• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Joomla Security
 

Joomla Security

on

  • 1,858 views

Ruth's Presentation on Joomla! Security

Ruth's Presentation on Joomla! Security

Statistics

Views

Total Views
1,858
Views on SlideShare
1,850
Embed Views
8

Actions

Likes
0
Downloads
24
Comments
0

4 Embeds 8

http://www.suffolkcomputerservices.co.uk 3
http://www.slideshare.net 2
http://www.linkedin.com 2
http://www.lmodules.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Joomla Security Joomla Security Presentation Transcript

    • Security in Joomla! Ruth Cheesley Suffolk Computer Services [email_address]
    • Security in Joomla
      • What do we mean by “security”?
      • Why bother?
      • What can I do to keep my sites secure?
    •  
    • A balancing act?
    • What is Security?
      • Authorised Access to data & files
      • Prevention of malicious attacks & unauthorised access via
        • SQL/Command Injection
        • Insecure passwords
        • OS vulnerabilities
        • Software vulnerabilities
        • Buffer Overflow
        • ETC!
    • Why Bother?
    • Legal issues
      • Data Protection Act 1998
        • Anyone who processes your information must comply with 8 principles, including
          • Data must be kept securely
      • Heavy penalties for not taking appropriate measures to safeguard your data
      • No test cases for Joomla! sites yet.....
    • Professionalism
      • Embarrassing and harmful to organisations’ image
      • The “Fear Factor”
    • Why target Joomla?
      • Very popular Content Management System
      • Lots of “inexperienced” users
      • Lots of less-than-ideal security practices server-side
    • How to keep my sites secure?
      • ALWAYS get your installation files direct from Joomla.org
      • Use reputable hosting providers – make sure all PHP settings are “Green”
      • ALWAYS check vulnerability list before installing extensions (esp. obscure ones!)
      • ALWAYS keep up to date with patches for Joomla and for ALL extensions (use mailing lists, etc)
    • Finding a reliable host
      • Consider your requirements
      • Shared v Dedicated Hosting
      • Patching of servers (should be on PHP 5 & mySQL 5 at least
      • Backup & redundancy
      • Customer support 24/7 is VITAL
    • THOU SHALT BACK UP!
      • Backups made as frequently as your site requires
      • Back up files AND database OFF SITE
      • ALWAYS back up prior to any upgrade – of ANYTHING!
    • What to do now?
      • Create a new Super Administrator & delete original one (id 62)
      • Hide your administrator URL (jSecure)
      • Change your default admin username
      • Ensure system passwords are very strong (hosting a/c, database user, ftp, site admin)
    • Must Read
      • Security Checklist - http://docs.joomla.org/Security_Checklist_1_-_Getting_Started
      • Joomla Security News - http://developer.joomla.org/security/news.html (subscribe at http://developer.joomla.org/security/news.html )
    • Tools to help
      • jSecure – hides your administrator page http://www.joomlaserviceprovider.com/
      • LazyBackup 2 – emails a daily mysql dump http://www.lazybackup.net/
      • EasySpamKiller – protects your site against attacks from known IP’s http://projects.easy-joomla.org/projects/easyspamkiller.html