Your SlideShare is downloading. ×
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Securing Drupal sites for Government Agencies
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Securing Drupal sites for Government Agencies

2,146

Published on

Published in: Technology, News & Politics
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,146
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
37
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Securing  Drupal  Sites  for  Government   Agencies   Acquia  Webinar   by  Cash  Williams  &  Jessica  Richmond    
  • 2. Introductions  Cash  Williams    Technical  Consultant    @CashWilliams  Jessica  Richmond    Sr.  Director,  Government    @jesrichmond    
  • 3. Agenda  •  Overview  of  Drupal  in  government  •  Drupal  &  Security  Overview  •  Keeping  Drupal  Secure  •  Code  VS  Config  •  Common  Recommendations  •  How  Acquia  Can  Help  •  Questions  &  Answers    
  • 4. Security  Considerations  Two  primary  areas  for  security:  •  Drupal  Configuration  and  Code   o  Building  the  site  in  a  secure  manner   o  Keeping  code  secure  •  Process   o  Best  practices   o  Achieving  C&A/A&A    
  • 5. Drupal  &  Security  •  Security  is  a  top  concern  for  government  •  Drupal  is  highly  secure   o  Community  Support   o  Drupal  Security  Team   o  Vendors   §  Workshops   §  Audits   §  Support  •  Drupal  Security  Whitepaper  http://drupalsecurityreport.org/  
  • 6. The  Drupal  Security  Release  Process  http://www.acquia.com/blog/keeping-­‐drupal-­‐secure  
  • 7. Staying  Informed  •  Security  annoucements  from  Drupal.org   o  Sign  up  on  your  drupal.org  account  profile  •  RSS  Feeds   o  http://drupal.org/node/406142    •  Drupal  Security  on  Twitter   o  @drupalsecurity  •  Update  Status  module   o  Core  module  
  • 8. Code  VS  Config  •  Secure  code  isnt  the  only  concern,  it  can  be  configured   insecurely  •  During  security  audits,  improper  site  configuration  has  been   found  to  cause  many  vulnerabilities  •  Custom  code  should  be  reviewed,  but  typically  isnt      
  • 9. Common  Configuration  Issues  •  Drupal  Permissions  •  Access  controls  for  Views  •  Text  Formats  (Input  Filters)    
  • 10. Common  Code  Issues  •  Menu  item  access  controls  •  Not  using  Form  API  •  Improper  use  of  Database  API    •  Output  sanitization    
  • 11. Module  Recommendations  •  Paranoia  -­‐  http://drupal.org/project/paranoia  •  Securepages  &  Securepages  Prevent  Hijack  -­‐   http://drupal.org/project/securepages    •  Security  Review  -­‐  http://drupal.org/project/security_review  •  Password  Policy  -­‐  http://drupal.org/project/password_policy    
  • 12. Module  Recommendations  •  PHPass  (Drupal  6  only)  -­‐  http://drupal.org/project/phpass  •  Login  Security  (Drupal  6  only)  -­‐   http://drupal.org/project/login_security  Full  list  of  security  modules:   http://drupalscout.com/knowledge-­‐base/contributed-­‐ modules-­‐securing-­‐your-­‐drupal-­‐site    
  • 13. How  Acquia  Can  Help  Professional  Services  • Security  Workshops   o  On-­‐site  security  training  •  Security  Audits   o  Pre-­‐launch  audits   o  Ongoing  post-­‐launch    
  • 14. Questions  &  Answers  
  • 15. Thank  you!         Cash:  cash.williams@acquia.com  @CashWilliams   Jessica:  jessica.richmond@acquia.com  @jesrichmond     For  more  information  visit:    http://www.acquia.com   eMail:    sales@acquia.com  or   Call:  888.9.ACQUIA   Follow  us:  @acquia   Today s  webinar  recording  will  be  posted  to: http://acquia.com/resources/recorded_webinars

×