Your SlideShare is downloading. ×
0
Joomla Security
Joomla Security
Joomla Security
Joomla Security
Joomla Security
Joomla Security
Joomla Security
Joomla Security
Joomla Security
Joomla Security
Joomla Security
Joomla Security
Joomla Security
Joomla Security
Joomla Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Joomla Security

1,478

Published on

Ruth's Presentation on Joomla! Security

Ruth's Presentation on Joomla! Security

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,478
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
28
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security in Joomla! Ruth Cheesley Suffolk Computer Services [email_address]
  • 2. Security in Joomla <ul><li>What do we mean by “security”? </li></ul><ul><li>Why bother? </li></ul><ul><li>What can I do to keep my sites secure? </li></ul>
  • 3.  
  • 4. A balancing act?
  • 5. What is Security? <ul><li>Authorised Access to data & files </li></ul><ul><li>Prevention of malicious attacks & unauthorised access via </li></ul><ul><ul><li>SQL/Command Injection </li></ul></ul><ul><ul><li>Insecure passwords </li></ul></ul><ul><ul><li>OS vulnerabilities </li></ul></ul><ul><ul><li>Software vulnerabilities </li></ul></ul><ul><ul><li>Buffer Overflow </li></ul></ul><ul><ul><li>ETC! </li></ul></ul>
  • 6. Why Bother?
  • 7. Legal issues <ul><li>Data Protection Act 1998 </li></ul><ul><ul><li>Anyone who processes your information must comply with 8 principles, including </li></ul></ul><ul><ul><ul><li>Data must be kept securely </li></ul></ul></ul><ul><li>Heavy penalties for not taking appropriate measures to safeguard your data </li></ul><ul><li>No test cases for Joomla! sites yet..... </li></ul>
  • 8. Professionalism <ul><li>Embarrassing and harmful to organisations’ image </li></ul><ul><li>The “Fear Factor” </li></ul>
  • 9. Why target Joomla? <ul><li>Very popular Content Management System </li></ul><ul><li>Lots of “inexperienced” users </li></ul><ul><li>Lots of less-than-ideal security practices server-side </li></ul>
  • 10. How to keep my sites secure? <ul><li>ALWAYS get your installation files direct from Joomla.org </li></ul><ul><li>Use reputable hosting providers – make sure all PHP settings are “Green” </li></ul><ul><li>ALWAYS check vulnerability list before installing extensions (esp. obscure ones!) </li></ul><ul><li>ALWAYS keep up to date with patches for Joomla and for ALL extensions (use mailing lists, etc) </li></ul>
  • 11. Finding a reliable host <ul><li>Consider your requirements </li></ul><ul><li>Shared v Dedicated Hosting </li></ul><ul><li>Patching of servers (should be on PHP 5 & mySQL 5 at least </li></ul><ul><li>Backup & redundancy </li></ul><ul><li>Customer support 24/7 is VITAL </li></ul>
  • 12. THOU SHALT BACK UP! <ul><li>Backups made as frequently as your site requires </li></ul><ul><li>Back up files AND database OFF SITE </li></ul><ul><li>ALWAYS back up prior to any upgrade – of ANYTHING! </li></ul>
  • 13. What to do now? <ul><li>Create a new Super Administrator & delete original one (id 62) </li></ul><ul><li>Hide your administrator URL (jSecure) </li></ul><ul><li>Change your default admin username </li></ul><ul><li>Ensure system passwords are very strong (hosting a/c, database user, ftp, site admin) </li></ul>
  • 14. Must Read <ul><li>Security Checklist - http://docs.joomla.org/Security_Checklist_1_-_Getting_Started </li></ul><ul><li>Joomla Security News - http://developer.joomla.org/security/news.html (subscribe at http://developer.joomla.org/security/news.html ) </li></ul>
  • 15. Tools to help <ul><li>jSecure – hides your administrator page http://www.joomlaserviceprovider.com/ </li></ul><ul><li>LazyBackup 2 – emails a daily mysql dump http://www.lazybackup.net/ </li></ul><ul><li>EasySpamKiller – protects your site against attacks from known IP’s http://projects.easy-joomla.org/projects/easyspamkiller.html </li></ul>

×