Security in Joomla! Ruth Cheesley Suffolk Computer Services [email_address]
Security in Joomla <ul><li>What do we mean by “security”? </li></ul><ul><li>Why bother? </li></ul><ul><li>What can I do to...
 
A balancing act?
What is Security? <ul><li>Authorised Access to data & files </li></ul><ul><li>Prevention of malicious attacks & unauthoris...
Why Bother?
Legal issues <ul><li>Data Protection Act 1998 </li></ul><ul><ul><li>Anyone who processes your information must comply with...
Professionalism <ul><li>Embarrassing and harmful to organisations’ image </li></ul><ul><li>The “Fear Factor” </li></ul>
Why target Joomla? <ul><li>Very popular Content Management System </li></ul><ul><li>Lots of “inexperienced” users  </li></...
How to keep my sites secure? <ul><li>ALWAYS get your installation files direct from Joomla.org </li></ul><ul><li>Use reput...
Finding a reliable host <ul><li>Consider your requirements </li></ul><ul><li>Shared v Dedicated Hosting </li></ul><ul><li>...
THOU SHALT BACK UP! <ul><li>Backups made as frequently as your site requires </li></ul><ul><li>Back up files AND database ...
What to do now? <ul><li>Create a new Super Administrator & delete original one (id 62) </li></ul><ul><li>Hide your adminis...
Must Read <ul><li>Security Checklist -  http://docs.joomla.org/Security_Checklist_1_-_Getting_Started   </li></ul><ul><li>...
Tools to help <ul><li>jSecure – hides your administrator page  http://www.joomlaserviceprovider.com/ </li></ul><ul><li>Laz...
Upcoming SlideShare
Loading in...5
×

Joomla Security

1,492

Published on

Ruth's Presentation on Joomla! Security

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,492
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
28
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Joomla Security

  1. 1. Security in Joomla! Ruth Cheesley Suffolk Computer Services [email_address]
  2. 2. Security in Joomla <ul><li>What do we mean by “security”? </li></ul><ul><li>Why bother? </li></ul><ul><li>What can I do to keep my sites secure? </li></ul>
  3. 4. A balancing act?
  4. 5. What is Security? <ul><li>Authorised Access to data & files </li></ul><ul><li>Prevention of malicious attacks & unauthorised access via </li></ul><ul><ul><li>SQL/Command Injection </li></ul></ul><ul><ul><li>Insecure passwords </li></ul></ul><ul><ul><li>OS vulnerabilities </li></ul></ul><ul><ul><li>Software vulnerabilities </li></ul></ul><ul><ul><li>Buffer Overflow </li></ul></ul><ul><ul><li>ETC! </li></ul></ul>
  5. 6. Why Bother?
  6. 7. Legal issues <ul><li>Data Protection Act 1998 </li></ul><ul><ul><li>Anyone who processes your information must comply with 8 principles, including </li></ul></ul><ul><ul><ul><li>Data must be kept securely </li></ul></ul></ul><ul><li>Heavy penalties for not taking appropriate measures to safeguard your data </li></ul><ul><li>No test cases for Joomla! sites yet..... </li></ul>
  7. 8. Professionalism <ul><li>Embarrassing and harmful to organisations’ image </li></ul><ul><li>The “Fear Factor” </li></ul>
  8. 9. Why target Joomla? <ul><li>Very popular Content Management System </li></ul><ul><li>Lots of “inexperienced” users </li></ul><ul><li>Lots of less-than-ideal security practices server-side </li></ul>
  9. 10. How to keep my sites secure? <ul><li>ALWAYS get your installation files direct from Joomla.org </li></ul><ul><li>Use reputable hosting providers – make sure all PHP settings are “Green” </li></ul><ul><li>ALWAYS check vulnerability list before installing extensions (esp. obscure ones!) </li></ul><ul><li>ALWAYS keep up to date with patches for Joomla and for ALL extensions (use mailing lists, etc) </li></ul>
  10. 11. Finding a reliable host <ul><li>Consider your requirements </li></ul><ul><li>Shared v Dedicated Hosting </li></ul><ul><li>Patching of servers (should be on PHP 5 & mySQL 5 at least </li></ul><ul><li>Backup & redundancy </li></ul><ul><li>Customer support 24/7 is VITAL </li></ul>
  11. 12. THOU SHALT BACK UP! <ul><li>Backups made as frequently as your site requires </li></ul><ul><li>Back up files AND database OFF SITE </li></ul><ul><li>ALWAYS back up prior to any upgrade – of ANYTHING! </li></ul>
  12. 13. What to do now? <ul><li>Create a new Super Administrator & delete original one (id 62) </li></ul><ul><li>Hide your administrator URL (jSecure) </li></ul><ul><li>Change your default admin username </li></ul><ul><li>Ensure system passwords are very strong (hosting a/c, database user, ftp, site admin) </li></ul>
  13. 14. Must Read <ul><li>Security Checklist - http://docs.joomla.org/Security_Checklist_1_-_Getting_Started </li></ul><ul><li>Joomla Security News - http://developer.joomla.org/security/news.html (subscribe at http://developer.joomla.org/security/news.html ) </li></ul>
  14. 15. Tools to help <ul><li>jSecure – hides your administrator page http://www.joomlaserviceprovider.com/ </li></ul><ul><li>LazyBackup 2 – emails a daily mysql dump http://www.lazybackup.net/ </li></ul><ul><li>EasySpamKiller – protects your site against attacks from known IP’s http://projects.easy-joomla.org/projects/easyspamkiller.html </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×