Uploaded on

Ruth's Presentation on Joomla! Security

Ruth's Presentation on Joomla! Security

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,364
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
27
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Security in Joomla! Ruth Cheesley Suffolk Computer Services [email_address]
  • 2. Security in Joomla
    • What do we mean by “security”?
    • Why bother?
    • What can I do to keep my sites secure?
  • 3.  
  • 4. A balancing act?
  • 5. What is Security?
    • Authorised Access to data & files
    • Prevention of malicious attacks & unauthorised access via
      • SQL/Command Injection
      • Insecure passwords
      • OS vulnerabilities
      • Software vulnerabilities
      • Buffer Overflow
      • ETC!
  • 6. Why Bother?
  • 7. Legal issues
    • Data Protection Act 1998
      • Anyone who processes your information must comply with 8 principles, including
        • Data must be kept securely
    • Heavy penalties for not taking appropriate measures to safeguard your data
    • No test cases for Joomla! sites yet.....
  • 8. Professionalism
    • Embarrassing and harmful to organisations’ image
    • The “Fear Factor”
  • 9. Why target Joomla?
    • Very popular Content Management System
    • Lots of “inexperienced” users
    • Lots of less-than-ideal security practices server-side
  • 10. How to keep my sites secure?
    • ALWAYS get your installation files direct from Joomla.org
    • Use reputable hosting providers – make sure all PHP settings are “Green”
    • ALWAYS check vulnerability list before installing extensions (esp. obscure ones!)
    • ALWAYS keep up to date with patches for Joomla and for ALL extensions (use mailing lists, etc)
  • 11. Finding a reliable host
    • Consider your requirements
    • Shared v Dedicated Hosting
    • Patching of servers (should be on PHP 5 & mySQL 5 at least
    • Backup & redundancy
    • Customer support 24/7 is VITAL
  • 12. THOU SHALT BACK UP!
    • Backups made as frequently as your site requires
    • Back up files AND database OFF SITE
    • ALWAYS back up prior to any upgrade – of ANYTHING!
  • 13. What to do now?
    • Create a new Super Administrator & delete original one (id 62)
    • Hide your administrator URL (jSecure)
    • Change your default admin username
    • Ensure system passwords are very strong (hosting a/c, database user, ftp, site admin)
  • 14. Must Read
    • Security Checklist - http://docs.joomla.org/Security_Checklist_1_-_Getting_Started
    • Joomla Security News - http://developer.joomla.org/security/news.html (subscribe at http://developer.joomla.org/security/news.html )
  • 15. Tools to help
    • jSecure – hides your administrator page http://www.joomlaserviceprovider.com/
    • LazyBackup 2 – emails a daily mysql dump http://www.lazybackup.net/
    • EasySpamKiller – protects your site against attacks from known IP’s http://projects.easy-joomla.org/projects/easyspamkiller.html