CMS and security / privacy
Upcoming SlideShare
Loading in...5
×
 

CMS and security / privacy

on

  • 1,875 views

Vulnerabilities (statistic), Possible risks, What is security in a CMS, A lot of tips, Server / CMS funnel, ImpressCMS security features

Vulnerabilities (statistic), Possible risks, What is security in a CMS, A lot of tips, Server / CMS funnel, ImpressCMS security features

Statistics

Views

Total Views
1,875
Views on SlideShare
1,873
Embed Views
2

Actions

Likes
2
Downloads
10
Comments
0

1 Embed 2

http://localhost 2

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

CMS and security / privacy CMS and security / privacy Presentation Transcript

  • My Name is René Sato from the Project “ImpessCMS”. Thank you for visiting this presentation. Our topic is today: CMS and Security Welcome – CMS Security
  • CMS Security - overview
      Vulnerabilities (statistic) Possible risks What is security in a CMS A lot of tips Server / CMS funnel ImpressCMS security features
  • Vulnerabilities: the candidates
  • Vulnerabilities: CMS / year
  • Security is not a measure -> the question is subjective. Same like: What is „hot“ Security and money -> elaborate for the application -> but you have to protect the important informations Security and usability -> user access control is maybe a barrier -> Session-Timeout is not user friendly -> Password meter is confusing the visitor         But in the most of the case you need the elements. Therefore: Security is supposed to be part of the „master plan“ for a new Website. Therefore, always keep in mind security. What is security in a CMS
  • piracy (data theft) data loss image damage of your company identity theft / identity fraud unavailability of your website, after a attack attacks against users by the CMS possible risks
  • 10 tips and more
  • Use “.htaccess” and protect your folders A lot of tips - 1/10
  • Create a “robots.txt” and disallow folders A lot of tips – 2/10
  • Server error handling (401 – 505) with your CMS A lot of tips – 3/10
  • Change the META content for “generator” A lot of tips – 4/10
  • Create a difficult database prefix A lot of tips – 5/10
  • Enable SSL for their domain A lot of tips – 6/10
  • Use SFTP only A lot of tips – 7/10
  • Secure E-mail addresses in your website with “GD protection” or “reCaptcha” * don’t use a default admin as an access * pickup a secure password for the admin A lot of tips – 8/10
  • Ban all spamers and bots A lot of tips – 9/10
  • don’t use a default admin as an access and pickup a secure password for the admin Good passwords for your users A lot of tips – 10/10
  • Other tips Increase your awareness. Subscribe to your CMS Development Blog. It should be on your list of feed so you are updated about recent development, including security issues. Update. Your CMS takes only a few minutes to update, so spend some time at the end of the day to do so. I prefer to allocate some time in the weekend though. With update, I don’t mean just the core code, but also the plugins, libraries and or modules. Use supported themes. If you are not a theme designer, make sure you use a theme that is well supported so if there are problems you know who to run to for a solution. Backup often. There is no reason not to do so because you can easily schedule backups of your CMS database and files. Be safe rather than sorry. A lot of tips – other
  • Server / CMS funnel Web Server- Database- and CMS Security funnel 1. intelligent server security 2. database security 3. basic CMS configuration 4. CMS user groups 5. CMS user permissions 6. Module permissions 7. third-party libraries 8. check attacks 9. update your system 10. go back to 1.
  • * randomize database table prefix * separate sensitive data and place in “trust path” * randomize the “trust path” directory name * randomize the name of the secure data file * full integration with HTML Purifier (with options) * multiple password hash options, selectable by site * admin warnings for practices not followed * of course, protector module * session regeneration on login * using salt keys * protect email addresses against SPAM * handling of server-errors * the installer don't create a default admin * password meter (with security level) for the user * 17 password encryption (recommend is SHA256) ImpressCMS security features
  • Any questions? If not, I like to present you our ImpressCMS now... www.impresscms.org
  • Icons by: GNOME Desktop Created by: René Sato http://www.impresscms.de Thank you / Credits Thank you: skenow, phoenyx, Madfish, david Thank you to all Open Source CMS around the world.