Seven steps to better security
0 likes681 views
Tom Canavan presents seven steps to improve CMS website security: 1) strengthen passwords, 2) remove unused extensions/users/permissions, 3) keep software patched, 4) review logs for attacks, 5) ensure proper file permissions, 6) backup and restore regularly, 7) monitor logs to detect issues. The document provides guidance on implementing each step, such as encouraging complex passwords, removing unneeded accounts, and checking for signs of intrusion in logs.
![38.140.103.106 - - [29/aug/2013:11:07:06 -0500]
"GET /templates/yoo_sphere/images/background/whitenoise/
noise_bg.jpg
HTTP/1.1" 200 4302](https://image.slidesharecdn.com/sevenstepstobettersecurity-130918075706-phpapp01/85/Seven-steps-to-better-security-39-320.jpg)
![38.140.103.106 - - [29/aug/2013:11:07:06 -0500]
"GET /templates/yoo_sphere/images/background/whitenoise/
noise_bg.jpg
HTTP/1.1" 200 4302
LogFormat "%h %l %u %t "%r" %>s %b" common](https://image.slidesharecdn.com/sevenstepstobettersecurity-130918075706-phpapp01/85/Seven-steps-to-better-security-40-320.jpg)
![38.140.103.106 - - [29/aug/2013:11:07:06 -0500]
"GET /templates/yoo_sphere/images/background/whitenoise/gradient.svg
HTTP/1.1"
200 508
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:21.0)
Gecko/20100101 Firefox/21.0"
Notice
the
additional
Information?
–
BROWSER
TYPE](https://image.slidesharecdn.com/sevenstepstobettersecurity-130918075706-phpapp01/85/Seven-steps-to-better-security-42-320.jpg)
![111.32.23.23 - - [29/Jun/2013:02:25:42 -0500]
"POST /administrator/index.php HTTP/1.1" 200 4421
111.32.23.23 - - [29/Jun/2013:02:25:43 -0500]
"POST /administrator/index.php HTTP/1.1" 200 4421
111.32.23.23 - - [29/Jun/2013:02:25:43 -0500]
"POST /administrator/index.php HTTP/1.1" 200 4421
111.32.23.23 - - [29/Jun/2013:02:25:49 -0500]
"POST /administrator/index.php HTTP/1.1" 200 4421](https://image.slidesharecdn.com/sevenstepstobettersecurity-130918075706-phpapp01/85/Seven-steps-to-better-security-44-320.jpg)
Seven steps to better security
- 1. Seven steps to a more secure CMS Website
- 3. About ‘corePHP’ Today’s Topic, Seven steps to better security Three Special offers at end of presentation
- 4. Tom Canavan • Author of CMS Security Handbook • CMS Security Professional • Heavy background -‐ Fortune 500 IT • Presenter at CMS Expo • Former CIO
- 5. Number of sites hacked daily? A) 5,000 B) 18,203 C) 910 D) 30,000 E) 3.14159265359 F) None of the above
- 7. Admins and business owners state they care but They fail to: ~ Do it at all Allocate the budget to do it right Have a plan if something happens such as a hack.
- 9. • Ensures those should have access do. Confidentiality • We know if information is modified – it will be detected Integrity • Ensures information can be accessed when needed. Availability
- 10. • Ensures those should have access do. Confidentiality • We know if information is modified – it will be detected Integrity • Ensures information can be accessed when needed. Availability
- 11. • Ensures those should have access do. Confidentiality • We know if information is modified – it will be detected Integrity • Ensures information can be accessed when needed. Availability
- 12. Passwords Unused Ext Users Permissions Patching Logs Backup & Restore
- 14. Complexity is key -‐ commonness kills http://labs.sucuri.net/dump/sshd_bruteforce_list.txt
- 16. Check your password against the list Set Policy to change admin pw’s often Encourage your users to change often Strong Password Example: %6dj;@l;g( Consider Installing ‘corePHP’ JomDefender Check this list goo.gl/Nw2LIi
- 18. Check the following: Ext/Modules/Plugins that are NOT in use Ext/Modules/Plugins that need updating Don’t Ignore Templates and Themes If not in use – uninstall it
- 19. Users: • Weakest link • Admins • Non-‐validated • Suspicious accounts
- 20. Admin user Create new one – delete old default Change name Check for ALL users assigned admin Review logs for multiple attempts
- 22. Verify admin accounts Remove or demote non approved admins Create new one – delete old default Check for ALL users assigned admin Review user accounts Remove any UNUSED FTP Accounts Change FTP password – frequently (30 days) Remove any Anonymous FTP users Review logs for brute force attempts
- 23. owner Group World (or all users) • Owner –permissions for owner of file/Dir • Group -‐ Applies to groups been assigned to file/Dir • World-‐ Applies to all other users on the system
- 24. “Asking for a hacking”
- 25. Poor administration Compromised systems Poorly Coded Extensions Simple mistakes
- 29. Check your File and Directory Permissions 644 and 755 are ‘preferred and correct’ RETHINK any extension or hosts that require you to set your files/dir’s to 777
- 31. A patch is a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance.
- 32. These devices in your own shop can be the source of viral and malware infections.
- 33. Update your CMS Review and update any extensions Check with HOST on server updates Apply Desktop/Notebook/Mobile updates INSTALL Reputable (i.e. not free) Virus Scanner
- 35. Apache Access Logs FTP Access Logs CMS Specific Logs Errors Logs : System, Exim, Login (Joomla), Watchdog (Drupal)
- 37. Where to find:
- 39. 38.140.103.106 - - [29/aug/2013:11:07:06 -0500] "GET /templates/yoo_sphere/images/background/whitenoise/ noise_bg.jpg HTTP/1.1" 200 4302
- 40. 38.140.103.106 - - [29/aug/2013:11:07:06 -0500] "GET /templates/yoo_sphere/images/background/whitenoise/ noise_bg.jpg HTTP/1.1" 200 4302 LogFormat "%h %l %u %t "%r" %>s %b" common
- 41. • %h - 38.140.130.106 - This is the SOURCE IP • %l and %u “- -“ Means no information • %t - 29/aug/2013:11:07:06 -0500 Date and time of visit • “%r% - METHOD and Resource as follows: "GET/templates/yoo_sphere/images/background /whitenoise/noise_bg.jpg HTTP/1.1" • >%s – 200 - Status code of request. • %b – 4302 - Amount in bytes transferred to client browser from your webserver.
- 42. 38.140.103.106 - - [29/aug/2013:11:07:06 -0500] "GET /templates/yoo_sphere/images/background/whitenoise/gradient.svg HTTP/1.1" 200 508 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:21.0) Gecko/20100101 Firefox/21.0" Notice the additional Information? – BROWSER TYPE
- 43. "GET /index.php? option=com_dshop&controller=fpage&task=flypage&idofitem =12+union+select +0,1,2,concat(0x26,0x26,0x26,0x25,0x25,0x25,username,0x3a, password,0x25,0x25,0x25,0x26,0x26,0x26),4,5,6,7+from+jos_users "GET /index.php?option=com_esearch&searchId=-1+union+select +1,group_concat(0x26,0x26,0x26,0x25,0x25,0x25,username, 0x3a,password,0x25,0x25,0x25,0x26,0x26,0x26), 3,4,5,6,7,8,9,10,11,12,13,14+from+jos_users "GET /index.php? option=com_markt&page=show_category&catid=7+union+select +0,1,concat(0x26,0x26,0x26,0x25,0x25,0x25,username, 0x3a,password,0x25,0x25,0x25,0x26,0x26,0x26),3,4,5,6,7,8+from +jos_users
- 44. 111.32.23.23 - - [29/Jun/2013:02:25:42 -0500] "POST /administrator/index.php HTTP/1.1" 200 4421 111.32.23.23 - - [29/Jun/2013:02:25:43 -0500] "POST /administrator/index.php HTTP/1.1" 200 4421 111.32.23.23 - - [29/Jun/2013:02:25:43 -0500] "POST /administrator/index.php HTTP/1.1" 200 4421 111.32.23.23 - - [29/Jun/2013:02:25:49 -0500] "POST /administrator/index.php HTTP/1.1" 200 4421
- 45. Learn to read the logs Establish a policy for log retention Suggest you keep at least 30 days Review logs Brute force Various types of attacks Other issues such as errors
- 46. Possibly the BEST step you can take to protect yourself.. Also it is often disregarded…
- 47. Choose ‘backup wizard’ to conduct backups and restores Choose ‘backups’ to access individual backup archives Methods:
- 49. Use ‘export’ to “DUMP” (backup) your SQL DB Use ‘import’ to restore your SQL DB
- 50. Setup backup wizard to run regularly (cPanel) Find Amazon backup tool for your CMS Make weekly backups of files AND SQL (ftp)
- 51. Choose a backup method and use it Establish backup policy Move backups OFF the server Create a plan / documentation How will you restore if necessary? ▪ Where will the backups be stored? ▪ Who will do it ▪ Think “worst-‐case” scenario Develop a test plan
- 52. Security Audit and Remediation service Log Review De-‐Hack (cleanup) Patching CMS/etc Other services Custom Joomla!,WordPress, Drupal Development Website Design ‘corePHP’ services -‐ www.corephp.com/services/
- 53. Tele : 269-‐979-‐5582 ext. 1 Write us : sales@corephp.com Browse us: http://www.corephp.com Tweet us : @corephp Like us on FB facebook.com/corephp
- 54. 10% OFF ‘corePHP’ Security Offerings. 20% OFF all Joomla! products USE Coupon code: Security Valid Tuesday, September 17th -‐ Sunday, September 23rd until 11:59 pm
- 55. Use Code: SAFESITE (Please keep in mind that it is case sensitive) 20% OFF on any Joomlashack product: Templates, Extensions, Online training, and Clubs. Valid Tuesday, September 17th -‐Sunday, September 22nd until 11:59 pm
- 56. 33% discount coupon for all jVitals products Please use coupon code " jV-SECU-0001" Valid from September 17th -‐ September 23nd
- 57. Thank You