   • Ensures  information  can  be   accessed  when  needed.   Availability  
• Ensures  those  should  have   access  do.  Confidentiality   • We  know  if  information  is   modified  –  it  will  be  detected   Integrity   • Ensures  information  can  be   accessed  when  needed.   Availability  
Passwords Unused  Ext   Users   Permissions   Patching   Logs   Backup  &   Restore  
Complexity  is  key  -­‐    commonness  kills   http://labs.sucuri.net/dump/sshd_bruteforce_list.txt  
  Check  your  password  against  the  list     Set  Policy  to  change  admin  pw’s  often     Encourage  your  users  to  change  often     Strong  Password  Example:  %6dj;@l;g(     Consider  Installing  ‘corePHP’  JomDefender       Check  this  list  goo.gl/Nw2LIi  
  Check  the  following:     Ext/Modules/Plugins  that  are  NOT  in  use         Ext/Modules/Plugins    that  need  updating         Don’t  Ignore  Templates  and  Themes     If  not  in  use  –  uninstall  it  
Users:   •  Weakest  link   •  Admins   •  Non-­‐validated   •  Suspicious  accounts  
  Admin  user     Create  new  one  –  delete  old  default     Change  name     Check  for  ALL  users  assigned  admin     Review  logs  for  multiple  attempts    
  Verify  admin  accounts     Remove  or  demote  non  approved  admins     Create  new  one  –  delete  old  default     Check  for  ALL  users  assigned  admin     Review  user  accounts     Remove  any  UNUSED  FTP  Accounts     Change  FTP  password  –  frequently  (30  days)     Remove  any  Anonymous  FTP  users     Review  logs  for  brute  force  attempts  
  owner     Group       World  (or  all  users)   •  Owner  –permissions  for  owner  of  file/Dir   •  Group    -­‐  Applies  to  groups  been  assigned  to  file/Dir     •  World-­‐  Applies  to  all  other  users  on  the  system  
 “Asking  for  a  hacking”  
  Poor  administration     Compromised  systems      Poorly  Coded  Extensions     Simple  mistakes  
  Check  your  File  and  Directory  Permissions     644  and  755  are  ‘preferred  and  correct’   RETHINK  any  extension  or  hosts  that  require   you  to  set  your  files/dir’s  to  777  
A  patch  is  a  piece  of  software  designed  to  fix   problems  with,  or  update  a  computer  program   or  its  supporting  data.    This  includes  fixing  security  vulnerabilities   and  other  bugs,  and  improving  the  usability  or   performance.    
These  devices  in    your  own  shop   can  be  the  source  of  viral  and    malware  infections.    
  Update  your  CMS     Review  and  update  any  extensions     Check  with  HOST  on  server  updates     Apply  Desktop/Notebook/Mobile  updates     INSTALL  Reputable  (i.e.  not  free)  Virus   Scanner  
Apache  Access  Logs   FTP  Access  Logs   CMS  Specific  Logs   Errors  Logs  :  System,  Exim,  Login    (Joomla),  Watchdog  (Drupal)  
  Where  to  find:  
38.140.103.106 - - [29/aug/2013:11:07:06 -0500] "GET /templates/yoo_sphere/images/background/whitenoise/ noise_bg.jpg HTTP/1.1" 200 4302
38.140.103.106 - - [29/aug/2013:11:07:06 -0500] "GET /templates/yoo_sphere/images/background/whitenoise/ noise_bg.jpg HTTP/1.1" 200 4302 LogFormat "%h %l %u %t "%r" %>s %b" common
•  %h - 38.140.130.106 - This  is  the  SOURCE  IP   •  %l and %u “- -“ Means  no  information   •  %t - 29/aug/2013:11:07:06 -0500 Date  and  time  of  visit •  “%r% - METHOD  and  Resource  as  follows:   "GET/templates/yoo_sphere/images/background /whitenoise/noise_bg.jpg HTTP/1.1" •  >%s – 200 - Status  code  of  request. •  %b – 4302 - Amount in bytes transferred to client browser from your webserver.
38.140.103.106 - - [29/aug/2013:11:07:06 -0500] "GET /templates/yoo_sphere/images/background/whitenoise/gradient.svg HTTP/1.1" 200 508 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:21.0) Gecko/20100101 Firefox/21.0" Notice  the  additional  Information?  –  BROWSER  TYPE  
"GET /index.php? option=com_dshop&controller=fpage&task=flypage&idofitem =12+union+select +0,1,2,concat(0x26,0x26,0x26,0x25,0x25,0x25,username,0x3a, password,0x25,0x25,0x25,0x26,0x26,0x26),4,5,6,7+from+jos_users "GET /index.php?option=com_esearch&searchId=-1+union+select +1,group_concat(0x26,0x26,0x26,0x25,0x25,0x25,username, 0x3a,password,0x25,0x25,0x25,0x26,0x26,0x26), 3,4,5,6,7,8,9,10,11,12,13,14+from+jos_users "GET /index.php? option=com_markt&page=show_category&catid=7+union+select +0,1,concat(0x26,0x26,0x26,0x25,0x25,0x25,username, 0x3a,password,0x25,0x25,0x25,0x26,0x26,0x26),3,4,5,6,7,8+from +jos_users
111.32.23.23 - - [29/Jun/2013:02:25:42 -0500] "POST /administrator/index.php HTTP/1.1" 200 4421 111.32.23.23 - - [29/Jun/2013:02:25:43 -0500] "POST /administrator/index.php HTTP/1.1" 200 4421 111.32.23.23 - - [29/Jun/2013:02:25:43 -0500] "POST /administrator/index.php HTTP/1.1" 200 4421 111.32.23.23 - - [29/Jun/2013:02:25:49 -0500] "POST /administrator/index.php HTTP/1.1" 200 4421
  Learn  to  read  the  logs     Establish  a  policy  for  log  retention     Suggest  you  keep  at  least  30  days     Review  logs       Brute  force     Various  types  of  attacks     Other  issues  such  as  errors  
Possibly  the  BEST  step    you  can  take  to  protect  yourself..   Also  it  is  often  disregarded…  
Choose  ‘backup  wizard’  to  conduct  backups  and  restores   Choose  ‘backups’  to  access  individual  backup  archives   Methods:  
Use  ‘export’  to  “DUMP”    (backup)  your  SQL  DB   Use  ‘import’  to  restore  your  SQL  DB  
  Setup  backup  wizard  to  run  regularly  (cPanel)     Find  Amazon  backup  tool  for  your  CMS     Make  weekly  backups  of  files  AND  SQL  (ftp)  
  Choose  a  backup  method  and  use  it     Establish  backup  policy     Move  backups  OFF  the  server     Create  a  plan  /  documentation       How  will  you  restore  if  necessary?   ▪  Where  will  the  backups  be  stored?   ▪  Who  will  do  it   ▪  Think  “worst-­‐case”  scenario     Develop  a  test  plan  
  Security  Audit  and  Remediation  service      Log  Review       De-­‐Hack  (cleanup)     Patching  CMS/etc     Other  services     Custom  Joomla!,WordPress,  Drupal  Development     Website  Design     ‘corePHP’  services  -­‐  www.corephp.com/services/  
  Tele  :  269-­‐979-­‐5582    ext.  1     Write  us  :  sales@corephp.com     Browse  us:  http://www.corephp.com     Tweet  us  :  @corephp     Like  us  on  FB    facebook.com/corephp  
  10%  OFF  ‘corePHP’  Security  Offerings.       20%  OFF  all  Joomla!  products       USE  Coupon  code:  Security     Valid       Tuesday,  September  17th    -­‐  Sunday,  September   23rd  until  11:59  pm  
  Use  Code:  SAFESITE      (Please  keep  in  mind  that  it  is  case  sensitive)     20%  OFF  on  any  Joomlashack  product:     Templates,  Extensions,  Online  training,  and  Clubs.     Valid       Tuesday,  September  17th    -­‐Sunday,  September   22nd  until  11:59  pm  
  33%  discount  coupon  for  all  jVitals  products     Please  use  coupon  code     " jV-SECU-0001"       Valid  from  September  17th  -­‐  September  23nd  
Thank  You  

Recomendados

Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
Kayleigh Thorpe
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011
Vlad Lasky
 
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Vlad Lasky
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
SiteGround.com
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
WordCamp Cape Town
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
Vladimír Smitka
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
Peter Baylies
 
WordCamp Harare 2016 - Site Speed = Success
WordCamp Harare 2016 - Site Speed = SuccessWordCamp Harare 2016 - Site Speed = Success
WordCamp Harare 2016 - Site Speed = Success
Anthony Somerset
 

Recomendados

Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
Kayleigh Thorpe
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011
Vlad Lasky
 
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Vlad Lasky
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
SiteGround.com
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
WordCamp Cape Town
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
Vladimír Smitka
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
Peter Baylies
 
WordCamp Harare 2016 - Site Speed = Success
WordCamp Harare 2016 - Site Speed = SuccessWordCamp Harare 2016 - Site Speed = Success
WordCamp Harare 2016 - Site Speed = Success
Anthony Somerset
 
PowerShell-and-DSC-Enables-DSCDevOps-1.pptx
PowerShell-and-DSC-Enables-DSCDevOps-1.pptxPowerShell-and-DSC-Enables-DSCDevOps-1.pptx
PowerShell-and-DSC-Enables-DSCDevOps-1.pptx
prabhatthunuguntla
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
Michael Gough
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
BeyondTrust
 
CIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMCIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEM
ICF CIRCUIT
 
Joomla Security
Joomla SecurityJoomla Security
Joomla Security
ViryaTechnologies
 
Joomla Security
Joomla SecurityJoomla Security
Joomla Security
Ruth Cheesley
 
KACE Agent Architecture and Troubleshooting Overview
KACE Agent Architecture and Troubleshooting OverviewKACE Agent Architecture and Troubleshooting Overview
KACE Agent Architecture and Troubleshooting Overview
Dell World
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
edavid2685
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected
Tripwire
 
Deployment talk dpc 13
Deployment talk dpc 13Deployment talk dpc 13
Deployment talk dpc 13
Robbert van den Bogerd
 
Getting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessGetting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC Access
HelpSystems
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Vasile
 
abhayrastogiit
abhayrastogiitabhayrastogiit
abhayrastogiit
abhay rastogi
 
EuroPython 2014 Devops Risk Mitigation
EuroPython 2014 Devops Risk MitigationEuroPython 2014 Devops Risk Mitigation
EuroPython 2014 Devops Risk Mitigation
Schlomo Schapiro
 
Securing applications
Securing applicationsSecuring applications
Securing applications
ColdFusionConference
 
Securing Legacy CFML Code
Securing Legacy CFML CodeSecuring Legacy CFML Code
Securing Legacy CFML Code
ColdFusionConference
 
Securing Windows web servers
Securing Windows web serversSecuring Windows web servers
Securing Windows web servers
Information Technology
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxFOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptx
ssuser20fcbe
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
Disha Kariya
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
agholdier
 

Más contenido relacionado

Similar a Seven steps to better security

Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
BeyondTrust
 

Similar a Seven steps to better security (20)

PowerShell-and-DSC-Enables-DSCDevOps-1.pptx
PowerShell-and-DSC-Enables-DSCDevOps-1.pptxPowerShell-and-DSC-Enables-DSCDevOps-1.pptx
PowerShell-and-DSC-Enables-DSCDevOps-1.pptx
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
 
CIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMCIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEM
 
Joomla Security
Joomla SecurityJoomla Security
Joomla Security
 
Joomla Security
Joomla SecurityJoomla Security
Joomla Security
 
KACE Agent Architecture and Troubleshooting Overview
KACE Agent Architecture and Troubleshooting OverviewKACE Agent Architecture and Troubleshooting Overview
KACE Agent Architecture and Troubleshooting Overview
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected
 
Deployment talk dpc 13
Deployment talk dpc 13Deployment talk dpc 13
Deployment talk dpc 13
 
Getting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessGetting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC Access
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
 
abhayrastogiit
abhayrastogiitabhayrastogiit
abhayrastogiit
 
EuroPython 2014 Devops Risk Mitigation
EuroPython 2014 Devops Risk MitigationEuroPython 2014 Devops Risk Mitigation
EuroPython 2014 Devops Risk Mitigation
 
Securing applications
Securing applicationsSecuring applications
Securing applications
 
Securing Legacy CFML Code
Securing Legacy CFML CodeSecuring Legacy CFML Code
Securing Legacy CFML Code
 
Securing Windows web servers
Securing Windows web serversSecuring Windows web servers
Securing Windows web servers
 
Operating system security
Operating system securityOperating system security
Operating system security
 
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxFOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptx
 

Último

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
 

Último (20)

Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 

Seven steps to better security

  • 1. Seven  steps  to  a  more  secure  CMS  Website  
  • 2.
  • 3.   About    ‘corePHP’       Today’s  Topic,  Seven  steps  to  better  security     Three  Special  offers  at  end  of  presentation  
  • 4. Tom  Canavan     •  Author  of  CMS  Security  Handbook   •  CMS  Security  Professional   •  Heavy  background  -­‐  Fortune  500  IT   •  Presenter  at  CMS  Expo     •  Former  CIO  
  • 5. Number  of  sites  hacked  daily?   A)     5,000   B)     18,203   C)     910   D)     30,000   E)   3.14159265359   F)     None  of  the  above    
  • 7. Admins  and  business  owners  state  they  care  but   They  fail  to:   ~   Do  it  at  all   Allocate  the  budget  to  do  it  right   Have  a  plan  if  something  happens  such  as  a  hack.  
  • 9. • Ensures  those  should  have   access  do.  Confidentiality   • We  know  if  information  is   modified  –  it  will  be  detected   Integrity   • Ensures  information  can  be   accessed  when  needed.   Availability  
  • 10. • Ensures  those  should  have   access  do.  Confidentiality   • We  know  if  information  is   modified  –  it  will  be  detected   Integrity   • Ensures  information  can  be   accessed  when  needed.   Availability  
  • 11. • Ensures  those  should  have   access  do.  Confidentiality   • We  know  if  information  is   modified  –  it  will  be  detected   Integrity   • Ensures  information  can  be   accessed  when  needed.   Availability  
  • 12. Passwords Unused  Ext   Users   Permissions   Patching   Logs   Backup  &   Restore  
  • 13.
  • 14. Complexity  is  key  -­‐    commonness  kills   http://labs.sucuri.net/dump/sshd_bruteforce_list.txt  
  • 15.
  • 16.   Check  your  password  against  the  list     Set  Policy  to  change  admin  pw’s  often     Encourage  your  users  to  change  often     Strong  Password  Example:  %6dj;@l;g(     Consider  Installing  ‘corePHP’  JomDefender       Check  this  list  goo.gl/Nw2LIi  
  • 17.
  • 18.   Check  the  following:     Ext/Modules/Plugins  that  are  NOT  in  use         Ext/Modules/Plugins    that  need  updating         Don’t  Ignore  Templates  and  Themes     If  not  in  use  –  uninstall  it  
  • 19. Users:   •  Weakest  link   •  Admins   •  Non-­‐validated   •  Suspicious  accounts  
  • 20.   Admin  user     Create  new  one  –  delete  old  default     Change  name     Check  for  ALL  users  assigned  admin     Review  logs  for  multiple  attempts    
  • 21.
  • 22.   Verify  admin  accounts     Remove  or  demote  non  approved  admins     Create  new  one  –  delete  old  default     Check  for  ALL  users  assigned  admin     Review  user  accounts     Remove  any  UNUSED  FTP  Accounts     Change  FTP  password  –  frequently  (30  days)     Remove  any  Anonymous  FTP  users     Review  logs  for  brute  force  attempts  
  • 23.   owner     Group       World  (or  all  users)   •  Owner  –permissions  for  owner  of  file/Dir   •  Group    -­‐  Applies  to  groups  been  assigned  to  file/Dir     •  World-­‐  Applies  to  all  other  users  on  the  system  
  • 24.  “Asking  for  a  hacking”  
  • 25.   Poor  administration     Compromised  systems      Poorly  Coded  Extensions     Simple  mistakes  
  • 26.
  • 27.
  • 28.
  • 29.   Check  your  File  and  Directory  Permissions     644  and  755  are  ‘preferred  and  correct’   RETHINK  any  extension  or  hosts  that  require   you  to  set  your  files/dir’s  to  777  
  • 30.
  • 31. A  patch  is  a  piece  of  software  designed  to  fix   problems  with,  or  update  a  computer  program   or  its  supporting  data.    This  includes  fixing  security  vulnerabilities   and  other  bugs,  and  improving  the  usability  or   performance.    
  • 32. These  devices  in    your  own  shop   can  be  the  source  of  viral  and    malware  infections.    
  • 33.   Update  your  CMS     Review  and  update  any  extensions     Check  with  HOST  on  server  updates     Apply  Desktop/Notebook/Mobile  updates     INSTALL  Reputable  (i.e.  not  free)  Virus   Scanner  
  • 34.
  • 35. Apache  Access  Logs   FTP  Access  Logs   CMS  Specific  Logs   Errors  Logs  :  System,  Exim,  Login    (Joomla),  Watchdog  (Drupal)  
  • 36.
  • 37.   Where  to  find:  
  • 38.
  • 39. 38.140.103.106 - - [29/aug/2013:11:07:06 -0500] "GET /templates/yoo_sphere/images/background/whitenoise/ noise_bg.jpg HTTP/1.1" 200 4302
  • 40. 38.140.103.106 - - [29/aug/2013:11:07:06 -0500] "GET /templates/yoo_sphere/images/background/whitenoise/ noise_bg.jpg HTTP/1.1" 200 4302 LogFormat "%h %l %u %t "%r" %>s %b" common
  • 41. •  %h - 38.140.130.106 - This  is  the  SOURCE  IP   •  %l and %u “- -“ Means  no  information   •  %t - 29/aug/2013:11:07:06 -0500 Date  and  time  of  visit •  “%r% - METHOD  and  Resource  as  follows:   "GET/templates/yoo_sphere/images/background /whitenoise/noise_bg.jpg HTTP/1.1" •  >%s – 200 - Status  code  of  request. •  %b – 4302 - Amount in bytes transferred to client browser from your webserver.
  • 42. 38.140.103.106 - - [29/aug/2013:11:07:06 -0500] "GET /templates/yoo_sphere/images/background/whitenoise/gradient.svg HTTP/1.1" 200 508 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:21.0) Gecko/20100101 Firefox/21.0" Notice  the  additional  Information?  –  BROWSER  TYPE  
  • 44. 111.32.23.23 - - [29/Jun/2013:02:25:42 -0500] "POST /administrator/index.php HTTP/1.1" 200 4421 111.32.23.23 - - [29/Jun/2013:02:25:43 -0500] "POST /administrator/index.php HTTP/1.1" 200 4421 111.32.23.23 - - [29/Jun/2013:02:25:43 -0500] "POST /administrator/index.php HTTP/1.1" 200 4421 111.32.23.23 - - [29/Jun/2013:02:25:49 -0500] "POST /administrator/index.php HTTP/1.1" 200 4421
  • 45.   Learn  to  read  the  logs     Establish  a  policy  for  log  retention     Suggest  you  keep  at  least  30  days     Review  logs       Brute  force     Various  types  of  attacks     Other  issues  such  as  errors  
  • 46. Possibly  the  BEST  step    you  can  take  to  protect  yourself..   Also  it  is  often  disregarded…  
  • 47. Choose  ‘backup  wizard’  to  conduct  backups  and  restores   Choose  ‘backups’  to  access  individual  backup  archives   Methods:  
  • 48.
  • 49. Use  ‘export’  to  “DUMP”    (backup)  your  SQL  DB   Use  ‘import’  to  restore  your  SQL  DB  
  • 50.   Setup  backup  wizard  to  run  regularly  (cPanel)     Find  Amazon  backup  tool  for  your  CMS     Make  weekly  backups  of  files  AND  SQL  (ftp)  
  • 51.   Choose  a  backup  method  and  use  it     Establish  backup  policy     Move  backups  OFF  the  server     Create  a  plan  /  documentation       How  will  you  restore  if  necessary?   ▪  Where  will  the  backups  be  stored?   ▪  Who  will  do  it   ▪  Think  “worst-­‐case”  scenario     Develop  a  test  plan  
  • 52.   Security  Audit  and  Remediation  service      Log  Review       De-­‐Hack  (cleanup)     Patching  CMS/etc     Other  services     Custom  Joomla!,WordPress,  Drupal  Development     Website  Design     ‘corePHP’  services  -­‐  www.corephp.com/services/  
  • 53.   Tele  :  269-­‐979-­‐5582    ext.  1     Write  us  :  sales@corephp.com     Browse  us:  http://www.corephp.com     Tweet  us  :  @corephp     Like  us  on  FB    facebook.com/corephp  
  • 54.   10%  OFF  ‘corePHP’  Security  Offerings.       20%  OFF  all  Joomla!  products       USE  Coupon  code:  Security     Valid       Tuesday,  September  17th    -­‐  Sunday,  September   23rd  until  11:59  pm  
  • 55.   Use  Code:  SAFESITE      (Please  keep  in  mind  that  it  is  case  sensitive)     20%  OFF  on  any  Joomlashack  product:     Templates,  Extensions,  Online  training,  and  Clubs.     Valid       Tuesday,  September  17th    -­‐Sunday,  September   22nd  until  11:59  pm  
  • 56.   33%  discount  coupon  for  all  jVitals  products     Please  use  coupon  code     " jV-SECU-0001"       Valid  from  September  17th  -­‐  September  23nd