Joomla Security
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Joomla Security

on

  • 1,928 views

Ruth's Presentation on Joomla! Security

Ruth's Presentation on Joomla! Security

Statistics

Views

Total Views
1,928
Views on SlideShare
1,920
Embed Views
8

Actions

Likes
0
Downloads
27
Comments
0

4 Embeds 8

http://www.suffolkcomputerservices.co.uk 3
http://www.slideshare.net 2
http://www.linkedin.com 2
http://www.lmodules.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Joomla Security Presentation Transcript

  • 1. Security in Joomla! Ruth Cheesley Suffolk Computer Services [email_address]
  • 2. Security in Joomla
    • What do we mean by “security”?
    • Why bother?
    • What can I do to keep my sites secure?
  • 3.  
  • 4. A balancing act?
  • 5. What is Security?
    • Authorised Access to data & files
    • Prevention of malicious attacks & unauthorised access via
      • SQL/Command Injection
      • Insecure passwords
      • OS vulnerabilities
      • Software vulnerabilities
      • Buffer Overflow
      • ETC!
  • 6. Why Bother?
  • 7. Legal issues
    • Data Protection Act 1998
      • Anyone who processes your information must comply with 8 principles, including
        • Data must be kept securely
    • Heavy penalties for not taking appropriate measures to safeguard your data
    • No test cases for Joomla! sites yet.....
  • 8. Professionalism
    • Embarrassing and harmful to organisations’ image
    • The “Fear Factor”
  • 9. Why target Joomla?
    • Very popular Content Management System
    • Lots of “inexperienced” users
    • Lots of less-than-ideal security practices server-side
  • 10. How to keep my sites secure?
    • ALWAYS get your installation files direct from Joomla.org
    • Use reputable hosting providers – make sure all PHP settings are “Green”
    • ALWAYS check vulnerability list before installing extensions (esp. obscure ones!)
    • ALWAYS keep up to date with patches for Joomla and for ALL extensions (use mailing lists, etc)
  • 11. Finding a reliable host
    • Consider your requirements
    • Shared v Dedicated Hosting
    • Patching of servers (should be on PHP 5 & mySQL 5 at least
    • Backup & redundancy
    • Customer support 24/7 is VITAL
  • 12. THOU SHALT BACK UP!
    • Backups made as frequently as your site requires
    • Back up files AND database OFF SITE
    • ALWAYS back up prior to any upgrade – of ANYTHING!
  • 13. What to do now?
    • Create a new Super Administrator & delete original one (id 62)
    • Hide your administrator URL (jSecure)
    • Change your default admin username
    • Ensure system passwords are very strong (hosting a/c, database user, ftp, site admin)
  • 14. Must Read
    • Security Checklist - http://docs.joomla.org/Security_Checklist_1_-_Getting_Started
    • Joomla Security News - http://developer.joomla.org/security/news.html (subscribe at http://developer.joomla.org/security/news.html )
  • 15. Tools to help
    • jSecure – hides your administrator page http://www.joomlaserviceprovider.com/
    • LazyBackup 2 – emails a daily mysql dump http://www.lazybackup.net/
    • EasySpamKiller – protects your site against attacks from known IP’s http://projects.easy-joomla.org/projects/easyspamkiller.html